GSM security / eavesdropping , possible ?

[sourour]

gsm eavesdropping

Is it by any mean possible that the cell phone becomes an eavesdropping device?. Assume a person has a GSM phone in his T-shirt pocket and the cell phone is on. Can any one in the GSM core network listen to that person talking WITHOUT THIS PERSON MAKING ANY CALLS?. This is technically possble only if the core network can make the cell phone switch to a traffic channel and start transmitting a call, without the knowledge of the phone owner. Is this possible ? Any one knows ?

 

[manaman]

gsm eavesdropping device

I dont think so ,of course the GSM is inherently vulnerable in terms of security.It uses an nonencrypted broadcast channel to control and network management , anybody can listen to this and evesdrop on others calls, only if someone makes or recives a call. While the phone is in the stand by mode i dont even think the RF section is on , so i cant visualise such a possiblity

 

[bubu]

eavesdrop gsm

Dear Sourour,

I can reassure you, that in the air it is impossible to eavesdrop your conversation
until it does not terminated in PSTN, where the GSM encrytion and ciphering due to the voice band 300-3400 Hz not exist anymore. In the air as manaman wrote really
BCCH and CCCH (Common Control Channels) signals are not crypted but in those frames there is no sensitive information relating to the TCH frames just such kind of information as useable frequency of neighbouring BTS, Tx power level etc. Furthermore during call setup the mobil station grant a temporary number which is then NOT used during conversation and no one knows it's ciphering algorithm, the frame numbers which period of repeat period roughly 3.5 Hours!!!
The SW in these day's mobile phone perhaps could be able to send data if it is not in sleep mode without your notice but it is not an ordinary man capability so until you are not involved in X-files it is not your case If it is, implement a small microswitch in the mic circuit for safe sake.
Exuse me for my poor English

 

[spikeyang]

gsm eavesdrop

But what if the hand-set protocal stack has been altered from normal?

My old GSM phone siemens S-2588 will transmit periodically after I turned down the power and with no display on the LCD. I found this because I just put a radio near it, I heard the buzz sound of the GSM transmit power envelope.

When your phone connect to the network automatically without any indication, you will be heard by someone ,who has the number your phone just dialed.

 

[Nezami]

encryption drain the battery gsm

"I can reassure you, that in the air it is impossible to eavesdrop your conversation"

This is not quite true. There is one company at least I know of, which makes GSM surveillance equipment, and only sell it to law enforcement. I personally attended one demonstration. This equipment act like a clone to your Cell phone once it is programmed with your phone number, something that involve a court order, that is if you are in a civilized regime, unlike those in the middle east!.

The sale of this equipment to various government officials in Lebanon made a national crises 10 years ago. Various party leaders in Lebanon acquired these, and were listening in on their rival party members, and perhaps you can find stories about this on internet.


The use of BCCH and CCCH (Common Control Channels) to transmit voice back to the base station is very unlikely, since the reverse link, data fields in these channels are bursts, and very small, and even if were used for voice, they would have to sample voice in such way that it makes it unusable. Also, do not forget that it would also drain the battery very quick, I doubt this is possible !. Remember, this field were not designated for continuous traffic, but rather for relaying small network related parameters to the base. Also the power allocation for these was not even specified for good RF link if voice used.


Again, like one of you mentioned, if this were to be done, it would involve firmware and even hardware modification (installing switching and enable lines) to the individual phone, which is a whole different story.

I worked few years at Westinghouse Audio Intelligence Devices in USA, a company no longer exist, but at the time, we made some phone bugs, but that involved installing a small 100 milli-watt additional transmitter inside the phone, which was turned on, the minute you receiver a call. This transmitter would transmit short range to another nearby receiver whose squelch circuit would turn on a tape recorder. This phone was used to combat drug trafficking, and it worked very well and made the company a lot of $.

These products by the way still cell, and it is used very often all over the world by undercover agents.

 

[platonas]

possible to listening gsm phones?

Another one method I heard about worked on old phones.
You put the victims phone in hands free (car) profile and put internally some resistor on the hands-free connector so that the phone things there is a hands-free attached. So on incoming calls the phone will answer after the first ring. If you also put it on silent it will answer your call and you would be able to hear the conversations of the victim on your mobile.

 

[Nezami]

eavesdropping equipment gms

I forgot to mention the kind of changes you would have to do at the base station to route audio from a traffic control channel. This would mean access and modifications to the base station where ever happen to be the caller, and that could mean an entire country or a region. So again, this is impossible to do with an ordinary effort. If it were done, it means millions of $ and the cooperation of base station operator and manufacturers, something that is very unlikely to happen, especially when it can be done by simply listening to his call that will eventually be at the PSTN switch.

 

[gam]

how easy is it to eavesdrop on gsm phones

Hello,

I think the most common type of interception equipment that is required by the government law enforcement agencies from any mobile operator is usually installed at the core network since it is far more easier (air interface encryption is not available) and it is more centralized. There is a maximum number of the circuits they can listen to at the same time though. This type of equipment is usually known as "Lawful Interception".

As per the interception of call through the air interface, I think it is very improbable as the cracking of the Ki and Kc codes would take supposedly a very long time. The Random Sequence generated by the system from which the Mobile generates a key according to another key on its SIM card is checked in the Core (AUC) and then the cyphering begins.

 

[MRFGUY]

eavesdropping gsm

I also agree with gam.

It is not possible the third person intercept the voice during two person made conversation. But it can be done at the core netowrk by the mobile operator authorization.