How safe are your mobile calls and messages?

Gaining access to the core Network is becoming easier due to the higher density and diversity of eNBs.

Fake Cell Towers

IMSI Catchers

An IMSI-catcher is a telephone eavesdropping device used for intercepting mobile phone traffic and tracking movement of mobile phone usersThey are "fake" cell towers acting between the target mobile phone and the service provider's real cell towers. IMSI Catchers grab International Mobile Subscriber Numbers (IMSI) and the Electronic Serial Numbers (ESM) from targeted mobile phonesThey can force a mobile phone connected to it to use no encryption making calls easy to intercept and can intercept both calls and messages.

A threat to Business and Personal Security

While, to date, IMSI catchers – in particular, the Harris Corp. Stingray – have been used mainly for law enforcement purposes, hostile use of IMSI catchers is increasingly likely. Low-cost IMSI catchers are now available for as little as $1400. In September 2015, the International Business Times reported that the Chinese Government spied on airplane passengers using IMSI catchers. This highlights the threat to international business travelers and organizations.

 

In 3G networks, the traffic is encrypted from the mobile device, through the Cell Tower to the Radio Network Controller, so both the Radio Access Network and the backhaul portions of the network are ‘notionally’ protected. However if a hacker gains access to the Core Mobile Network, the encryption used for GSM and 3G is ineffective.

 

  • In 2009, hackers computed and published a codebook free on the internet to decrypt calls made over GSM networks

  • In 2010, A Practical-Time Attack on the A5/3 Cryptosystem exposed the weakness of the encryption used in 3G GSM Telephony: http://eprint.iacr.org/2010/013.pdf

 

In 4G networks, the threat is greater as mandated encryption from the Mobile Phone stops at the Cell Tower (eNB), leaving the IP traffic in the backhaul to the operator unprotected.

Network Attacks

 

How Safe Are Your Mobile Calls and Messages?

Mobile phone calls and messages are vulnerable to attack. Many organizations and individuals falsely trust the safety and security of making calls and sending/receiving texts from their mobile devices. However, there are many critical vulnerabilities inherent with cell phones and cellular networks that put our privacy and our organizations’ confidentiality at risk. Understanding and preventing these risks are critical to protecting your business, your employees, your clients, and your customers.

Signalling Attacks

Signalling System No.7 (SS7)

In 3G networks, the traffic is encrypted from the mobile device, through the Cell Tower to the Radio Network Controller, so both the Radio Access Network and the backhaul portions of the network are ‘notionally’ protected. However, if a hacker gains access to the Core Mobile Network, the encryption used for GSM and 3G is ineffective.

 

  • In 2009, hackers computed and published a codebook free on the internet to decrypt calls made over GSM networks

  • In 2010, A Practical-Time Attack on the A5/3 Cryptosystem exposed the weakness of the encryption used in 3G GSM Telephony: http://eprint.iacr.org/2010/013.pdf

 

In 4G networks, the threat is greater as mandated encryption from the Mobile Phone stops at the Cell Tower (eNB), leaving the IP traffic in the backhaul to the operator unprotected.

SS7 is Easily Hacked

The vulnerabilities in SS7 allow an an intruder with basic skills to perform numerous attacks including:

  • IMSI Disclosure

  • Intercepting and Redirecting Phone Calls

  • Intercepting SMS Messages

  • Tracking of a Mobile User

  • Block a Mobile User From receiving incoming calls and messages

SS7 exploits are easily within reach of hostile parties and access to SS7 can be bought from network operators for a few hundred dollars per month.

EXAMPLE 1 – Intercepting SMS Messages

EXAMPLE 2 – Intercepting Calls

 

Mobile Threats are not limited to state-actors or high-cost hackers

With nothing more than a browser, an internet connection and maybe a pre-pay debit card, anyone can spoof SMS messages and Caller IDs. The fact that the receiving mobile number recognizes the and displays their name when the call or text arrives is enough for most individuals to trust the authenticity of the message or call. Combined with basic social engineering, recipients could give up critical information such as passwords etc. More concerning is where a number of organisation use SMS as an emergency alerting procedure, to evacuate buildings or request the location of an employee.

 

The Risks to Organizations and their Employees

With the relative ease for standard mobile communications to be intercepted potential threats include:

Economic Espionage

When employees use their mobile phones for confidential business discussions, particularly when travelling on business, the risk of those texts, images or calls being intercepted is real. If that confidential information is intercepted by competitors or interested third parties, the damage can far-reaching. 

 

Reports on the economic impact of industrial espionage vary, but in the  US alone, BlackOps Partners Corporation, which works with Fortune 500 companies on counter-intelligence and protection puts the number at $500 billion in raw innovation stolen every year. As far back as 2012, General Keith Alexander, NSA director and commander of U.S. Cyber Command described economic espionage as “the greatest transfer of wealth in history.”

Crime and Fraud

The criminal targeting of personal cell phones is an increasingly rich area, with scams growing in complexity and reach. Early in 2016, millions of customers of Australia’s biggest banks were targeted in a sophisticated Android attack, using fake log in screens for the banking apps, WhatsApp, Skype, PayPal, eBay and Google services. The malware was used to both intercept log-in details and to steal SMS two-factor authentication codes, meaning the bank’s security measures were bypassed.

Employee and Personal Safety

For businesses with employees travelling and working abroad, the risk of interception may be higher as nation states, competitors, terrorists and kidnappers target business travellers. Cell phones can exponentially increase this risk as eavesdropping and message interception can provide crucial information, while the growing use of IMSI catchers can provide accurate real-time location information.

Cellcrypt – Communication Security Group

USA

UK

Spaces Chase Tower

4445 Willard Ave, 6th floor

Chevy Chase, MD 20815

USA

1st Floor,

34 South Molton Street

London, W1K 5RG,

UK

BR

452 Rua Pastor William Schisler Itacorubi,

Florianópolis, SC,

Brazil​