Soob

Politics, Foreign Policy, Current Events and Occasional Outbursts Lacking Couth

Sunday, April 20, 2008

Civilian Mobile Phone Hacking

For those interested in signals intelligence and electronic warfare this post from O'Reilly Rader is a must.

There is going to be mobile phone scanning software online. The implications of such software are huge. One part of me says "Awesome, a new toy to play with." The other half says "This is going to be banned on every country on earth." Although they can try ban it, but once the software is out there ...

5 comments:

fabius.maximus.cunctator said...

Münzenberg:

Thx very much indeed for pointing this out.

It was only to be expected, of course. Now for the hard part - what are the implications for users of GSM technology ? Not just privacy, mind, although one shouldn`t underrate its importance.
All of us who conduct confidential business over their mobile phone (lawyers, engineers, business people of all sorts etc.) will have to reflect on this.

Münzenberg said...

Fabius, thank you for the comment. I enjoy reading your blog.

The implications of this technology will be very wide ranging as you have pointed out. Time will also be another factor I'd imagine. Strictly speaking a person who has this technology doesn't have to intercept a call when it is made. I could set up a remote antenna outside a target organisation for a month or two snapping mobile phone calls out of the electromagnetic spectrum and store it in a computer and decrypt it later on (it'd be a massive memory intensive exercise but not beyond someone with a couple of thousand dollars and the time to do it). It wouldn't be real time intelligence but it'd give me a good overview of what is happening within a certain geographic area.

fabius.maximus.cunctator said...

Münzenberg:

Ouch! At present, I comment more on other people`s blogs than I blog - the chap whose blog you are probably reading (FabiusMaximus) is a US based academic while I am an EU based commercial lawyer cum exec (or the other way round) with an interest in defence, int`l and intel issues. Similiarity (almost) of names is unintentional of course. Now I do feel like a fake Breitling...

Thx for the additional info anyhow. That, of course, is exactly the point. I am not that important myself but some of the stuff I work on and talk about on my mobile might be sensitive enough to warrant a cpl of thou. There are lots of people who cd say that about themselves of course.

When sbody like myself uses his mobile he is not at his place of work or even near. On the other hand if the potential eavesdropper knows which organisation he may call cd just get set up near there, a law firm p.ex. and get some info that way.

Any more on this from public sources on the net to your knowledge ?

subadei said...

Imagine the possibilities for blackmail and even, in some cases, political ruin.

I remember being able to pick up cordless phones using a scanner. Simply stroll through the higher frequencies (or consult the phones manual) until you hit upon it. In fact, I had a friend who wanted to monitor his gf's calls as he was a tad suspicious of her. I suggested using a hidden away scanner and taping a voice activated recorder to it.

Of course cordless technology improved with higher frequencies. Perhaps cell technology will follow suit.

Münzenberg said...

fabius, that's my fault, I assumed you were the same guy without realizing anybody can be named anyone on the net. It's all cool.

Re: other sources. There will be chatter amongst phone phreaking forums and the mobile hacking communities. The main group is that wiki.thc group though. So it'd be best to get it straight from the source. Forbes had an article on it as well google "wiretapping made easy," which is the name of the article.

Also google "GSM researcher stopped at Heathrow" for an account of one of the researchers being stopped by security services.

Jay, yeah it's kinda crazy. Combine this software with other software out there and you could build up private databases of information people don't want out there. One that comes to mind is a recent bluetooth exploit which allows anyone using the software to snap a mobile users address book out of the air if they have their bluetooth on. You could build up a virtual "little black book" on some people that way.