Question

  • Creator
    Topic
  • #2174020

    How safe is my mobile phone when it comes to privacy?

    Locked

    by linda-g ·

    With all the phone hacking going on in the press, I did some research and found loads of stuff to hack people’s phones! Do modern phones have the Big Brother spying capability already in the hardware? Any advice on this would be most appreciated.

All Answers

  • Author
    Replies
    • #2881794

      Clarifications

      by linda-g ·

      In reply to How safe is my mobile phone when it comes to privacy?

      Clarifications

    • #2881788

      Um NOT safe!

      by kenone ·

      In reply to How safe is my mobile phone when it comes to privacy?

      I mean c’mon, you’re broadcasting that signal over public airwaves. Not only can it be easily intercepted but even you’re location can be determined. If you were to stand on top of a tall building with a megaphone and converse with the person on the next building over how private would that conversation be?

      • #2881763

        Reponse To Answer

        by linda-g ·

        In reply to Um NOT safe!

        Thanks Kenone, I get the point but people use mobiles to access the internet and use online banking! Maybe mobile phones should come with a warning – not safe for banking online?

    • #2881773

      It is safe

      by robo_dev ·

      In reply to How safe is my mobile phone when it comes to privacy?

      Assuming you are on a GSM phone, the communication is encrypted and neither the signal nor the communication can be easily intercepted.

      It IS possible for a surveillance team with an appropriately outfitted communications van to intercept, decrypt in real-time, and monitor your GSM communications. Therefore, is your GSM phone secure enough for James Bond? No.

      Can a kid with a $50 Radio Shack scanner listen to your calls? No.

      Can an experienced and determined hacker listen to your calls? No.

      The issue is that to crack GSM you need to do real-time decryption on the fly. There’s no magic shortcut to that, it takes LOTS of processing power, in addition to having the requirement that the attacker is within around 1/4 mile of his target, AND the attacker knows what he is attacking, etc (see communications van discussion above). So if an attacker spent hours to identify your mobile ESN, then parked his communications van packed with computing power within radio range, and you make a call to your mom, he *might* be able to at least capture the data and later decrypt it offline. All for what? To hear her complain about her bad hair day 🙂

      GSM-Security.net

      Also, like any telephone conversation, it is passing unprotected through the wired phone system, so if you’re on your GSM mobile in Ufreakistan, expect that there’s a guy in a basement room somewhere listening to your call. With respect to this risk, remember that there is some ‘security through obscurity’ due to the volume of phone calls that happen, and the cost/time it takes to monitor and intercept all that communication. Unless you are specifically targeted as someone who is a threat to someone else, you’re fine.

      Remember, there are two goals with mobile phone security: preventing service theft and protecting customer privacy. Effectively both goals are served by the same technology, thus it is in the best interest of the service providers to have good security in place, or they would lose revenue…your privacy is an added benefit, but possibly not the service provider’s primary concern. 🙂

      • #2881762

        Reponse To Answer

        by linda-g ·

        In reply to It is safe

        Thanks robo_dev,
        Good to have some tec knowledge on this. If we’re using GSM we’re OK, as for the hardware spying stuff that’s for James Bond 🙂

    • #2881756

      As safe as walking around with your willy hanging out {nt}

      by slayer_ ·

      In reply to How safe is my mobile phone when it comes to privacy?

      no text

    • #2881749

      It is now trivial to intercept and/or record gsm phone calls

      by kenone ·

      In reply to How safe is my mobile phone when it comes to privacy?

      Ask Chris Paget, He did an interseting demo at DEFCON

    • #2881741

      Yes but there is only one Chris Paget

      by robo_dev ·

      In reply to How safe is my mobile phone when it comes to privacy?

      and he lives nowhere near the OP 🙂

      But seriously, what Paget does is not trivial by any stretch of anyone’s imagination.

      “The low-cost, home-brewed device, developed by researcher Chris Paget, mimics more expensive devices already used by intelligence and law enforcement agencies called IMSI catchers that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal thats stronger than legitimate towers in the area.”

      He had to modify his talk so he would not get arrested by Federal agents and you can be certain that the telcos have addressed the vuln that he demonstrated.

      If right now, I wanted to try out the attack/monitoring methods that Paget developed, could I do that? Nope. He did not publish his methods or source code, nor does he sell a ‘DIY IMSI’ catcher kit.

      Note that the vuln only applies to 2G GSM, not 3G.

      While there are tools such as Kraken which can crack *some* GSM encryption using a *somewhat large* (2TB) rainbow table on a GPU or FPGA based system, this is not a real threat.

      In the case of Kraken, nobody has developed the radio monitoring hardware and software to do this. It’s very illegal in most countries. And even the 2TB rainbow table crack is only effective against the older (A5/1) encryption.

      To circle back to the ‘point to all this’:

      The ‘security researchers’ are at the proof-of-concept phase, and are showing vulns, not actual exploits.

    • #2881716

      Easy answer is

      by oh smeg ·

      In reply to How safe is my mobile phone when it comes to privacy?

      If you remove the battery they are part way secure otherwise there is [b]Absolutely No Security Involved.[/b]

      Using the words Mobile Phone & Security in the same sentence is a Oxymoron and to be perfectly honest it’s safer playing Russian Roulette with a Pistol instead of a Revolver.

      You are going to shoot yourself but in the process you are not going to give away any potentially personal information.

      Where as using one of the new Smart Phones everywhere you go you are leaving a trail of breadcrumbs for whoever wishes to follow. 😉

      Col

    • #2881697

      I respectfully disagree

      by robo_dev ·

      In reply to How safe is my mobile phone when it comes to privacy?

      In the olden days, you could hack your radio scanner and monitor certain cell phone frequencies, but that is no longer technically possible in any way shape, or form.

      Assuming that we are talking about a standard 3G GSM device, I submit that there are no known cases of anyone, outside of government surveillance teams, where anyone has monitored telephone communications, period.

      Consider the Pagett DefCon demo: he discovered a vuln with 2G GSM, and the proof-of-concept attempts to crack even the older version of GSM encryption involve a rainbow table that is TWO TERABYTES.

      So if we move forward to 3G GSM, and the most recent encryption algorithm, we’re back to the reality that, while it may, in some theoretical universe, be insecure, in the environment that now exists, it is.

      Not to digress, but people sometimes confuse the issues related to WiFI security and believe that GSM has the same sorts of issues: it does not. Further, you cannot buy any radio receiver that intercepts GSM in any way, you must engineer and build your own radio.

      With respect to location data in smartphones and the so-called breadcrumb issue, keep in mind that a user concerned with privacy can turn off those features easily. The irony is that some of the same people crying out about data privacy have voluntarily shared their every belch and burp on their facebook page, so their concerns about some hypothetical hack on their GPS info is overshadowed by the geo-tagged photos that anybody can see on Facebook. There have been lots of cases where criminals have noted that somebody is on a beautiful two week vacation on Facebook, and use that as an opportunity to burgle the person’s home.

      • #2881687

        Reponse To Answer

        by linda-g ·

        In reply to I respectfully disagree

        Thanks robo_dev,
        I posted before reading your reply. Good to have some common sense, there is certainly a bigger picture, that, at the moment is beyond me, but I’m learning. Gotta have a sense of humour cos life is oh so short 🙂

      • #2882566

        Reponse To Answer

        by oh smeg ·

        In reply to I respectfully disagree

        robo_dev

        I wasn’t so much thinking about the Voice which provided you are not on a Government Watch List is pretty safe but the other things that you do with your Smart Phone.

        Very Little of that is Secured and things like E Mail and Web Suffering and your current location defiantly are not secure.

        However if all you want is Voice Security the 3G system is very secure and is as secure as any Voice Transmissions.

        It’s just the rest that is insecure and as the new ones have a GPS in them they can be used to track your position.

        Col

    • #2881688

      What of the future?

      by linda-g ·

      In reply to How safe is my mobile phone when it comes to privacy?

      If the lack of security using mobile phones was common knowledge then it would have a damaging impact on the mobile phone/spying industry. I didn???t realise how big an issue this is. People should know the truth, most will ignore it but some will cause a storm, then and only then will it change. But for how long? Maybe Orwell got it right and we???re living in it now but can’t see it. I expect you guys know far more about this New World order stuff, I thought it is was just a myth but now I wonder about our future??? 🙁

      • #2882461

        Reponse To Answer

        by oh smeg ·

        In reply to What of the future?

        [i]If the lack of security using mobile phones was common knowledge then it would have a damaging impact on the mobile phone[/i]

        Not that I see, most of the things that can be used against you are sold as Features. Things like give this handset to your kid and be able to monitor their location, as well as use that same GPS to guide you to where you want to go.

        As for Web Browsing and E Mail this has not been limited by real computer use over a Wired Connection and as Wireless connections are the Growth Side of the Industry do you really believe that anyone really cares?

        Col

      • #2882339

        Reponse To Answer

        by linda-g ·

        In reply to What of the future?

        Sneaky snakes, if it???s free or has some features it can come with a privacy tag. Like Adobe flash is up front about giving your data to 3rd parties in their Terms and conditions. Who reads them and who cares? The apathy of most people is a Godsend to the info gathers. I am just waking up to all this back-door stuff. I am sure there is far more going on??? 🙁

    • #2881665

      @ Robo Dev

      by kenone ·

      In reply to How safe is my mobile phone when it comes to privacy?

      You seem totally enthralled with the encryption. If I entice your phone to attach to my ersatz “tower” it is a simple matter to send an instruction to your phone to switch off both encryption and compression. Your phone will not notify you. There is a warning message but it is disabled by every manufacturer, in the US anyway. Once switched off they stay switched off until the phone’s battery is removed. Yes, some of these exploits are available on script kiddie sites. So what good does iron clad encryption do when it can be disabled by a simple command? Why do you suppose it is set up that way?

      • #2881660

        Reponse To Answer

        by robo_dev ·

        In reply to @ Robo Dev

        Remember that Pagetts proof-of-concept can only shut off encryption on 2G GSM phones, so my Blackberry, as configured, is immune to his promiscuous tower since it it locked to use 3G GSM only.

        You can be sure that the vuln that Mr. Pagett has discovered will be very quickly patched both in the phone firmware and taken into account with respect to how the telcos maintain and monitor their service.

        Note that there is a very big thing missing in the Pagett proof of concept: the ability to use your phone. Unless he has configured a land-line as part of his rogue cell tower, or is relaying it to another wireless device, it cannot act as a man-in-the-middle attack.

        Remember, his proof of concept was only to get phones to connect, not to be able to go mid-stream in a call. Consider that he would have to effectively create the functionality of a PBX to do that. If he was able to do all that, I’d almost be honored to have my call monitored, as that would be some amazing coding.
        The GSM Association responded to Pagett’s demonstration, I have pasted it below:

        Update: The GSM Association responded in a statement that lists the limitations to Pagett???s method: the eavesdropper would have difficulties identifying or targeting any specific user, the interception only works within a certain range, in some cases, the call???s encryption could prevent eavesdropping, and GSM phones are designed to alert users when encryption is removed by a base station. (Paget said in his talk that no device he???s tested???including iPhone and Android phones???has had this option enabled.)

        In summary, the GSM Association spokeswoman writes, ???The overall advice for GSM calls and fixed line calls is the same. Neither has ever offered a guarantee of secure communications. The great majority of users will make calls with no reason to fear that anyone might be listening. However users with especially high security requirements should consider adding extra, end to end security features over the top of both their fixed line calls and their mobile calls.???

    • #2880835

      Linda you may find this TR Blog interesting

      by oh smeg ·

      In reply to How safe is my mobile phone when it comes to privacy?

      Granted it’s about the I Phone tracking your movements but it really applies to all smart phones. 😉

      http://www.techrepublic.com/blog/mac/being-tracked-by-your-iphone-do-you-care/1109?tag=mantle_skin;content

Viewing 10 reply threads