Sigillu

Secure Communications

GSM Phone Hack FAQ: What You Should Know

By Tony Bradley, PC World

A researcher at the Def Con security conference in Las Vegas demonstrated that he couldimpersonate a GSM cell tower and intercept mobile phone calls using only $1500 worth of equipment. The cost-effective solution brings mobile phone snooping to the masses, and raises some concerns for mobile phone security.

How does the GSM snooping work?

Chris Paget was able to patch together an IMSI (International Mobile Identity Subscriber) catcher device for about $1500. The IMSI catcher can be configured to impersonate a tower from a specific carrier. To GSM-based cell phones in the immediate area–the spoofed cell tower appears to be the strongest signal, so the devices connect to it, enabling the fake tower to intercept outbound calls from the cell phone.

What happens to the calls?

Calls are intercepted, but can be routed to the intended recipient so the attacker can listen in on, and/or record the conversation. To the real carrier, the cell phone appears to no longer be connected to the network, so inbound calls go directly to voicemail. Paget did clarify, though, that it’s possible for an attacker to impersonate the intercepted device to the wireless network, enabling inbound calls to be intercepted as well.

But, aren’t my calls encrypted?

Generally speaking, yes. However, the hacked IMSI catcher can simply turn the encryption off. According to Paget, the GSM standard specifies that users should be warned when encryption is disabled, but that is not the case for most cell phones. Paget explained “Even though the GSM spec requires it, this is a deliberate choice on the cell phone makers.”

What wireless provider networks are affected?

Good news for Sprint and Verizon customers–those networks use CDMA technology rather than GSM, so cell phones on the Sprint or Verizon networks would not connect to a spoofed GSM tower. However, AT&T and T-Mobile–as well as most major carriers outside of the United States–rely on GSM.

Does 3G protect me from this hack?

This IMSI catcher hack will not work on 3G, but Paget explained that the 3G network could be knocked offline with a noise generator and an amplifier–equipment that Paget acquired for less than $1000. With the 3G network out of the way, most cell phones will revert to 2G to find a viable signal to connect to.

Should I be worried that my mobile phone calls are being tapped?

Yes and no. The hack demonstration at Def Con proves it can be done, but it doesn’t mean that it’s in widespread use. $1500 is a relatively low investment, but it’s still enough to be out of range of most casual hackers that just want to experiment.

Now that the information is out there, though, hackers with the financial resources to put the IMSI catcher together could start intercepting calls. But, as noted earlier–if you are a Sprint or Verizon customer you don’t need to worry.

If you are on a GSM network like AT&T and T-Mobile, though, it is possible that an attacker could intercept and record your calls. The range of the IMSI catcher is relatively small, so the odds of your phone connecting to a random IMSI catcher are almost negligible, and it would only be an issue as long as you stayed in close proximity to the IMSI catcher.

However, if a user is specifically targeted, the rogue GSM tower could be an effective means of intercepting calls. The IMSI catcher could be used by corporate spies to target specific high profile individuals in a company to gain corporate secrets or other sensitive information.

August 2, 2010 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Radio Interview about Gold Lock Hacker Challenge

Gold Lock is proud to announce that Douglas Haskins, Channel Manager-North America, is scheduled to be interviewed by Federal News Radio AM1500 in Washington, DC, Monday 12/14/09 at 8:30am (eastern time).  Federal News Radio contacted Gold Lock to schedule the radio interview to discuss the Gold Lock Hacker Challenge: a $250,00o prize to anyone who can hack a 10 minute encrypted conversation.

Would be hackers are free to use any tools or technology at their disposal. This contest is open to anyone, anywhere, unless your participation is specifically prohibited by law.

Hackers have until 12:00 AM (GMT/UTC + 02:00 hours) on February 1st 2010 to provide us with the transcript. Read the contest rules for complete details and restrictions. Be sure to complete the entry form on that page before you start trying to grab the gold.

December 10, 2009 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, email, encryption, English, espionage, illegal, USA | , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Socialite Charged with Hacking Voice Mail

(CBS) Most of us carry a cell phone to stay in touch. But, as CBS News Science and Technology correspondent Daniel Siebergreports, you might be surprised to learn just how easy it is to violate your privacy or even trick you.

A high-profile publicist is accused of hacking into the voice mail of some other women, including one who dated her ex-boyfriend.

Former Dolce & Gabbana publicist Ali Wise is accused of hacking into the voice mail of a romantic rival after the woman started dating Wise’s ex-boyfriend.

Wise used free software called “SpoofCard” to gain access to the voice mails. The program also lets you disguise your voice and make it appear as though you’re calling from a different number.

Wise’s lawyer, Ed Kratt, told CBS: “SpoofCard is readily available on the Internet to anybody who wants to use it. One of the issues is whether Ali realized what she was doing was unlawful and the answer to that is clearly she did not.”

Celebrities have also been tempted by SpoofCard; one case involved Lindsay Lohan.

“A few years back, Paris Hilton was using our technology to access a whole bunch of Hollywood celebrity’s voicemail, including Lindsay Lohan, and we had to terminate her account for misusing it,” said Meir Cohen, who makes SpoofCards.

Cohen said users must sign an agreement not to use the service illegally.

“Is this encouraging people to break the law?” Sieberg asked.

“I would not say so,” Cohen responded. “I think anything can be used maliciously, but it’s all in the hands of the user.”

Wise faces up to four years in prison for felony computer trespassing and eavesdropping.

Sieberg explained that this technology allows you to trick people into thinking you are calling from another number.

To protect your voice mail from being hacked, Sieberg suggested setting up a password on your voice mail – even if you are calling from your own phone.

http://www.cbsnews.com/stories/2009/10/21/earlyshow/main5405296.shtml

November 3, 2009 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Adrian Lamo knows your number

How safe is the Internet today? Do you think your own personal data is safeguarded? If you have a website, do you think it can’t be hacked? Well, if you’re Adrian Lamo, you know the answer is simple: absolutely nothing is safe.

Lamo knows this from deep personal experience. He gained his own measure of fame back in 2001 and 2002 as a computer hacker. He allegedly accessed the databases of the largest companies in the world (Bank of America, Yahoo!, McDonalds, Citigroup) and quickly racked up an impressive track record as someone who would break into a corporate system and then let the “hackee” know about it. All of this came to a screeching halt in September, 2003 when he surrendered to the FBI and was sentenced to 2 years probation for computer crimes involving Microsoft and The New York Times.

Located now in the Bay Area, Lamo is a working journalist who is frequently called upon to give speeches at security conventions and various “cybecrime” gatherings. He likes to open each appearance by giving out to everyone in attendance his own Social Security number. The message here is clear: if we think that one of the “sacred cows” of our personal data is protected on the Web, then we are all just fooling ourselves.

Credit card security? There are underground websites where stolen credit card numbers can be bought and used. Two years ago, the going price for a number was $5 per card. Today, an enterprising hacker can pick up a number for a mere 50 cents. It’s the classic case of supply and demand, and in the rapidly expanding world of Internet crime, there’s a whole lot of supply.

Lamo may soon become an ever bigger celebrity if a movie – Hackers Wanted – is ever released. The film was backed by some big names in Hollywood – Kevin Spacey’s company produced it and Spacey himself is the narrator. There’s a trailer for viewing online courtesy of the Eye Crave Network (scroll down to find the clip) but that’s all you can see. The documentary is tied up in internal squabbles that are common in the movie industry and there is no timeframe for when it will be released for viewing by a mass audience.

The film company missed a huge opportunity. Chances are good that if they released the picture over Halloween, it would be one of the most frightening films available in theaters today.

http://www.examiner.com/x-27653-SF-Technology-Examiner~y2009m11d2-Adrian-Lamo-knows-your-number

November 3, 2009 Posted by | Uncategorized | , , , , , , , , , , , , , , | Leave a comment

Gold Lock protects your communications

Gold Lock keeps your communications safe
Gold Lock Enterprise is the preferred solution for thousands of users around the world
Licensed by the  Israeli Ministry of Defense, Gold Lock Enterprise is a world-class software-based solution providing military-grade encryption for voice and data communication.

Gold Lock’s triple layered security scheme turns your PC/Laptop, Nokia Phone or Windows Mobile devite into a military grade encrypted communicator, protected against any interception attempt by private, governmental or military entities.

Gold Lock Enterprise encrypts your calls, file transfer and text all over the world, including international calls.

No VOiP provider is needed, the systems works on all types of internet connections (for example: 3G, EDGE, GPRS, WIFI…)

Gold Lock Enterprise is easy to use, all key management is auto managed without any need for complicated user defined keys.

Gold Lock Enterprise now supporting iPhone

We have great news!

Gold Lock is proud to announce that our flagship voice and data encryption software is now compatible with iPhone.iPhone3gs

We are the first, once again, to bring you the best solution on the market.  Now you can protect your communications on your Nokia Phone, Windows Mobile, iPhone or Blackberry, keeping conversations secure.

The iPhone encryption system is completely compatible with all other Gold Lock Enterprise devices – Nokia, Windows Mobile, and PC (Windows XP/Vista.


Gold Lock Enterprise available for Blackberry

One of our main goals lately has been to release a Blackberry compatible version.Blackberry

Gold Lock Enterprise is now compatible with Blackberry, making it the most suitable and s ecure encryption tool, working on multiple platforms.

Gold Lock Enterprise is now able to encrypt your calls, file transfer and text internationally with your favorite device.

Sigillu is the authorized representative of Gold Lock in America.

We are looking to partner with companies possessing a deep understanding of customer needs and the ability to faithfully represent the values of uncompromised security and trust for governments, corporations and individuals using Gold Lock encryption systems.


If you are interested, contact Doug Haskins at doug@gold-lock.com
Gold Lock Enterprise,
through Sigillu
www.sigillu.com
 email: doug@gold-lock.com
Tel: 954.892.5868

October 26, 2009 Posted by | BlackBerry, encryption, English, Iphone, privacy, security, technology | , , , , , , , , , , , , | Leave a comment