The world is so arranged that any technical invention of the human mind that expands our capabilities and creates additional comfort for us inevitably contains negative aspects that can pose a potential danger to the user.
Modern means of wireless personal communication are no exception in this regard.
Yes, they have expanded our freedom immeasurably, “untying” us from the telephone on our desk and giving us the opportunity to contact the necessary correspondent at any time and in any place.
But few people know that these “miracles of technology” hide very dangerous “traps”.
And in order for your assistant — say, your cell phone — not to turn into your enemy one day, these “traps” should be studied well.
To better understand the problems associated with the use of wireless communication, let's remember what these means are and how they work.
Modern wireless personal communications devices include cellular mobile phones, pagers, and cordless landline radiotelephones.
Cellular mobile phones are essentially complex miniature radio transmitters and receivers.
Each cellular telephone is assigned an electronic serial number (ESN), which is encoded into the telephone's microchip during its manufacture and communicated by the equipment manufacturers to the specialists who service it.
In addition, some manufacturers indicate this number in the user manual.
When connecting the device to a cellular communication system, the technicians of the company providing these services additionally enter a mobile identification number (MIN) into the telephone's microchip.
A mobile cellular telephone has a long and sometimes unlimited range, which is provided by the cellular structure of communication zones.
The entire territory served by a cellular communication system is divided into separate adjacent communication zones or «cells».
Telephone exchange in each such zone is controlled by a base station capable of receiving and transmitting signals on a large number of radio frequencies.
In addition, this station is connected to a regular landline telephone network and is equipped with equipment for converting a high-frequency signal from a mobile phone into a low-frequency signal from a landline telephone and vice versa, which ensures the pairing of both systems.
Periodically (at intervals of 30-60 minutes), the base station emits a service signal.
After receiving it, the mobile phone automatically adds its MIN and ESN numbers to it and transmits the resulting code combination to the base station.
As a result, a specific cell phone, its owner's account number, and the device's association with a specific zone in which it is located at a given time are identified.
When a user calls on his phone, the base station allocates him one of the free frequencies of the zone in which he is located, makes the appropriate changes to his account, and forwards his call to its destination.
If a mobile user moves from one communication zone to another during a call, the base station of the zone being left automatically switches the signal to a free frequency in the new zone.
Pagers are mobile radio receivers with a device for recording messages in alphabetic, digital or mixed representation, operating mainly in the range of 100-400 MHz.
The paging system receives a message from a telephone subscriber, encodes it in the required format and transmits it to the pager of the called subscriber.
A stationary wireless radiotelephone combines a conventional wired telephone, represented by the device itself, connected to the telephone network, and a radio transceiver in the form of a telephone handset, providing two-way signal exchange with the base device.
Depending on the type of radiotelephone, the communication range between the handset and the device, taking into account the presence of interference and reflective surfaces, is on average up to 50 meters.
The problem of security when using a cell phone and other mobile means of personal wireless communication has two aspects: the physical security of the user and the security of information transmitted using these devices.
Here it should be immediately stipulated that only a mobile cell phone creates a threat to physical security, since pagers and fixed-line radio telephones are non-radiating or weakly radiating devices and are characterized by conditions and procedures for use that differ from those of cell phones.
The problem of information security
You have probably heard more than once the advertisement of companies providing cellular communication services: «Reliable communication at an affordable price!» Let's analyze whether it is really so reliable. From a technical point of view — yes. But from the point of view of the security of the transmitted information?
Electronic interception of conversations conducted via cellular or wireless radiotelephones has become a widespread phenomenon.
For example, in Canada, according to statistics, from 20 to 80% of radio communications conducted via cellular telephones are accidentally or intentionally eavesdropped by unauthorized persons.
Electronic interception of cellular communications is not only easy to implement, it also does not require large expenditures on equipment, and it is almost impossible to detect.
In the West, wiretapping and/or recording of conversations conducted via wireless communications is practiced by law enforcement agencies, private detectives, industrial spies, members of the press, telephone companies, computer hackers, etc.
In Western countries, it has long been known that mobile cellular phones, especially analog ones, are the most vulnerable in terms of protecting the information being transmitted.
The principle of transmitting information by such devices is based on the emission of a radio signal into the air, so any person, having tuned the corresponding radio receiver to the same frequency, can hear your every word.
You don't even need to have particularly complex equipment for this. A conversation conducted from a cell phone can be listened to using programmable scanners with a reception band of 30 kHz, which are sold in the West and are capable of searching in the range of 860-890 MHz. For the same purpose, you can also use ordinary scanners after their slight modification, which, by the way, is described in great detail on the Internet.
It is possible to intercept a conversation even by slowly retuning the VHF tuner in older TV models in the upper band of TV channels (from 67 to 69), and sometimes using a regular radio tuner.
Finally, such interception can be carried out using a PC.
It is easiest to intercept stationary or fixed cell phones, and more difficult to intercept mobile phones, since the subscriber's movement during a conversation is accompanied by a decrease in signal strength and a transition to other frequencies in the case of signal transmission from one base station to another.
Digital cell phones, which transmit information in the form of a digital code, are more advanced in terms of information protection.
However, the Cellular Message Encryption Algorithm (CMEA) encryption algorithm used in them can be cracked by an experienced specialist in a few minutes using a personal computer.
As for digital codes dialed on a digital cell phone keypad (phone numbers, credit card numbers or personal identification numbers PIN), they can be easily intercepted using the same digital scanner.
Cordless radiotelephones are no less vulnerable from the point of view of information security.
They use two radio frequencies: one for transmitting a signal from the device to the handset (both subscribers are listened to on it), the other — from the handset to the device (only the subscriber speaking into this handset is listened to on it). The presence of two frequencies further expands the possibilities for interception.
Interception of a radiotelephone can be carried out using another radiotelephone operating on the same frequencies, a radio receiver or a scanner operating in the range of 46-50 MHz. The interception range, depending on specific conditions, is on average up to 400 meters, and with the use of an additional dipole antenna of the range of 46-49 MHz — up to 1.5 km.
It should be noted that such often advertised features of the cordless telephone as «digital security code» and «interference reduction» do not prevent the possibility of interception of conversations.
They only prevent unauthorized use of the telephone and prevent neighboring cordless telephones from ringing simultaneously.
It is more difficult to intercept digital radio telephones, which can use from 10 to 30 frequencies with automatic frequency change.
However, their interception is not particularly difficult if you have a radio scanner.
Pagers are also vulnerable to the security of transmitted information. Most of them use the POSCAG protocol, which provides virtually no protection against interception.
Messages in the paging communication system can be intercepted by radio receivers or scanners equipped with devices capable of decoding ASCII, Baudot, CTCSS, POCSAG and GOLAY codes.
There are also a number of software tools that allow a PC in combination with a scanner to automatically capture the operating frequency of the desired pager or monitor all traffic in a specific paging communication channel.
These programs provide the ability to intercept up to 5,000 (!) pagers simultaneously and store all information transmitted to them.
Fraud
Fraud in cellular communication systems, also known as «cloning», is based on the fact that the subscriber uses someone else's identification number (and, consequently, account) for selfish interests.
Due to the development of high-speed digital cellular technologies, fraud methods are becoming more sophisticated, but the general scheme is as follows: fraudsters intercept the identifying signal of someone else's phone using scanners, which it uses to respond to a request from a base station, extract the MIN and ESN identification numbers from it, and reprogram the microchip of their phone with these numbers.
As a result, the cost of a call from this device is charged by the base station to the account of the subscriber from whom these numbers were stolen.
For example, in large Western cities, most often at airports, there are scammers who, having cloned the ESN number of someone's mobile phone, provide, for a fee, the opportunity for other people to call from this phone to distant countries at the expense of the person whose number was stolen.
Theft of numbers is usually carried out in business districts and in places where large numbers of people gather: highways, traffic jams, parks, airports, using very light, small-sized, automatic equipment. Having chosen a convenient place and turned on his equipment, the fraudster can fill the memory of his device with a large number of numbers in a short period of time.
The most dangerous device is the so-called cellular cash box, which is a combination of a scanner, computer and cell phone.
It easily detects and remembers MIN and ESN numbers and automatically reprograms itself to them.
After using the MIN/ESN pair once, it erases it from memory and selects another. Such a device makes fraud detection virtually impossible.
Although this equipment is still rare and expensive in the West, it already exists and poses a growing danger to mobile phone users.
Detecting the location of a subscriber
Let's leave aside such an obvious possibility as detecting the address of a mobile phone subscriber through the company providing these services.
Few people know that having a mobile phone allows you to determine both the current location of its owner and track his movements in the past.
The current position can be determined in two ways.
The first of these is the usual triangulation method (direction finding), which determines the direction to the operating transmitter from several (usually three) points and gives a fix on the location of the source of radio signals.
The equipment required for this is well developed, has high accuracy and is quite affordable.
The second method is through the computer of the company providing the communications, which constantly registers where a particular subscriber is at a given moment in time, even when he is not conducting any conversations (using the identifying service signals automatically transmitted by the telephone to the base station, which we discussed above).
The accuracy of determining the subscriber's location in this case depends on a number of factors: the topography of the area, the presence of interference and reflections from buildings, the location of base stations, the number of phones currently operating in a given cell.
The size of the cell in which the subscriber is located is also of great importance, so the accuracy of determining his location in the city is much higher than in rural areas (the size of a cell in the city is about 1 sq. km versus 50-70 sq. km in open areas) and, according to available data, is several hundred meters.
Finally, analysis of data on subscriber communication sessions with various base stations (through which base station the call was transmitted and to which base station, date of the call, etc.) allows us to reconstruct all of the subscriber's movements in the past.
Such data is automatically registered in the computers of companies providing cellular communication services, since payment for these services is based on the duration of use of the communication system. Depending on the company whose services the subscriber uses, this data can be stored from 60 days to 7 years.
This method of reconstructing the subscriber's movements is widely used by the police in many Western countries during investigations, since it makes it possible to reconstruct, down to the minute, where the suspect was, who he met with (if the other person also had a cell phone), where and how long the meeting took place, or whether the suspect was near the crime scene at the time it was committed.
Some recommendations
The security problem when using modern wireless communications is quite serious, but using common sense and known countermeasures, it can be solved to some extent. We will not touch on the measures that only communications providers can take (for example, the introduction of digital systems). Let's talk about what you can do yourself.
To prevent interception of information:
•Use common sense privacy precautions: Avoid or minimize the transmission of sensitive information such as credit card numbers, financial information, passwords. Use more secure landline telephones for this purpose, but make sure that the person you are talking to is not using a cordless phone. Do not use cellular or cordless phones for business conversations;
•Remember that it is more difficult to intercept a conversation that is being conducted from a moving vehicle, since the distance between it and the intercepting equipment (if it is not in the vehicle) increases and the signal weakens. In addition, your signal is transferred from one base station to another with a simultaneous change in the operating frequency, which does not allow you to intercept the entire conversation, since it takes time to find this new frequency;
•use communication systems that transmit data at high speeds with frequent automatic frequency changes during a conversation;
• use digital cellular phones whenever possible;
• turn off your cellular phone completely if you do not want your location to become known to anyone.
If you use a cordless radiotelephone:
• when purchasing, find out what protection it provides;
•use radiotelephones with automatic frequency change of the «spread spectrum» type or digital ones operating at frequencies of about 900 MHz;
• if possible, use radiotelephones with a built-in chip for signal encryption.
To prevent fraud:
• ask the manufacturer what anti-fraud measures are integrated into your device;
•keep documents with your phone's ESN number in a safe place;
• check your mobile phone bills carefully every month;
• if your mobile phone is stolen or lost, notify your mobile phone service provider immediately;
•keep your phone switched off until you decide to use it. This method is the easiest and cheapest, but remember that for an experienced specialist, one call from you is enough to identify the MIN/ESN number of your device;
• regularly change the MIN number of your device through the company that provides you with cellular services. This method is somewhat more complicated than the previous one and takes time;
• ask the company that provides you with cellular services to set an additional 4-digit PIN code for your phone, which is dialed before the call. This code makes it difficult for fraudsters to operate, as they usually intercept only MIN and ESN numbers, but unfortunately, a small modification of the interception equipment allows it to be detected;
• The most effective method of counteraction is encryption of the MIN/ESN number (along with the voice signal) by random law. But this method is expensive and not yet widely available.
Victor Iksar