RadioReference on Facebook   RadioReference on Twitter   RadioReference Blog
 

Go Back   The RadioReference.com Forums > The RadioReference Tavern > Off Topic Wireless

Off Topic Wireless - If it receives or transmits and it doesn't fit in anywhere else, WayneH will probably move it here

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-19-2017, 6:02 AM
r60 r60 is offline
Member
  Premium Subscriber
Premium Subscriber
 
Join Date: Dec 2005
Posts: 462
Default Cell Phone Hacking Washington DC

CBS news reporting investigation of widespread listening of cell phone by unknown entity.

Suspicious cellular activity in D.C. suggests monitoring of individuals' smartphones - CBS News
Reply With Quote
Sponsored links
  #2 (permalink)  
Old 03-19-2017, 1:56 PM
Member
  Amateur Radio Operator
Amateur Radio
 
Join Date: Nov 2016
Location: Central Valley, CA
Posts: 29
Default

I wonder if they're using the same type of process as consumer grade apps such as android imsi-catcher detector (aimsicd).
Reply With Quote
  #3 (permalink)  
Old 03-19-2017, 7:27 PM
Member
   
Join Date: Nov 2014
Posts: 667
Default

No **it ?! You mean, some kinda bad guys might have bought or built stingrays of their own, and started using them for nefarious purposes?

And with only 17 national intelligence organizations, the US somehow has never gotten around to thinking this could happen? Here?

This is why American capitalists who took trans-Atlantic liners 100 years ago, used to send all their telegraphs in code. Personal and private code. And why, not so long ago, the Secret Service didn't want Obama to be using his own civilian cell phone when they had significantly better ones available. (And the Secret Service doesn't count as being one of the 17 agencies that get paid to anticipate this stuff.)

The FCC says a 'cell phone" is a RADIO not a TELEPHONE. It can't be wiretapped because there are no wires, but since it is a RADIO...anyone can be expected to be listening to it. What a surprise!
Reply With Quote
  #4 (permalink)  
Old 03-19-2017, 7:41 PM
Member
   
Join Date: Mar 2014
Posts: 265
Default

Making information about how ISMI catchers work, available to the public, certainly has helped open a pandora's box for criminal activity.
Reply With Quote
  #5 (permalink)  
Old 03-19-2017, 8:07 PM
FedFyrGuy's Avatar
Member
  Premium Subscriber
Premium Subscriber
Amateur Radio Operator
Amateur Radio
 
Join Date: Dec 2004
Location: Hagerstown, Maryland
Posts: 54
Default

Maybe new snoopers working the area....but old news:

Mysterious Fake Cellphone Towers - Business Insider
__________________
N3PAG

Relm MX4000, RS Pro-18, Pro-136, Pro-668, Pro-2028, Pro2066, Pro2096, Pro2052, Pro2055, BC HP-1, HP-2, 345CRS and a Lafayette HA-52A just for old time's sake.
Reply With Quote
Sponsored links
  #6 (permalink)  
Old 03-19-2017, 9:44 PM
Squelchtone's Avatar
Member
  Audio Feed Provider
Audio Feed Provider
 
Join Date: Nov 2010
Location: Wilbraham MA
Posts: 90
Default

Quote:
Originally Posted by TDR-94 View Post
Making information about how ISMI catchers work, available to the public, certainly has helped open a pandora's box for criminal activity.
In this day and age of everything being on the Internet it was only a matter of time before someone figured out that phones are very eager to connect to anything that says it's a cell phone tower. Hiding that information via the security through obscurity model may not be good for the general public at large.

A possibly better way would be for each provider's tower to have a signed certificate that is presented during the handshake when a phone detects the tower and attempts to connect to it. If the certificate isn't valid based on the Certification Authority then the phone doesn't connect and either marks that tower as suspect and alerts the customer or just blocks it silently and looks around for another tower to negotiate a connection with.

I'm sure this would require a ton of changes with either programming or infrastructure or both, and I wonder if there's something that I may not be considering that would invalidate this idea and still allow fake towers to play man in the middle and present certificates they steal from real nearby towers.

Squelchtone
__________________
Scanners: BC785D w/ p25 card, RTL-SDR running SDR-Sharp w/ DSD+, Pro-2036 for Broadcastify feed, Uniden MR8100, Pro-2030, Icom IC-R5, BC350C in the Jeep.

Radios: Motorola XTS1500, XTS2500i, XTS3000
Reply With Quote
  #7 (permalink)  
Old 03-20-2017, 8:03 AM
Member
   
Join Date: Mar 2014
Posts: 265
Default

The government also wants to insure that things aren't "too" difficult for them, so there's also that aspect that has to be contended with. They want the easiest methods possible like everyone else.
Reply With Quote
  #8 (permalink)  
Old 03-20-2017, 9:07 AM
W9BU's Avatar
Lead Wiki Manager
  RadioReference Database Admininstrator
Database Admin
Amateur Radio Operator
Amateur Radio
 
Join Date: Jul 2004
Location: Brownsburg, Indiana
Posts: 4,470
Default

Quote:
Originally Posted by Rred View Post
The FCC says a 'cell phone" is a RADIO not a TELEPHONE. It can't be wiretapped because there are no wires, but since it is a RADIO...anyone can be expected to be listening to it.
I am not a lawyer, but I don't agree with this logic.

Between a cellular phone handset and a cellular phone tower, a cell phone is a radio. But, there are wires (or fiber) connecting the towers. If someone, or some national intelligence agency, is intercepting cellular phone calls between the towers, that sure sounds to me like wiretapping.
__________________
Lead Wiki Manager and Forum Moderator.

"The whole world's living in a digital dream. It's not really there, it's all on the screen." -- WB6ACU
Reply With Quote
  #9 (permalink)  
Old 03-20-2017, 9:09 AM
Member
   
Join Date: Jun 2015
Location: Decommissioned Nextel Site
Posts: 30
Default

I gotta wonder... did anyone in the analog era actually care that their calls could be listened in on easily? If the same were possible today I don't think many would care
Reply With Quote
Sponsored links
  #10 (permalink)  
Old 03-20-2017, 12:52 PM
Member
   
Join Date: Nov 2014
Posts: 667
Default

W9-
The FCC's logic, and what you don't seem to consider, is those "two wires" are an interconnect system. A phone patch. The same way that a repeater, or a high seas radio station, patches a conventional radio into the conventional wired telephone switching system.
The fact that there is computer automation and signaling and a whole fancy commotion taking place to make this "normal" for cell phones, doesn't change the basic "phone patch" division of them.

I'm sure I'd read about cell phones (even GSM phones that are supposed to be running on encrypted networks once they hit the towers) being vulnerable to a "man in the middle" attack as far back as 2000 if not earlier. And even then, the supposition that governments liked this, i.e. so that stingrays and other devices could be used. (Remember, among others, it is the NSA's charter mandate to collect ALL electronic signals intelligence, and one can only hope they've done that effectively. Or not.)

At this point in time it is almost laughable to think about modifying the network. Millions? Of towers, cells, picocells, femtocells, phones, all relying on this system and unlikely to be "fixable". And a whole new (and incredibly localized) amount of 5G equipment being built and deployed very shortly. And all relying on those same vulnerabilities.

The same reason that the backbone of the telephone system (SS7, Switching System 7) is tolerated, even though it has been proven to allow any call to be traced from number to number, worldwide. (I think Mark Tobias has a video on YouTube about that one too.)
Reply With Quote
  #11 (permalink)  
Old 03-20-2017, 11:12 PM
cherubim's Avatar
Member
  Premium Subscriber
Premium Subscriber
 
Join Date: Dec 2011
Location: Sydney, Australia
Posts: 334
Default

That article sounds like propaganda and scaremongering to me. It's light on content and high on sensationalism.

Just more mainstream garbage. The comments following the article are indicitive of just how idiotic people are as they turn everything into a political argument.
Reply With Quote
  #12 (permalink)  
Old 03-20-2017, 11:13 PM
AC2OY's Avatar
Member
  Shack Photos
Shack photos
Premium Subscriber
Premium Subscriber
Amateur Radio Operator
Amateur Radio
 
Join Date: Mar 2011
Location: Belleville,New Jersey
Posts: 2,276
Default

This thread reminds me of that Gene Hackman movie "Enemy of the State."
__________________
Michael AC2OY
Kenwood TH-F6A
GRE PSR-800
Uniden 536 HP Kenwood TS-2000 Comet 250-B Diamond D3000N
Reply With Quote
  #13 (permalink)  
Old 03-20-2017, 11:40 PM
milf's Avatar
Careful, I CAN hear you!
  RadioReference Database Admininstrator
Database Admin
 
Join Date: Dec 2002
Location: Indianapolis, IN
Posts: 11,001
Default

Enemy of the State, and Wag the Dog,... along with a few other choice flicks...

And yes, cellular networks are RADIO networks. And now proven even LESS secure than an P25 radio network! Makes you really ponder the whole future with FirstNET hmmmm? At least correctly set up P25, DMR, and NXDN systems require proper authentication protocols (Affiliation and Ident) for subscriber units to access, log onto, and use the network. Each unit! And there is no slipping onto another system your unit is NOT allowed on. It will get denied. And you can not hijack units from an system they are on. No fooling an HT or mobile into giving you access to it, or its networks.
__________________
Admin for AR, IN, LA, MS, and TN
PRO-92, PRO-92B, PRO-96 x 2, BCD396XT, BCD436HP+DMR
HT-1250 LS+, APX6000XE

Last edited by milf; 03-21-2017 at 12:21 AM..
Reply With Quote
  #14 (permalink)  
Old 03-21-2017, 7:22 AM
Member
  Amateur Radio Operator
Amateur Radio
 
Join Date: Oct 2011
Location: Rootstown, Oh
Posts: 95
Default

Quote:
Originally Posted by milf View Post
Enemy of the State, and Wag the Dog,... along with a few other choice flicks...

And yes, cellular networks are RADIO networks. And now proven even LESS secure than an P25 radio network! Makes you really ponder the whole future with FirstNET hmmmm? At least correctly set up P25, DMR, and NXDN systems require proper authentication protocols (Affiliation and Ident) for subscriber units to access, log onto, and use the network. Each unit! And there is no slipping onto another system your unit is NOT allowed on. It will get denied. And you can not hijack units from an system they are on. No fooling an HT or mobile into giving you access to it, or its networks.
I can't speak to NXDN, but DMR and P25 are not as secure as you think. Anyone can program a radio with a duplicate ID and access the system.
Reply With Quote
  #15 (permalink)  
Old 03-21-2017, 7:57 AM
Member
   
Join Date: Sep 2008
Location: In the 'patch
Posts: 4,283
Default

Quote:
Originally Posted by mszabo2000 View Post
I can't speak to NXDN, but DMR and P25 are not as secure as you think. Anyone can program a radio with a duplicate ID and access the system.
Lol. Good luck with that. Things like P25 aurhentication stop idiots from throwing a radio with a duplicate ID om the system.

With NXDN, you can not program a radio on a NXDN system with out a system key. Further more, the NXDN radios ESN MUST be provisioned with the system controller before they will unmute.

Further more there are also is really useful software that will make bootleg radios stand out. Duplicate ID or not.

I would suggest NXDN, DMR and P25 are much more secure then you actually know.
__________________
Interoperatablity is not a technology it is an attitude!!!
Reply With Quote
Sponsored links
  #16 (permalink)  
Old 03-21-2017, 8:17 AM
Member
  Amateur Radio Operator
Amateur Radio
 
Join Date: Oct 2011
Location: Rootstown, Oh
Posts: 95
Default

Quote:
Originally Posted by kayn1n32008 View Post
Lol. Good luck with that. Things like P25 aurhentication stop idiots from throwing a radio with a duplicate ID om the system.

With NXDN, you can not program a radio on a NXDN system with out a system key. Further more, the NXDN radios ESN MUST be provisioned with the system controller before they will unmute.

Further more there are also is really useful software that will make bootleg radios stand out. Duplicate ID or not.

I would suggest NXDN, DMR and P25 are much more secure then you actually know.

Authentication does protect P25 systems but many systems do not support this feature. Yes, software can identify duplicates but no system is immune from hacking.
Reply With Quote
  #17 (permalink)  
Old 03-21-2017, 8:52 AM
milf's Avatar
Careful, I CAN hear you!
  RadioReference Database Admininstrator
Database Admin
 
Join Date: Dec 2002
Location: Indianapolis, IN
Posts: 11,001
Default

REREAD my post. Notice anything? Bold? Underlined? If not go reread it again!
__________________
Admin for AR, IN, LA, MS, and TN
PRO-92, PRO-92B, PRO-96 x 2, BCD396XT, BCD436HP+DMR
HT-1250 LS+, APX6000XE
Reply With Quote
  #18 (permalink)  
Old 03-21-2017, 9:26 AM
Member
  Amateur Radio Operator
Amateur Radio
 
Join Date: Feb 2009
Location: Cheese country
Posts: 34
Default we're only talking about receiving

Quote:
Originally Posted by kayn1n32008 View Post
Lol. Good luck with that. Things like P25 aurhentication stop idiots from throwing a radio with a duplicate ID om the system.

With NXDN, you can not program a radio on a NXDN system with out a system key. Further more, the NXDN radios ESN MUST be provisioned with the system controller before they will unmute.

Further more there are also is really useful software that will make bootleg radios stand out. Duplicate ID or not.

I would suggest NXDN, DMR and P25 are much more secure then you actually know.
The topic really is about intercepting transmissions and not trying to get onto the system.
Unless the system is encrypted, a $20 SDR dongle and a bit of software is all anyone needs to intercept the conversation. All the clever "authentication" will do is prevent someone from transmitting - but that's not the concern of this thread.
Reply With Quote
  #19 (permalink)  
Old 03-21-2017, 9:36 AM
Member
   
Join Date: Sep 2008
Location: In the 'patch
Posts: 4,283
Default

Quote:
Originally Posted by romanr View Post
The topic really is about intercepting transmissions and not trying to get onto the system.
Unless the system is encrypted, a $20 SDR dongle and a bit of software is all anyone needs to intercept the conversation. All the clever "authentication" will do is prevent someone from transmitting - but that's not the concern of this thread.
And AES256 makes that $20SDR dongle useless. The post I replyed to implied that these radio networks are easily hackable. Sadly it is possible, but any owner serious about maintaining tje integrity of their network have tools to detect and inhibit rogue radios pretty quickly.
__________________
Interoperatablity is not a technology it is an attitude!!!
Reply With Quote
  #20 (permalink)  
Old 03-21-2017, 9:48 AM
Member
  Amateur Radio Operator
Amateur Radio
 
Join Date: Feb 2009
Location: Cheese country
Posts: 34
Default

Quote:
Originally Posted by kayn1n32008 View Post
And AES256 makes that $20SDR dongle useless. The post I replyed to implied that these radio networks are easily hackable. Sadly it is possible, but any owner serious about maintaining tje integrity of their network have tools to detect and inhibit rogue radios pretty quickly.
As I said "unless the system is encrypted..." I believe my reply was the first occurrence of the "e" word in this thread.

However, having a rogue radio on the network is an entirely different issue from having unknown (and undetectable) equipment eavesdropping on the conversation.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 7:09 PM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
All information here is Copyright 2012 by RadioReference.com LLC and Lindsay C. Blanton III.Ad Management by RedTyger
Copyright 2015 by RadioReference.com LLC Privacy Policy  |  Terms and Conditions