Cell phones have had a slight advantage over other types of wireless communications in the security realm. This is due to their overwhelming numbers. Most people today have a cell phone; and with so many people using cell phones, many security risks and subsequent controls have been developed to counter each other. Understanding this information will show how cellular phone providers have mitigated similar risks that face wireless local area networks.
Cell phones send radio frequency (RF) transmissions on two distinct channels: (1) one for actual voice communication and (2) the other for control signals. This control signal identifies itself to a cell site by broadcasting its mobile identification number (MIN) and electronic serial number (ESN). When the cell tower receives the MIN and ESN, it determines if the requester is a legitimate user by comparing the two numbers to a cellular provider’s subscription database. Once the cellular provider has acknowledged that the MIN and ESN belong to one of its customers, it sends a control signal to permit the subscriber to place calls.
Like all RF devices, cell phones are vulnerable to eavesdropping and spoofing. In the cellular phone industry, these are called “call monitoring” and “cell phone cloning.” Another risk associated with cell phones is the ability to reprogram phones, transforming them into advanced microphones capable of recording and transmitting sound from their location to anywhere in the world.
Monitoring calls is an easy task, especially for phones that use analog technology. This is because most analog cell phone technologies were transmitted in the same band as FM radio. A commonly available radio frequency scanner could get one up and listening to calls in minutes. With the proliferation of digital cellular networks, more and more security was erected. This was great because inside a service provider’s network, your calls were, for the most part, safe. There were easier analog targets for criminals to exploit. One’s digital phone was not so safe if one roamed or went outside of a provider’s area of coverage. When two cellular providers wanted to hand off calls to each other for billing purposes, they converted them to analog so they had a common protocol for interoperability. This also meant that security was no longer present. So, even with a digital phone, once the MIN and ESN are removed or identified from the phone call, it could still be tracked, cloned, or monitored inside the digital network.
Another trick involves turning a cellular telephone into a microphone and transmitter. This can be used to record a conversation or bug a room. This can be done without your knowledge by police, governments, and even some highly educated people. How does it work? It is easy to do, just send a maintenance command on the control channel to the phone. This command places the cellular telephone in a diagnostic mode. When this is done, conversations in the immediate area of the telephone can be monitored over the voice channel. The signal engages the phone to perform this monitoring action without any indication of it taking place. The user does not know the telephone is in the diagnostic mode and transmitting all nearby sounds until he or she tries to place a call. The calling feature does not work and the phone is useless until the power is cycled. After that, the phone returns to a normal state as if nothing ever happened.
This is very scary because the user has no idea he is bugged by his own phone through the airwaves. This threat is the reason why cellular telephones are often prohibited where classified or sensitive discussions are taking place. Someone could be bugging your phone as you read. Do not worry; as long as one can place a call without cycling the power, you’re ok.
One publicized case of cell phone monitoring involved former Speaker of the House of Representatives, Newt Gingrich. A call between Gingrich and other Republican leaders was monitored and taped. The conversation concerned Republican strategies for responding to an ethics violation for which Gingrich was being investigated. This call was given, or most likely sold, to the New York Times and made public.
Another publicized case of cell phone monitoring involved a pager system instead of a cellular phone system. In 1997, the Breaking News Network monitored the pager messages of a large number of New York City leaders, including police, fire, and court officials. The messages recorded were considered too sensitive to send over the government’s protected police radio. This confidential information was captured and then sold to other news agencies in order to get the scoop on a story. This ended up happening sometimes before the police dispatch even had the information. Later in the year, police arrested the officers of this New Jersey news company for illegally monitoring their pager systems.
Next we look at cellular phone cloning. What is cell phone cloning? It is the copying of the unique identification information programmed into your cell phone by a cellular provider. The cellular provider programs the phone with an electronic serial number (ESN) and mobile identification number (MIN). A cloner will steal this information, copy it to a different phone, and place calls on your bill.
There are many ways for cloners to obtain these numbers. One is when someone fixes your phone or even when you buy a new phone at the store, someone could copy this information during the activation process. The MIN and ESN can also be obtained by an ESN reader, which is similar to a cellular telephone receiver designed to monitor control channels. The ESN reader captures the MIN and ESN as they are being broadcast from a cellular telephone to a cell tower. This happens when your phone is turned on or when you move from one cell phone tower to another.
A major controversy grew around cell phone cloning. At first, the phone companies refused to admit that their security was compromised, thus making the victim pay for all the calls placed by the cloner. This proved to be a big problem for cell phone companies and their customers.
Another threat related to cellular phones deals with the short messaging service (SMS). This is a method of sending short messages similar to email. One of the threats related to this has to do with mass SMS messages that create a denial-of-service attack. This sort of attack has not been widely seen yet, although many industry leaders have openly spoken about the risk and impact if it were to happen.
