Legal spying via the cell phone system
Two researchers say they have found a way to exploit weaknesses in the mobile telecom system to legally spy on people by figuring out the private cell phone number of anyone they want, tracking their whereabouts, and listening to their voice mail.
Independent security researcher Nick DePetrillo and Don Bailey, a security consultant with iSec Partners, planned to provide details in a talk entitled “We Found Carmen San Diego” at the Source Boston security conference on Wednesday.
“There are a lot of fragile eggs in the telecom industry and they can be broken,” Bailey said in an interview with CNET. “We assume the telecom industry protects our privacy. But we’ve been able to crack the eggs and piece them together.”
The first part of the operation involves getting a target’s cell phone number from a public database that links names to numbers for caller ID purposes. DePetrillo used open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup.
“We log that information and associate it with a phone number in a (caller ID) database,” DePetrillo said. “We created software that iterates through these numbers and can crawl the entire phone database in the U.S. within a couple of weeks… We have done whole cities and pulled thousands of records.”
“It’s not illegal, nor is it a breach of terms of service,” Bailey said.
Next up is matching the phone number with a geographic location. The SS7 (Signaling System) public switched network routes calls around the world and uses what’s called the Home Location Register to log the whereabouts of numbers so networks can hand calls off to one another, DePetrillo said. Individual phones are registered to mobile switching centers within specific geographic regions and they are logged in to that main register, he said.
Only telecom providers are supposed to have access to the location register, but small telcos in the EU are offering online access to it for a fee, mostly to companies using it for marketing data and cost projections, according to DePetrillo.
“Using previous research on the subject as a starting point, we’ve developed a way to map these mobile switching center numbers to caller ID information to determine what city and even what part of a city a phone number is in” at any given moment, he said. “I can watch a phone number travel to different mobile switching centers. If I know your phone number, I can track your whereabouts globally.”
For instance, the researchers were able to track a German journalist talking to a confidential informant in Serbia and follow his travels back to Germany, as well as obtain the informant’s phone number, Bailey said.
Bailey said he had contacted telecom providers with the information on how industry outsiders were able to get to information believed to be privileged to the providers, but said the hands of GSM providers in the U.S. are tied.
“The attack is based on the assumption of how the networks work worldwide,” he said. “For interoperability and peer sake, the larger providers in the U.S. have to hand out the information to other providers.”
Asked what cell phone users can do to protect themselves, Bailey said, “people are just going to have to be made aware of the threat.”
It’s also relatively easy to access other people’s voice mail, a service that’s been around for years from providers like SlyDial. They operate by making two nearly simultaneous calls to a target number, one of which disconnects before it is picked up and another that goes straight into voice mail because of the earlier call. This enables the caller to go directly to voice mail without the phone ringing. DePetrillo and Bailey re-created that functionality for purposes of their legal spying scenario.
“If I want to find Brad Pitt, I find his number using the caller ID database, use Home Location Register access to figure out what provider he has. T-Mobile is vulnerable to voice mail spoofing so I get into his voice mail and listen to his messages,” said DePetrillo. “But I can also have the system tell me the numbers of the callers and I can take those numbers and look them up in the caller ID database and use the Home Location Register system to find their providers and break into their voice mail, and so on.”
This can allow someone to make a social web of people, their cell numbers, the context of their voice mail, and their relationships to others, he said.
“These attack scenarios are applicable to corporations and individual users alike,” DePetrillo said. “Corporations specifically should start to take a look at their security policies for executives as this can impact a business very hard, with insider trading, tracking of executives, etc.”
May 13, 2010 - Posted by douglashaskins | bugging devices, cellular phone, countersurveillance, eavesdrop, encryption, English, illegal, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, text message, Uncategorized, wireless, wiretap | spying spy cell phone mobile carrier gsm listening call
No comments yet.
Sigillu offers the safest and most efficient solution to keep your sensitive cellular conversations and text messages secure from eavesdropping.
- August 2010 (7)
- July 2010 (20)
- June 2010 (15)
- May 2010 (7)
- April 2010 (17)
- March 2010 (15)
- February 2010 (15)
- January 2010 (8)
- December 2009 (35)
- November 2009 (29)
- October 2009 (34)
- September 2009 (2)
- August 2009 (7)
- May 2009 (10)
- April 2009 (7)
- March 2009 (6)
- February 2009 (17)
- January 2009 (24)
- December 2008 (4)
- November 2008 (9)
- October 2008 (10)
- September 2008 (8)
- August 2008 (10)
- July 2008 (10)
- June 2008 (7)
- May 2008 (11)
- April 2008 (8)
- March 2008 (9)
- February 2008 (3)
- January 2008 (20)
- November 2007 (7)
- October 2007 (24)
- September 2007 (7)
- August 2007 (11)
- July 2007 (17)
- June 2007 (5)
- May 2007 (35)
- April 2007 (22)
- March 2007 (34)
Twitter: follow me
Subscribe to Sigillu Feeds
BlackBerry bugging devices cellular phone dispositivos de escucha eavesdrop email encryption English escuchas telefonicas espionage espionaje ilegal illegal intercepcion mobile phone tap privacidad privacy security seguridad Spanish spy surveillance tap technology tecnologia Uncategorized USA wireless wiretap
Karel santral on A Combat Zone iPhone? Soldiers… Karel santral on The Obama administration argue… Mike on Gold Line Encryption Software… All Pro Legal on The Obama administration argue… Tim Gallagher on The Obama administration argue…
- Post Edited: Uribe denuncia que sus comunicaciones están siendo interceptadas sigillu.com/blog/uribe-den… 1 year ago
- New post: Uribe denuncia que sus comunicaciones están siendo interceptadas sigillu.com/blog/uribe-den… 1 year ago
- New post: Así se negocia para que nos vigilen sigillu.com/blog/asi-se-ne… 1 year ago
- New post: Fears for Macedonia's fragile democracy amid 'coup' and wiretap claims sigillu.com/blog/fears-for… 1 year ago
- New post: Nicole Kidman's phones were tapped while she was with Tom Cruise, documentary claims sigillu.com/blog/nicole-ki… 2 years ago
- New post: Panama arrests former security officials for illegal wiretaps sigillu.com/blog/panama-ar… 2 years ago
- New post: Prying Eyes: Inside the NSA's War on Internet Security sigillu.com/blog/prying-ey… 2 years ago
Blog at WordPress.com.