It’s been an interesting week in the world of mobile security, with news emerging that UK tabloid Sunday newspaper News of The World is allegedly involved in a rather serious phone ‘hacking’ incident. Whilst the papers have been busy claiming this is ‘wiretapping’, and actual mobile calls have been intercepted, it seems more the case that someone rather mischievous has been breaking into voicemail boxes and retrieving subscribers messages.
So is calling over GSM really secure? Yes and no. Yes as in your call is encrypted between the handset and the network, so its not just a case of someone with a scanner ‘tuning in’ like the old days with analogue cordless phones – but no as there’s so many other places it can be tapped. Plus the encryption standard used by GSM was cracked in theory about 10 years ago, so anyone with a suitably large amount of technology could in theory break the code. Last year two researchers – Steve Muller and David Hulton – claimed they’d come up with a method of doing it quite quickly without the need for silly amounts of computing power you’d normally only associate with a government.
Then there’s the theoretical possibility of a physical ‘wiretap’ within the mobile network or public telephone system. Let’s take a call between a 3 mobile user in the UK and someone in Germany on T-Mobile. It’s quite possible that call will go from 3 to BT, across BT’s international network to Deutsche Telekom in Germany, off Deutsche Telekom’s transit network to the actual T-Mobile network, and then onwards to the other end. Across that path it’s more than likely that call has passed through not only four different networks but quite a few exchanges – as an unencrypted digital stream. Pick an exchange that call happens to pass through, find a disgruntled and persuadable (with a nice brown envelope of cash) switch engineer and voila – one wiretap.
Of course this is all theoretical, and I’m not suggesting it happens all the time. However with increasing concerns about the security of phone calls, many companies are beginning to use encryption technology you’d only see spooks and the military using five years ago.
One company to offer such technology is British-based CellCrypt. Their software-based offering can be installed on Nokia, BlackBerry and Windows Mobile smartphone. With just a few clicks you can make a secured call over the 3G/2G or Wi-Fi data network to another CellCrypt-enabled device (or office PBX if you’ve got the relevent hardware installed) and not only completely bypass the voice network but also secure your conversation with something called Encrypted Mobile Content Protocol (EMCP). Here’s a little diagram of how it works:
So how secure is secure? Not wishing to get too techy about it, but CellCrypt uses RSA 2048 bit and AES 256 bit encryption, DH and RSA algorithms for key exchange, SHA512 and MD5 for hashing and DSA and RSA to authenticate data.
Does it work? Is it simple to use? Yes, in a word. I had the opportunity to have a play with the CellCrypt technology a few weeks ago, and it seems quite straight forward. Select a contact from your CellCrypt phone book, hit the button, and within 10 seconds its placed the call, secured it, and you’re ready to rock and roll. As the call does go over your operators 2G or 3G service it can be a little delayed, but to be honest its not really noticeable – and not that much worse than a normal mobile to mobile call.
Even if you don’t think CellCrypt – or similar technology – is for you, here’s CellCrypt’s CEO Simon Bransfield-Garth with some top tips for mobile safety. Obviously he’ll want you to place an order for his service, but quite a lot of this is common sense and simple to do.
- Never assume that voice calls are secure – like fax or email, never discuss confidential or sensitive issues on the phone, or use phones with voice encryption
- Never leave confidential voice messages or send confidential texts
- Make sure you use your mobile phone PIN and protect it in the same way as your Bank Card PIN – voicemails can be accessed from any phone with the PIN
- Be vigilant to prevent malicious use of your phone – be wary of texts, system messages or events on your phone that you did not ask initiate or expect; turn off Bluetooth if you are not using it and don’t leave your phone lying around
- Think about the value of the conversation and then choose the right communication means for the call – if you are discussing something very valuable, such as a business deal, don’t leave information lying around or use communications means that can be intercepted
You can find out more about CellCrypt at http://www.cellcrypt.com – and watch out for an interview in the coming weeks.
Are mobile calls as secure as you think?: http://ping.fm/kSXF6
Great article and the safety tips are excellent! I had always assumed that mobile calls were easily intercepted so I’m s… http://disq.us/zjc
Re: Are mobile calls as secure as you think? http://ff.im/-57CAN
New article by me on Mobile Industry Review: “Are mobile calls as secure as you think?” – http://bit.ly/UpW31
Are mobile calls as secure as you think? | Mobile Industry Review http://tinyurl.com/mzfv5m
Are mobile calls as secure as you think? | Mobile Industry Review http://cli.gs/PGJG7
Are mobile calls as secure as you think?: http://ping.fm/kSXF6
Great article and the safety tips are excellent! I had always assumed that mobile calls were easily intercepted so I'm surprised to see people in shock about this “wiretapping”.
Great article and the safety tips are excellent! I had always assumed that mobile calls were easily intercepted so I’m s… http://disq.us/zjc
Re: Are mobile calls as secure as you think? http://ff.im/-57CAN
Mobile Industry Review: Are mobile calls as secure as you think? http://ow.ly/h5lt #phonetapping
RT @cellcrypt Mobile Industry Review: Are mobile calls as secure as you think? http://ow.ly/h5lt #phonetapping
Ewan
I thought that the News of the Screws had managed to get Private Investigators to break into voicemail rather than tap calls. I had understood that the hack involved stupid people not putting a PIN on their Mailbox.
Is there anything else we know about the means of entry and advice for us who try not to be stupid?
Steve
Hello Steve, Alex here. I'm sure Ewan will add his feedback, but as I wrote the article I figured I should reply 🙂
As I said in the article there appears to be a lot of sensationalism in the press. Whilst it is theoretically possible to 'eavesdrop' on the radio leg of a mobile call, it's not the easiest thing in the world. As you say it's much easier to get into voicemail boxes of people who have been stupid enough not to set a PIN – which seems to be more likely the case in the NoTW saga.
I don't think much more has been released over the exact nature of the 'taps' – and we might never know the whole truth. If – and this is a big if (and of course theoretical in nature) there was involvement of employees on the mobile operator side of things, or it was a real world example of GSM encryption being broken, I'm sure the operators and the GSM Association would, quite understandably, be busy with lawyers and PR people trying to stop such information getting into the public domain.
New article by me on Mobile Industry Review: “Are mobile calls as secure as you think?” – http://bit.ly/UpW31
Are mobile calls as secure as you think? | Mobile Industry Review http://tinyurl.com/mzfv5m
Are mobile calls as secure as you think? | Mobile Industry Review http://cli.gs/PGJG7
Mobile Industry Review: Are mobile calls as secure as you think? http://ow.ly/h5lt #phonetapping
RT @cellcrypt Mobile Industry Review: Are mobile calls as secure as you think? http://ow.ly/h5lt #phonetapping
Hi Alex, Ewan et al,
our press release of earlier today does look like we're jumping on the bandwagon. It just took a while to get all parties to write their bits.
Give Peter Cox a cal for the nitty gritty – or let's have a chat about the need to use VoIP as the way to really move forward,
cheers
Andrew Bowen
079 2000 1122
– – –
UM Labs and Phil Zimmerman in exclusive agreement to deliver ZRTP security and encryption for voice calls on fixed and mobile networks.
London, UK – July 13th 2009 – UM Labs Ltd, Phil Zimmermann and UM Labs have signed an exclusive agreement that confirms UM Labs as the sole supplier of gateway implementations of ZRTP.
UM Labs can now strengthen their VoIP security gateways and extended encrypted voice capability into the mobile/cell-phone. Incorporating ZRTP encryption enables secure calls between corporate VoIP networks, cell-phones and VoIP end-points on fixed line networks. ZRTP has been designed by Phil Zimmermann (creator of PGP email) to provide encryption for audio and video calls on VoIP networks.
ZRTP differs from other encryption protocols by using the media channel to set up the encryption keys needed to secure a call – this means true end-to-end security separated from the intermediate signalling parties. Other protocols use the signalling stream which has the disadvantage that the keys will be visible to intermediate devices that must process the signalling stream for call routing. ZRTP’s use of the media path for key agreement provides end-to-end security and ensures that media keys are not visible to any intermediate signalling device. This makes ZRTP an ideal choice for use on networks where VoIP signalling is processed by the network operator and where it is important to ensure call confidentiality.
ZRTP’s design has made it a popular choice for use on cellular networks; ZRTP capable VoIP clients are available for a wide range of cell phones.
UM Labs offer a gateway implementation of ZRTP on their entire SIP Security Controller product range. A UM Labs SIP Security Controller installed at the network perimeter enables any ZRTP capable phone, connected to a fixed or mobile network, to make a secure call directly into the corporate VoIP network. The end-to-end encryption provided by ZRTP ensures that calls are protected between the user’s phone and the corporate network. The high grade of encryption used means that secure calls can be made in confidence, regardless of the caller’s location.
Peter Cox, CEO of UM Labs commented: “VoIP technology is now in widespread use to provide links to corporate phone systems from remote workers, roaming users and business partners. By providing ZRTP across our entire product range, we are able to ensure that all remote VoIP connections are protected with high grade security. ZRTP means that we can provide encrypted VoIP connections to devices on mobile networks, as well to those on fixed line networks and on WiFi connections.
Phil Zimmermann commented: “The partnership with UM Labs extends the reach of ZRTP and enables ZRTP users to communicate securely with users linked to any commercial VoIP system. This effectively brings the major PBX vendors, including Avaya, Cisco, Nortel and many others into the ZRTP community.â€
– – –
About UM Labs Ltd
UM Labs delivers a range of application level security gateways for VoIP and Unified Messaging. These gateways are designed to provide security controls targeted at the range of threats that affect VoIP and UM applications, exceeding the capabilities of standard Firewalls. UM Labs product range also provides a realistic and cost effective alternative to Session Border Controllers (SBC).
UM Labs founders include Peter Cox, formerly co-founder of Internet Security Specialist Borderware Technologies. While at Borderware, Peter contributed to the design of the Borderware Firewall Server, one of the first commercial Firewall products and to the company’s MXtreme product, an application level security gateway for email. Peter was also responsible for the project, which gained a total of 3 Common Criteria EAL4+ certifications for Borderware’s products.
For the past two years, Peter has focused on researching VoIP security issues and has written a number of white papers including a survey of the threats facing VoIP applications and a discussion on the ability of standard firewalls to address each of these threats.
For more information, please visit our website, http://www.um-labs.com/
About Phil Zimmermann
Philip R. Zimmermann is the creator of Pretty Good Privacy, an email encryption software package. Originally designed as a human rights tool, PGP was published for free on the Internet in 1991. This made Zimmermann the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread worldwide. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software in the world. After the government dropped its case in early 1996, Zimmermann founded PGP Inc. That company was acquired by Network Associates Inc (NAI) in December 1997, where he stayed on for three years as Senior Fellow. In August 2002 PGP was acquired from NAI by a new company called PGP Corporation where Zimmermann now serves as special advisor and consultant. Zimmermann currently is consulting for a number of companies and industry organizations on matters cryptographic, and is also a Fellow at the Stanford Law School's Center for Internet and Society. He was a principal designer of the cryptographic key agreement protocol for the Wireless USB standard. His latest project is Zfone, which provides secure telephony for the Internet.
For more information, please visit Phil’s web site, http://philzimmermann.com/
– – –
Nothing has changed in the last year. I stand by what I said then (crikey – I must have had a lot of spare time a year ago)
http://mobileindustry.wpengine.com/2008/05/cel…
Be careful about the security of non standard, non opensource, non publicly reviewed cryptographic systems.
When a provider of phone call encryption software sell mainly to government like cellcrypt does, usually has to obey to their government customers.
What if a large government customers of cellcrypt ask them to place (or enable) a backdoor in their closed-source, proprietary encryption stuff because a small, private customer need to be intercepted by that government?
In a situation where the small private customer represent the 0.05% of gross sale of the company while the large government represent the 10% of the gross sale of the company, what the company will do?
Obey to the very large government customer causing a damage to the very small private customer or not?
The answer it's up intelligent person to identify the right answer.
I think that conflict of interest in encryption products must be avoided and the transparency must be enforced by the use of opensource and open standards.
See ZRTP http://en.wikipedia.org/wiki/ZRTP .
Be careful about the security of non standard, non opensource, non publicly reviewed cryptographic systems.
When a provider of phone call encryption software sell mainly to government like cellcrypt does, usually has to obey to their government customers.
What if a large government customers of cellcrypt ask them to place (or enable) a backdoor in their closed-source, proprietary encryption stuff because a small, private customer need to be intercepted by that government?
In a situation where the small private customer represent the 0.05% of gross sale of the company while the large government represent the 10% of the gross sale of the company, what the company will do?
Obey to the very large government customer causing a damage to the very small private customer or not?
The answer it's up intelligent person to identify the right answer.
I think that conflict of interest in encryption products must be avoided and the transparency must be enforced by the use of opensource and open standards.
See ZRTP http://en.wikipedia.org/wiki/ZRTP .
Txtimpact is a US based company engaged in providing sms gateway and mobile marketing solutions for the clients, with our campaigns and solutions you can reach your customer just with a single dial on their mobile……….
http://www.txtimpact.com
(sms gateway and mobile marketing solutions provider)