Listening to and protecting mobile phones
What are the options for listening to conversations on a mobile phone, how can you be protected from such attacks, and how can the subscriber determine that his phone may be tapped? Due to the recent wave of espionage scandals, these issues are again relevant. The journalists appealed to the operators of the Ukrainian mobile communications with a request to explain how to behave to the subscriber in such cases.
It was striking that almost all the operators addressed by the journalists simply could not give answers to the questions asked. The only company that agreed to help was representatives of MTS Ukraine. The Life :) operator didn’t respond to the request at all, but Kyivstar was told that they are not experts in such matters, and that such questions should be addressed to special state services (read, Ministry of Internal Affairs, Security Service of Ukraine, etc. ) The article below also used information on listening to mobile phones, obtained from public sources.
In the development of GSM technology, as well as at the stage of its implementation, all requirements from the controlling state were taken into account. authorities to the level of protection. It is precisely because of these requirements that the sale and purchase of special equipment, like powerful encryptors, crypto equipment, scramblers, as well as very protected technologies for public communication, is prohibited in many countries of the world. But mobile operators themselves protect their radio channels using signal encryption methods. Encryption uses very complex algorithms. What kind of cryptographic algorithm will be encrypted is selected at the stage when the connection is established between the base station and the subscriber. The degree of probability of a subscriber’s information leakage from the operator’s equipment, as MTS employees assured the journalists, that it is practically zero. Why to zero, we asked - and all because of the complexity and control over access to the facilities and equipment of the operator.
In total there are two methods of wiretapping subscribers - this is the active method, and the passive method. When listening to a subscriber passively, you need to use very expensive equipment and have specially trained employees. If you have money (read - big money) on the “black market” you can purchase special complexes, using which you can listen to conversations of any subscriber within a radius of up to 500 meters. Ask why you need to have a lot of money? The answer is simple - the price of one such set starts from several hundreds of thousands of euros. What this kit looks like is seen in the following photo. In the network there are many sites where you can find a description and principle of operation of such sets and listening systems.
')
As manufacturers of such listening systems convince, their systems can track GSM-conversations in real time, because the principle of operation of the equipment is based on access to the SIM card of a mobile subscriber, or directly to the database of the cellular operator itself. Although, if there is no such access for those who listen to you, they can listen to all your conversations with some delay. The amount of delay depends on the level of encryption of the communication channel that an operator uses. Similar systems can also be mobile centers for listening and tracking the movement of objects.
The second method of wiretapping is active intervention directly on the air on the authentication process and control protocols. For this purpose, special mobile complexes are used. Such mobile systems, which, in fact, are a pair of specially modified phones and a laptop, despite their apparent simplicity and small size, are also an expensive pleasure - their price varies from a couple of tens of thousands to several hundred thousand US dollars. And again, only highly qualified specialists in the field of communications can work on such equipment.
The attack on the subscriber is carried out according to the following principle: since the complex is mobile and is located close to the subscriber - up to 500 meters - it “intercepts” the signals for establishing a connection and transmitting data, replacing the base station of the operator. In essence, the complex itself becomes a “bridge” between the nearest base station and the subscriber himself.
After “capturing” the desired mobile subscriber in this way, this complex can actually perform any control function over the intercepted channel: for example, connect the listener with any number necessary for those who listen to the number, lower the crypto-encryption algorithm, or disable this encryption altogether for a specific communication session and t .d
How about looks like a similar complex - seen in the photo below.
As the experts shared, 100% to determine that the subscriber’s phone is tapped at this particular moment is impossible. But, it is possible to obtain indirect evidence that may indicate that there is such a probability. In the recent past, some mobile models (namely, push-button telephones) had in their functionality a special character-icon in the form of a lock. If the lock was closed, then the signal goes in encrypted form, and vice versa - if the lock is open ... well, you yourself understood everything.
But already in the phones over the past 5-6 years there is no such function ... A pity. Although, for some models of smartphones special applications are provided that will signal to the owner of the phone about the configuration of the settings used in the current communication session. One of the options is to notify the user about the mode in which his conversation is transmitted - using encryption algorithms or openly. Listed below are a few of these applications:
It is one of the most powerful applications to protect your mobile from wiretapping. This program prevents any connections to false base stations. To determine the reliability of the station, verification of signatures and station identifiers is used. In addition, the program independently monitors and remembers the location of all base stations and if it detects that a base is moving around the city, or its signal disappears from time to time from its location - this base is marked as false and suspicious and the application will notify the owner phone. Another useful feature of the program is the ability to show which of the applications and programs installed on the phone have access to the video camera and microphone of your phone. There is also a function to disable (prohibit) access of any unnecessary software to the camera.
This program is different from the previous one and its main function is to track any suspicious activity on the network, including when using SMS, which can be sent without the permission of the phone owner. The application in real time assesses how your network is secure and what encryption algorithm is used at that moment, and much more.
This application also helps protect your smartphone from any connections to pseudo-bases. The only drawback of this program is that you will not find it on Google Play and if you still want to install it, you will have to tinker with this procedure.
The CatcherCatcher program, like its counterparts above, is engaged in identifying spurious base stations that attackers (or special services?) Use as intermediate “intermediary bridges” between the subscriber and the real base station.
And lastly, experts also recommended using special applications to ensure the security of personal conversations and data, including - to encrypt your conversations. Such analogs are the anonymous web browsers Orbot or Orweb, for example. There are also special programs that encrypt your telephone conversations, photos, and many already use secure messengers.
It was striking that almost all the operators addressed by the journalists simply could not give answers to the questions asked. The only company that agreed to help was representatives of MTS Ukraine. The Life :) operator didn’t respond to the request at all, but Kyivstar was told that they are not experts in such matters, and that such questions should be addressed to special state services (read, Ministry of Internal Affairs, Security Service of Ukraine, etc. ) The article below also used information on listening to mobile phones, obtained from public sources.
How do operators protect their networks?
In the development of GSM technology, as well as at the stage of its implementation, all requirements from the controlling state were taken into account. authorities to the level of protection. It is precisely because of these requirements that the sale and purchase of special equipment, like powerful encryptors, crypto equipment, scramblers, as well as very protected technologies for public communication, is prohibited in many countries of the world. But mobile operators themselves protect their radio channels using signal encryption methods. Encryption uses very complex algorithms. What kind of cryptographic algorithm will be encrypted is selected at the stage when the connection is established between the base station and the subscriber. The degree of probability of a subscriber’s information leakage from the operator’s equipment, as MTS employees assured the journalists, that it is practically zero. Why to zero, we asked - and all because of the complexity and control over access to the facilities and equipment of the operator.
How can you "listen" to mobile phones
In total there are two methods of wiretapping subscribers - this is the active method, and the passive method. When listening to a subscriber passively, you need to use very expensive equipment and have specially trained employees. If you have money (read - big money) on the “black market” you can purchase special complexes, using which you can listen to conversations of any subscriber within a radius of up to 500 meters. Ask why you need to have a lot of money? The answer is simple - the price of one such set starts from several hundreds of thousands of euros. What this kit looks like is seen in the following photo. In the network there are many sites where you can find a description and principle of operation of such sets and listening systems.
')
As manufacturers of such listening systems convince, their systems can track GSM-conversations in real time, because the principle of operation of the equipment is based on access to the SIM card of a mobile subscriber, or directly to the database of the cellular operator itself. Although, if there is no such access for those who listen to you, they can listen to all your conversations with some delay. The amount of delay depends on the level of encryption of the communication channel that an operator uses. Similar systems can also be mobile centers for listening and tracking the movement of objects.
The second method of wiretapping is active intervention directly on the air on the authentication process and control protocols. For this purpose, special mobile complexes are used. Such mobile systems, which, in fact, are a pair of specially modified phones and a laptop, despite their apparent simplicity and small size, are also an expensive pleasure - their price varies from a couple of tens of thousands to several hundred thousand US dollars. And again, only highly qualified specialists in the field of communications can work on such equipment.
The attack on the subscriber is carried out according to the following principle: since the complex is mobile and is located close to the subscriber - up to 500 meters - it “intercepts” the signals for establishing a connection and transmitting data, replacing the base station of the operator. In essence, the complex itself becomes a “bridge” between the nearest base station and the subscriber himself.
After “capturing” the desired mobile subscriber in this way, this complex can actually perform any control function over the intercepted channel: for example, connect the listener with any number necessary for those who listen to the number, lower the crypto-encryption algorithm, or disable this encryption altogether for a specific communication session and t .d
How about looks like a similar complex - seen in the photo below.
As the experts shared, 100% to determine that the subscriber’s phone is tapped at this particular moment is impossible. But, it is possible to obtain indirect evidence that may indicate that there is such a probability. In the recent past, some mobile models (namely, push-button telephones) had in their functionality a special character-icon in the form of a lock. If the lock was closed, then the signal goes in encrypted form, and vice versa - if the lock is open ... well, you yourself understood everything.
But already in the phones over the past 5-6 years there is no such function ... A pity. Although, for some models of smartphones special applications are provided that will signal to the owner of the phone about the configuration of the settings used in the current communication session. One of the options is to notify the user about the mode in which his conversation is transmitted - using encryption algorithms or openly. Listed below are a few of these applications:
EAGLE Security
It is one of the most powerful applications to protect your mobile from wiretapping. This program prevents any connections to false base stations. To determine the reliability of the station, verification of signatures and station identifiers is used. In addition, the program independently monitors and remembers the location of all base stations and if it detects that a base is moving around the city, or its signal disappears from time to time from its location - this base is marked as false and suspicious and the application will notify the owner phone. Another useful feature of the program is the ability to show which of the applications and programs installed on the phone have access to the video camera and microphone of your phone. There is also a function to disable (prohibit) access of any unnecessary software to the camera.
Darshak
This program is different from the previous one and its main function is to track any suspicious activity on the network, including when using SMS, which can be sent without the permission of the phone owner. The application in real time assesses how your network is secure and what encryption algorithm is used at that moment, and much more.
Android IMSI-Catcher Detector
This application also helps protect your smartphone from any connections to pseudo-bases. The only drawback of this program is that you will not find it on Google Play and if you still want to install it, you will have to tinker with this procedure.
CatcherCatcher
The CatcherCatcher program, like its counterparts above, is engaged in identifying spurious base stations that attackers (or special services?) Use as intermediate “intermediary bridges” between the subscriber and the real base station.
And lastly, experts also recommended using special applications to ensure the security of personal conversations and data, including - to encrypt your conversations. Such analogs are the anonymous web browsers Orbot or Orweb, for example. There are also special programs that encrypt your telephone conversations, photos, and many already use secure messengers.
Source: https://habr.com/ru/post/238923/
All Articles