Question

Locked

How safe is my mobile phone when it comes to privacy?

By linda-g ·
With all the phone hacking going on in the press, I did some research and found loads of stuff to hack people's phones! Do modern phones have the Big Brother spying capability already in the hardware? Any advice on this would be most appreciated.

This conversation is currently closed to new comments.

22 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Um NOT safe!

by Kenone In reply to How safe is my mobile pho ...

I mean c'mon, you're broadcasting that signal over public airwaves. Not only can it be easily intercepted but even you're location can be determined. If you were to stand on top of a tall building with a megaphone and converse with the person on the next building over how private would that conversation be?

Collapse -

Reponse To Answer

by linda-g In reply to Um NOT safe!

Thanks Kenone, I get the point but people use mobiles to access the internet and use online banking! Maybe mobile phones should come with a warning - not safe for banking online?

Collapse -

It is safe

by robo_dev In reply to How safe is my mobile pho ...

Assuming you are on a GSM phone, the communication is encrypted and neither the signal nor the communication can be easily intercepted.

It IS possible for a surveillance team with an appropriately outfitted communications van to intercept, decrypt in real-time, and monitor your GSM communications. Therefore, is your GSM phone secure enough for James Bond? No.

Can a kid with a $50 Radio Shack scanner listen to your calls? No.

Can an experienced and determined hacker listen to your calls? No.

The issue is that to crack GSM you need to do real-time decryption on the fly. There's no magic shortcut to that, it takes LOTS of processing power, in addition to having the requirement that the attacker is within around 1/4 mile of his target, AND the attacker knows what he is attacking, etc (see communications van discussion above). So if an attacker spent hours to identify your mobile ESN, then parked his communications van packed with computing power within radio range, and you make a call to your mom, he *might* be able to at least capture the data and later decrypt it offline. All for what? To hear her complain about her bad hair day :)

http://www.gsm-security.net/

Also, like any telephone conversation, it is passing unprotected through the wired phone system, so if you're on your GSM mobile in Ufreakistan, expect that there's a guy in a basement room somewhere listening to your call. With respect to this risk, remember that there is some 'security through obscurity' due to the volume of phone calls that happen, and the cost/time it takes to monitor and intercept all that communication. Unless you are specifically targeted as someone who is a threat to someone else, you're fine.

Remember, there are two goals with mobile phone security: preventing service theft and protecting customer privacy. Effectively both goals are served by the same technology, thus it is in the best interest of the service providers to have good security in place, or they would lose revenue...your privacy is an added benefit, but possibly not the service provider's primary concern. :)

Collapse -

Reponse To Answer

by linda-g In reply to It is safe

Thanks robo_dev,
Good to have some tec knowledge on this. If we're using GSM we're OK, as for the hardware spying stuff that's for James Bond :)

Collapse -

As safe as walking around with your willy hanging out {nt}

by Slayer_ In reply to How safe is my mobile pho ...
Collapse -

Reponse To Answer

by linda-g In reply to As safe as walking around ...

Hmm, I don't have a willy down there :) But I get the gist of it

Collapse -

Reponse To Answer

by robo_dev In reply to As safe as walking around ...

As the OP was a woman, that would not normally be a major risk :) :)

Collapse -

It is now trivial to intercept and/or record gsm phone calls

by Kenone In reply to How safe is my mobile pho ...

Ask Chris Paget, He did an interseting demo at DEFCON

Collapse -

Reponse To Answer

by linda-g In reply to It is now trivial to inte ...

Getting into deep water here. Chris Paget, is he on this forum?

Collapse -

Yes but there is only one Chris Paget

by robo_dev In reply to How safe is my mobile pho ...

and he lives nowhere near the OP :)

But seriously, what Paget does is not trivial by any stretch of anyone's imagination.

"The low-cost, home-brewed device, developed by researcher Chris Paget, mimics more expensive devices already used by intelligence and law enforcement agencies called IMSI catchers that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal thats stronger than legitimate towers in the area."

He had to modify his talk so he would not get arrested by Federal agents and you can be certain that the telcos have addressed the vuln that he demonstrated.

If right now, I wanted to try out the attack/monitoring methods that Paget developed, could I do that? Nope. He did not publish his methods or source code, nor does he sell a 'DIY IMSI' catcher kit.

Note that the vuln only applies to 2G GSM, not 3G.

While there are tools such as Kraken which can crack *some* GSM encryption using a *somewhat large* (2TB) rainbow table on a GPU or FPGA based system, this is not a real threat.

In the case of Kraken, nobody has developed the radio monitoring hardware and software to do this. It's very illegal in most countries. And even the 2TB rainbow table crack is only effective against the older (A5/1) encryption.

To circle back to the 'point to all this':

The 'security researchers' are at the proof-of-concept phase, and are showing vulns, not actual exploits.

Back to Hardware Forum
22 total posts (Page 1 of 3)   01 | 02 | 03   Next

Hardware Forums