Cell Phone Hacking Washington DC

Status
Not open for further replies.

Rred

Member
Joined
Nov 21, 2014
Messages
830
No **it ?! You mean, some kinda bad guys might have bought or built stingrays of their own, and started using them for nefarious purposes?

And with only 17 national intelligence organizations, the US somehow has never gotten around to thinking this could happen? Here?

This is why American capitalists who took trans-Atlantic liners 100 years ago, used to send all their telegraphs in code. Personal and private code. And why, not so long ago, the Secret Service didn't want Obama to be using his own civilian cell phone when they had significantly better ones available. (And the Secret Service doesn't count as being one of the 17 agencies that get paid to anticipate this stuff.)

The FCC says a 'cell phone" is a RADIO not a TELEPHONE. It can't be wiretapped because there are no wires, but since it is a RADIO...anyone can be expected to be listening to it. What a surprise!
 

TDR-94

Member
Joined
Mar 30, 2014
Messages
1,333
Making information about how ISMI catchers work, available to the public, certainly has helped open a pandora's box for criminal activity.
 

Squelchtone

Member
Premium Subscriber
Joined
Nov 15, 2010
Messages
102
Location
Central / Metro West MA
Making information about how ISMI catchers work, available to the public, certainly has helped open a pandora's box for criminal activity.

In this day and age of everything being on the Internet it was only a matter of time before someone figured out that phones are very eager to connect to anything that says it's a cell phone tower. Hiding that information via the security through obscurity model may not be good for the general public at large.

A possibly better way would be for each provider's tower to have a signed certificate that is presented during the handshake when a phone detects the tower and attempts to connect to it. If the certificate isn't valid based on the Certification Authority then the phone doesn't connect and either marks that tower as suspect and alerts the customer or just blocks it silently and looks around for another tower to negotiate a connection with.

I'm sure this would require a ton of changes with either programming or infrastructure or both, and I wonder if there's something that I may not be considering that would invalidate this idea and still allow fake towers to play man in the middle and present certificates they steal from real nearby towers.

Squelchtone
 

TDR-94

Member
Joined
Mar 30, 2014
Messages
1,333
The government also wants to insure that things aren't "too" difficult for them, so there's also that aspect that has to be contended with. They want the easiest methods possible like everyone else.
 

AK9R

Lead Wiki Manager and almost an Awesome Moderator
Super Moderator
Joined
Jul 18, 2004
Messages
9,958
Location
Central Indiana
The FCC says a 'cell phone" is a RADIO not a TELEPHONE. It can't be wiretapped because there are no wires, but since it is a RADIO...anyone can be expected to be listening to it.
I am not a lawyer, but I don't agree with this logic.

Between a cellular phone handset and a cellular phone tower, a cell phone is a radio. But, there are wires (or fiber) connecting the towers. If someone, or some national intelligence agency, is intercepting cellular phone calls between the towers, that sure sounds to me like wiretapping.
 

Rred

Member
Joined
Nov 21, 2014
Messages
830
W9-
The FCC's logic, and what you don't seem to consider, is those "two wires" are an interconnect system. A phone patch. The same way that a repeater, or a high seas radio station, patches a conventional radio into the conventional wired telephone switching system.
The fact that there is computer automation and signaling and a whole fancy commotion taking place to make this "normal" for cell phones, doesn't change the basic "phone patch" division of them.

I'm sure I'd read about cell phones (even GSM phones that are supposed to be running on encrypted networks once they hit the towers) being vulnerable to a "man in the middle" attack as far back as 2000 if not earlier. And even then, the supposition that governments liked this, i.e. so that stingrays and other devices could be used. (Remember, among others, it is the NSA's charter mandate to collect ALL electronic signals intelligence, and one can only hope they've done that effectively. Or not.)

At this point in time it is almost laughable to think about modifying the network. Millions? Of towers, cells, picocells, femtocells, phones, all relying on this system and unlikely to be "fixable". And a whole new (and incredibly localized) amount of 5G equipment being built and deployed very shortly. And all relying on those same vulnerabilities.

The same reason that the backbone of the telephone system (SS7, Switching System 7) is tolerated, even though it has been proven to allow any call to be traced from number to number, worldwide. (I think Mark Tobias has a video on YouTube about that one too.)
 

cherubim

Member
Premium Subscriber
Joined
Dec 30, 2011
Messages
451
Location
Sydney, Australia
That article sounds like propaganda and scaremongering to me. It's light on content and high on sensationalism.

Just more mainstream garbage. The comments following the article are indicitive of just how idiotic people are as they turn everything into a political argument.
 

INDY72

Monitoring since 1982, using radios since 1991.
Premium Subscriber
Joined
Dec 18, 2002
Messages
14,849
Location
Indianapolis, IN
Enemy of the State, and Wag the Dog,... along with a few other choice flicks...

And yes, cellular networks are RADIO networks. And now proven even LESS secure than an P25 radio network! Makes you really ponder the whole future with FirstNET hmmmm? At least correctly set up P25, DMR, and NXDN systems require proper authentication protocols (Affiliation and Ident) for subscriber units to access, log onto, and use the network. Each unit! And there is no slipping onto another system your unit is NOT allowed on. It will get denied. And you can not hijack units from an system they are on. No fooling an HT or mobile into giving you access to it, or its networks.
 
Last edited by a moderator:

mszabo2000

Member
Joined
Oct 25, 2011
Messages
186
Location
Rootstown, Oh
Enemy of the State, and Wag the Dog,... along with a few other choice flicks...

And yes, cellular networks are RADIO networks. And now proven even LESS secure than an P25 radio network! Makes you really ponder the whole future with FirstNET hmmmm? At least correctly set up P25, DMR, and NXDN systems require proper authentication protocols (Affiliation and Ident) for subscriber units to access, log onto, and use the network. Each unit! And there is no slipping onto another system your unit is NOT allowed on. It will get denied. And you can not hijack units from an system they are on. No fooling an HT or mobile into giving you access to it, or its networks.

I can't speak to NXDN, but DMR and P25 are not as secure as you think. Anyone can program a radio with a duplicate ID and access the system.
 

kayn1n32008

ØÆSØ Say it, say 'ENCRYPTION'
Joined
Sep 20, 2008
Messages
6,867
Location
Sector 001
I can't speak to NXDN, but DMR and P25 are not as secure as you think. Anyone can program a radio with a duplicate ID and access the system.
Lol. Good luck with that. Things like P25 aurhentication stop idiots from throwing a radio with a duplicate ID om the system.

With NXDN, you can not program a radio on a NXDN system with out a system key. Further more, the NXDN radios ESN MUST be provisioned with the system controller before they will unmute.

Further more there are also is really useful software that will make bootleg radios stand out. Duplicate ID or not.

I would suggest NXDN, DMR and P25 are much more secure then you actually know.
 

mszabo2000

Member
Joined
Oct 25, 2011
Messages
186
Location
Rootstown, Oh
Lol. Good luck with that. Things like P25 aurhentication stop idiots from throwing a radio with a duplicate ID om the system.

With NXDN, you can not program a radio on a NXDN system with out a system key. Further more, the NXDN radios ESN MUST be provisioned with the system controller before they will unmute.

Further more there are also is really useful software that will make bootleg radios stand out. Duplicate ID or not.

I would suggest NXDN, DMR and P25 are much more secure then you actually know.


Authentication does protect P25 systems but many systems do not support this feature. Yes, software can identify duplicates but no system is immune from hacking.
 

INDY72

Monitoring since 1982, using radios since 1991.
Premium Subscriber
Joined
Dec 18, 2002
Messages
14,849
Location
Indianapolis, IN
REREAD my post. Notice anything? Bold? Underlined? If not go reread it again!
 

romanr

Member
Joined
Feb 15, 2009
Messages
152
Location
Cheese country
we're only talking about receiving

Lol. Good luck with that. Things like P25 aurhentication stop idiots from throwing a radio with a duplicate ID om the system.

With NXDN, you can not program a radio on a NXDN system with out a system key. Further more, the NXDN radios ESN MUST be provisioned with the system controller before they will unmute.

Further more there are also is really useful software that will make bootleg radios stand out. Duplicate ID or not.

I would suggest NXDN, DMR and P25 are much more secure then you actually know.

The topic really is about intercepting transmissions and not trying to get onto the system.
Unless the system is encrypted, a $20 SDR dongle and a bit of software is all anyone needs to intercept the conversation. All the clever "authentication" will do is prevent someone from transmitting - but that's not the concern of this thread.
 

kayn1n32008

ØÆSØ Say it, say 'ENCRYPTION'
Joined
Sep 20, 2008
Messages
6,867
Location
Sector 001
The topic really is about intercepting transmissions and not trying to get onto the system.
Unless the system is encrypted, a $20 SDR dongle and a bit of software is all anyone needs to intercept the conversation. All the clever "authentication" will do is prevent someone from transmitting - but that's not the concern of this thread.
And AES256 makes that $20SDR dongle useless. The post I replyed to implied that these radio networks are easily hackable. Sadly it is possible, but any owner serious about maintaining tje integrity of their network have tools to detect and inhibit rogue radios pretty quickly.
 

romanr

Member
Joined
Feb 15, 2009
Messages
152
Location
Cheese country
And AES256 makes that $20SDR dongle useless. The post I replyed to implied that these radio networks are easily hackable. Sadly it is possible, but any owner serious about maintaining tje integrity of their network have tools to detect and inhibit rogue radios pretty quickly.

As I said "unless the system is encrypted..." I believe my reply was the first occurrence of the "e" word in this thread.

However, having a rogue radio on the network is an entirely different issue from having unknown (and undetectable) equipment eavesdropping on the conversation.
 
Status
Not open for further replies.
Top