MOBILE SECURITY : A Complex Ballgame.... An Interesting read

By 2009 there will be an estimated 2 bn cell phones in use around the
world, and as these devices can be easily intercepted, compromised, and
exploited, security has become a huge issue

The usage of wireless communications, particularly cordless and cellular
phones, has grown dramatically in the past ten years, with the current market
standing at $11 bn. This ability to communicate without being connected to a
stationary phone line has greatly increased the efficiency of corporate,
government, and private sectors. It is estimated that by 2009 there will 2 bn
mobile users around the world. Unfortunately, this has also led to a huge
security problem-the radio signals transmitted and received by these devices can
easily be intercepted, compromised, and exploited.

There are at least three main network types used by cell phones around the
world; the difference in the networks is the frequencies they operate on and the
manner in which the signal is broken up to travel on the frequencies it uses. A
cell phone converts voice into digital and analog signals that are transmitted
by radio frequencies ranging between 800-1,900 MHz.

The transmitting and receiving of radio signals make these devices vulnerable
to electronic threats like eavesdropping and cellular spoofing, and one could
argue that a third threat is the physical loss, damage, or theft of the actual
device.

Electronic eavesdropping can be explained as “listening to or recording of a
cellular call without the permission or knowledge of the calling and/or
receiving party”.

Eavesdroppers do this by using radio frequency scanners and other receiving
equipment to find and listen to the frequencies used by the device. Cellular
phone frequencies are all in the same band range, making it very easy to
intercept these frequencies with electronic scanners.

While communications privacy is a concern, it pales beside the threat of
'cellular spoofing'. Cellular spoofing (also known as cloning) is the process
where a person provides false identification to the cellular communications
provider with the intent to defraud. Eavesdroppers scan the airwaves until they
identify a mobile phone channel, then monitor the transmissions on these
frequencies and wait for an account owner to request a call. For example, the
user sends a voice message like, “operator, this is mobile 1111, may I please
have 456-2345”. The operator would connect the caller and bill mobile account
1111 for the call.

Phreakers (or spoofers) now attempt to detect the MIN and ESN of cellular
phones. They do this by building electrical devices that scan cellular
frequencies and detect the identifier signal that the phone sends back to the
cellular tower. The hacking equipment then strips the MIN and ESN from the
identifier signal. The MIN and ESN are then recorded and programmed into another
cell phone, making it possible for the stolen account to be billed every time
the programmed phone is used.

Innovative Breaches
The idea of sending SMSes (text messages) to crash a mobile phone seemed a
remote possibility until late last year when a Dutch security researcher
revealed that it was possible.

A computer program 'SMS-client' was created to send malformed SMSes from an
Internet-connected PC to a target device. When accepted and modified, the SMS
causes the phone to freeze or shutdown. It was later revealed that a bug in the
phone's software causes the phone to freeze, although Nokia claims to have
created a management tool to fix the problem.

Counter Measures
A number of government agencies, as well as third parties, infiltrate mobile
networks and record phones calls. However, the GSM Association in October 2002
came up with a new security algorithm, known as A5/3, which provides GSM mobile
phone users with a higher level of protection against eavesdropping. The
security ensures that even if a prospective attacker manages to pull a GSM phone
call out of the radio waves, he will be completely unable to make sense of it,
even if he throws massive computing resources at the task.

The telecommunications industry is designing new high-tech counter measures,
such as digital encryption, to fight the problem. Encryption is a very effective
counter measure that reduces both eavesdropping and spoofing. Another, but not a
very preferable, measure is clipper chip, considering that it does not prevent
criminals from reprogramming the cordless and cellular devices, and also there
is a good chance that the code might get publicly broken, rendering the entire
system useless.