How secure are text messages and mobile calls?

How secure are text messages and mobile calls?

Author
Discussion

neilmac

Original Poster:

567 posts

269 months

Wednesday 17th September 2003
quotequote all
Someone I know is convinced that their text messages and mobile calls have been and are being monitored. The contents of these messages are then being passed onto someone else.

Is this possible and if so what can be done to find out who the culprit is?

Any ideas?

neilmac

Original Poster:

567 posts

269 months

Wednesday 17th September 2003
quotequote all
mungo said:
Your last text Neil read:-

"Hey baby, just bought a great new gimp mask for tonight! See you soon xxx"

How do I know this??? Sorry mate!



No, you've looked at your own outbox - silly!

Seriously, does anyone know if this can happen and how to get to the bottom of it?

meeja

8,290 posts

255 months

Wednesday 17th September 2003
quotequote all
Text messages are about as secure as emails.

A "chap in the pub" was recently disciplined by his employer for sending "inappropriate" text messages.

Apparantly, the company saw texts on his company mobile bill sent at silly times of the day (early hours etc) and decided to investigate.

They confronted him in a meeting with printouts of the texts that he had sent!!

Big brother is watching after all......

ehasler

8,567 posts

290 months

Wednesday 17th September 2003
quotequote all
How is this possible? I read somewhere (not sure where, so it could be total rubbish!) that the mobile phone operators don't read or store messages that are sent, especially as there are so many of them.

meeja

8,290 posts

255 months

Wednesday 17th September 2003
quotequote all
ehasler said:
How is this possible? I read somewhere (not sure where, so it could be total rubbish!) that the mobile phone operators don't read or store messages that are sent, especially as there are so many of them.


I would imagine that they are saved for a period (a few weeks maybe?) in case of discrepancy complaints...

"Honestly, I didn't send a text message at 2.30am darling!"

"Lets see if the phone company will back you up!"

ehasler

8,567 posts

290 months

Wednesday 17th September 2003
quotequote all
I think digital mobile calls are pretty secure, and when digital phones first came out it wasn't possible to listen in on them. I'm assuming that technology exists now to make this possible, but I guess it is pretty hard.

I do remember though when you could listen in on analogue mobile calls with a hand-held scanner. A mate of mine had one of these, and a few mates were over at his listening to it. Somehow we managed to happen on a call from a bloke to an escort agency, and when he gave his number to them, we noted it down and one of my mates called him up a few minutes afterwards.

He claimed to be an inspector from the vice squad , and gave the bloke a bit of a talking to. We were all , and I would have loved to have seen this guy's face, as he sounded pretty

sheepy

3,164 posts

256 months

Wednesday 17th September 2003
quotequote all
Digital mobiles and text messages are secure enough that you don't have to worry about the man in the street being able to monitor the content.

However if you piss off the UK or US government to the point where they are actively trying to kill you, then you may find out how insecure they are when you have resources like the NSA and certain sections of GCHQ using SIGINT birds to monitor what you're up to. That's why BinLiner has taken to using more "backward" technologies (like hand carried messages).

Edited to change ELINT to SIGINT which is what I meant to say!

>> Edited by sheepy on Wednesday 17th September 15:26

Mr E

22,128 posts

266 months

Wednesday 17th September 2003
quotequote all
Over the air, GSM is fairly secure. Encryption and frequency hopping means it's *very* hard to intercept the call over RF.

However, the link from the BTS (radio station) to BSC, and BSC to MSC are unecrypted.

So, pretty easy. Anyone working on the network with a protocol analyser can read SMSs off the line. Anyone working on the MSC can intercept voice/data/SMS calls with impunity.

They don't, because they're far too busy.

UMTS is significantly more secure. 2 way authentication helps (the network has to prove it is who it says it is - GSM doesn't) and CDMA mean it's pretty much impossible to evesdrop from an RF point of view.

Once in the network it can be done, but it's much trickier.

Which is great when you're a protocol engineer and all the messages flying around the system are *encrypted*....

pdV6

16,442 posts

268 months

Wednesday 17th September 2003
quotequote all
meeja said:

ehasler said:
How is this possible? I read somewhere (not sure where, so it could be total rubbish!) that the mobile phone operators don't read or store messages that are sent, especially as there are so many of them.



I would imagine that they are saved for a period (a few weeks maybe?) in case of discrepancy complaints...

"Honestly, I didn't send a text message at 2.30am darling!"

"Lets see if the phone company will back you up!"

They have to be stored for at least a short period, as they may not be deliverable immediately. The network re-sends them at various intervals for a set period of time before eventually giving up. Why not store them all until their notional expiry date? Saves on the logic required to delete them as soon as they've been delivered and can shift the burden to a batch job that can run during a quiet period...

anonymous-user

61 months

Thursday 18th September 2003
quotequote all
Sod's law that I can't find a link right now, but a few months back, two Orange employees were sacked for doing just this.

From (hazy) memory, one of the employees mates' thought his girlfriend was playing away and got his mate to monitor text messages sent to / from her phone and caught her out. The employee and one of his colleagues were found out and sacked.

It's illegal (under the WTA from memory), but as always that doesn't mean it doesn't go on. If it's as easy as I'm led to believe, you can imagine goons at the Telcos just randomly reading a few every now and then for a laugh.

As for someone actively monitoring a persons calls and text messages... I think the person in question has been watching too many episodes of Spooks. Either that, or they've been talking too loudly about that bomb they're building in the wrong company.

rodsmith

261 posts

268 months

Thursday 18th September 2003
quotequote all
Gsm has been cracked by Professor Eli Biham and doctoral student Elad Barkan, and Nathan Keller in the paper ‘Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication’.

So if your mate has an excellent understanding of comm’s and cryptographic systems then yes it is possible to eavesdrop your calls!

If you're interested in gsm security have a look here: http://gsmsecurity.com/faq.shtml

And the theregister has a good piece about Professor Eli Biham here:

www.theregister.co.uk/content/55/32653.html

tim_s

299 posts

261 months

Thursday 18th September 2003
quotequote all
it's very easy to spoof text messages (i.e. type in the "from" number yourself). could be quite funny.

ehasler

8,567 posts

290 months

Thursday 18th September 2003
quotequote all
How do you do that then?