Yes, it's not at all clear from these stories just what was
going on or how "high tech" the attack would have to be. What does
"diverting" to a prepaid mobile mean? Here's a possibility:
they "social engineered" or otherwise compromised the target account
to assigned it a new telephone number and forward the old number
to a prepaid account they control. The "interceptor" box acts
as a "man in the middle" that receives calls at this prepaid account
and forwards them back to the target's "new" number (all the
while recording the content).
Such an arrangement would allow interception of incoming calls (but
not outgoing calls, unless they managed to get those forwarded
as well somehow -- perhaps there's a GSM feature that can do that,
too). Cumbersome, but has the advantage to the attacker of not
requiring any custom software or features on the switch or
cryptanalysis of the over-the-air interface, just garden-variety
subscriber account compromise and cobbling together a couple of
off-the-shelf GSM handsets.
-matt
On Feb 3, 2006, at 4:15, Jaap-Henk Hoepman wrote:
I wondered about that too. Do commonly used mobile phone switches
have built-in
functionality to divert (or rather split) calls to another phone;
could this be
done using phone conference facilities? or could you easily use
lawfull
interception fucntionality...? In other words, could it be done by
reconfiguring the switch? Or would it require more drastic changes
(software/hardware) to the switch (which makes the number of people
that could
actually do this much smaller...)
Jaap-Henk
(who should have paid more attention to phone switches when he
worked at
a telco... but everybody did internet there then ;-)
On Thu, 02 Feb 2006 21:28:31 -0500 "Steven M. Bellovin"
<[EMAIL PROTECTED]> writes:
I hate to play clipping service, but this story is too important
not to
mention. Many top Greek officials, including the Prime Minister, and
the U.S. embassy had their mobile phones tapped. What makes this
interesting is how it was done: software was installed on the switch
that diverted calls to a prepaid phone. Think about who could manage
that.
http://www.guardian.co.uk/mobile/article/0,,1701298,00.html
http://www.globetechnology.com/servlet/story/RTGAM.
20060202.wcelltap0202/BNStory/International/
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]
--
Jaap-Henk Hoepman | I've got sunshine in my pockets
Dept. of Computer Science | Brought it back to spray the day
Radboud University Nijmegen | Gry "Rocket"
(w) www.cs.ru.nl/~jhh | (m) [EMAIL PROTECTED]
(t) +31 24 36 52710/53132 | (f) +31 24 3653137
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]