Home opinion-and-analysis Cornered! Intercepting cellphone calls really is child's play

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Since my earlier comments  on reports that mobile phones can be compromised and calls intercepted, simply by sending an SMS that contains reprogramming instructions, the originator of the technique has responded to the questions I raised.

It now appears that the compromised phone, unbeknownst to the user, simply creates a three way conference call with the attacker for every call made and received. Scary!

German security company, SecurStar, claimed to have uncovered the first serious threat to the security of cellphone conversations, saying that "Simply by sending an invisible and unnoticeable SMS message to a particular cellphone, spying on cell phone users has become child's play."

I suggested that the security of mobile phones had long been compromised by the development of IMSI- catchers, hardware devices that intercept GSM calls over the air and exploit weaknesses in the GSM encryption algorithm.

 Wifried Hafner, CEO of SecurStar responded to this, telling me: "Yes IMSI catchers have been around for several years but it is not easy to get such equipment and monitoring cannot be made by just anyone."

I also queried his claim that interception is 'child's play' since he had given no indication as to how the call is retrieved from the compromised phone. It does indeed appear to be child's play. Here is what Hafner told me:

"We can sent a service SMS to any phone (regardless of the operating system) and reprogram the SIM card and/or parts of the phone. (A service SMS is a specially formatted SMS that contains data instructions for the reconfiguration /programming and/or update of phones and SIM cards.).

"While usually a service SMS should be sent by the provider to upgrade the SIM card and configure the phone, normal users can also simulate this and send a service SMS. Here the phone and SIM card of the victim are reprogrammed in a way that each entering or exiting phone call are silently conferenced with the attacker.

"It is the victim's phone that creates a second 'hidden' conference call to the attacker. Also the victim pays for this second telephone call. (Equivalent to a 3-way conference call) In order not to show on the monthly bill, the attacker can chose to get called on an anonymous 0800 number that is redirected through VoIP. In this way the call is not charged to the victim and the number does not appear on the monthly statement."

FREE REPORT - IT MONITORING TOOLS COMPARISON

Are you looking to find the most efficient IT Monitoring tool available?

IT Monitoring is an essential part of the operations of any organisation with a significant network architecture.

Multiple IT monitoring platforms are available on the market today, supporting the various needs of small, medium-sized, and large enterprises, as well as managed service providers (MSPs).

This new report studies and compares eight different IT monitoring products in terms of functionality, operations, and usability on the same server platform with 100 end devices.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

Download your free report to find out.

DOWNLOAD!

Stuart Corner

 

Tracking the telecoms industry since 1989, Stuart has been awarded Journalist Of The Year by the Australian Telecommunications Users Group (twice) and by the Service Providers Action Network. In 2010 he received the 'Kester' lifetime achievement award in the Consensus IT Writers Awards and was made a Lifetime Member of the Telecommunications Society of Australia. He was born in the UK, came to Australia in 1980 and has been here ever since.

Connect