How secure are text messages and mobile calls?
Discussion
Sorry mate! Text messages are about as secure as emails.
A "chap in the pub" was recently disciplined by his employer for sending "inappropriate" text messages.
Apparantly, the company saw texts on his company mobile bill sent at silly times of the day (early hours etc) and decided to investigate.
They confronted him in a meeting with printouts of the texts that he had sent!!
Big brother is watching after all......
A "chap in the pub" was recently disciplined by his employer for sending "inappropriate" text messages.
Apparantly, the company saw texts on his company mobile bill sent at silly times of the day (early hours etc) and decided to investigate.
They confronted him in a meeting with printouts of the texts that he had sent!!
Big brother is watching after all......
ehasler said:
How is this possible? I read somewhere (not sure where, so it could be total rubbish!) that the mobile phone operators don't read or store messages that are sent, especially as there are so many of them.
I would imagine that they are saved for a period (a few weeks maybe?) in case of discrepancy complaints...
"Honestly, I didn't send a text message at 2.30am darling!"
"Lets see if the phone company will back you up!"
I think digital mobile calls are pretty secure, and when digital phones first came out it wasn't possible to listen in on them. I'm assuming that technology exists now to make this possible, but I guess it is pretty hard.
I do remember though when you could listen in on analogue mobile calls with a hand-held scanner. A mate of mine had one of these, and a few mates were over at his listening to it. Somehow we managed to happen on a call from a bloke to an escort agency, and when he gave his number to them, we noted it down and one of my mates called him up a few minutes afterwards.
He claimed to be an inspector from the vice squad
, and gave the bloke a bit of a talking to. We were all 
, and I would have loved to have seen this guy's face, as he sounded pretty 
I do remember though when you could listen in on analogue mobile calls with a hand-held scanner. A mate of mine had one of these, and a few mates were over at his listening to it. Somehow we managed to happen on a call from a bloke to an escort agency, and when he gave his number to them, we noted it down and one of my mates called him up a few minutes afterwards.
He claimed to be an inspector from the vice squad
, and gave the bloke a bit of a talking to. We were all , and I would have loved to have seen this guy's face, as he sounded pretty Digital mobiles and text messages are secure enough that you don't have to worry about the man in the street being able to monitor the content.
However if you piss off the UK or US government to the point where they are actively trying to kill you, then you may find out how insecure they are when you have resources like the NSA and certain sections of GCHQ using SIGINT birds to monitor what you're up to. That's why BinLiner has taken to using more "backward" technologies (like hand carried messages).
Edited to change ELINT to SIGINT which is what I meant to say!
>> Edited by sheepy on Wednesday 17th September 15:26
However if you piss off the UK or US government to the point where they are actively trying to kill you, then you may find out how insecure they are when you have resources like the NSA and certain sections of GCHQ using SIGINT birds to monitor what you're up to. That's why BinLiner has taken to using more "backward" technologies (like hand carried messages).
Edited to change ELINT to SIGINT which is what I meant to say!
>> Edited by sheepy on Wednesday 17th September 15:26
Over the air, GSM is fairly secure. Encryption and frequency hopping means it's *very* hard to intercept the call over RF.
However, the link from the BTS (radio station) to BSC, and BSC to MSC are unecrypted.
So, pretty easy. Anyone working on the network with a protocol analyser can read SMSs off the line. Anyone working on the MSC can intercept voice/data/SMS calls with impunity.
They don't, because they're far too busy.
UMTS is significantly more secure. 2 way authentication helps (the network has to prove it is who it says it is - GSM doesn't) and CDMA mean it's pretty much impossible to evesdrop from an RF point of view.
Once in the network it can be done, but it's much trickier.
Which is great when you're a protocol engineer and all the messages flying around the system are *encrypted*....
However, the link from the BTS (radio station) to BSC, and BSC to MSC are unecrypted.
So, pretty easy. Anyone working on the network with a protocol analyser can read SMSs off the line. Anyone working on the MSC can intercept voice/data/SMS calls with impunity.
They don't, because they're far too busy.
UMTS is significantly more secure. 2 way authentication helps (the network has to prove it is who it says it is - GSM doesn't) and CDMA mean it's pretty much impossible to evesdrop from an RF point of view.
Once in the network it can be done, but it's much trickier.
Which is great when you're a protocol engineer and all the messages flying around the system are *encrypted*....
meeja said:
How is this possible? I read somewhere (not sure where, so it could be total rubbish!) that the mobile phone operators don't read or store messages that are sent, especially as there are so many of them.
I would imagine that they are saved for a period (a few weeks maybe?) in case of discrepancy complaints...
"Honestly, I didn't send a text message at 2.30am darling!"
"Lets see if the phone company will back you up!"
They have to be stored for at least a short period, as they may not be deliverable immediately. The network re-sends them at various intervals for a set period of time before eventually giving up. Why not store them all until their notional expiry date? Saves on the logic required to delete them as soon as they've been delivered and can shift the burden to a batch job that can run during a quiet period...
Sod's law that I can't find a link right now, but a few months back, two Orange employees were sacked for doing just this.
From (hazy) memory, one of the employees mates' thought his girlfriend was playing away and got his mate to monitor text messages sent to / from her phone and caught her out. The employee and one of his colleagues were found out and sacked.
It's illegal (under the WTA from memory), but as always that doesn't mean it doesn't go on. If it's as easy as I'm led to believe, you can imagine goons at the Telcos just randomly reading a few every now and then for a laugh.
As for someone actively monitoring a persons calls and text messages... I think the person in question has been watching too many episodes of Spooks. Either that, or they've been talking too loudly about that bomb they're building in the wrong company.
From (hazy) memory, one of the employees mates' thought his girlfriend was playing away and got his mate to monitor text messages sent to / from her phone and caught her out. The employee and one of his colleagues were found out and sacked.
It's illegal (under the WTA from memory), but as always that doesn't mean it doesn't go on. If it's as easy as I'm led to believe, you can imagine goons at the Telcos just randomly reading a few every now and then for a laugh.
As for someone actively monitoring a persons calls and text messages... I think the person in question has been watching too many episodes of Spooks. Either that, or they've been talking too loudly about that bomb they're building in the wrong company.
Gsm has been cracked by Professor Eli Biham and doctoral student Elad Barkan, and Nathan Keller in the paper ‘Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication’.
So if your mate has an excellent understanding of comm’s and cryptographic systems then yes it is possible to eavesdrop your calls!
If you're interested in gsm security have a look here: http://gsmsecurity.com/faq.shtml
And the theregister has a good piece about Professor Eli Biham here:
www.theregister.co.uk/content/55/32653.html
So if your mate has an excellent understanding of comm’s and cryptographic systems then yes it is possible to eavesdrop your calls!
If you're interested in gsm security have a look here: http://gsmsecurity.com/faq.shtml
And the theregister has a good piece about Professor Eli Biham here:
www.theregister.co.uk/content/55/32653.html
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff