Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
Posted: 7/30/2002 12:11:37 PM EDT
Anyone know how secure a digital mobile phone is? Or even for that matter, a digital cordless home phone or digital 2-way pager? Please include sources if you are able to. I have a friend who's looking into a mobile phone and pager. Myself I'm in the market for a new digital cordless home phone. Are these systems secure, or can they be intercepted and the information decoded? TIA
Link Posted: 7/30/2002 12:40:16 PM EDT
[Last Edit: 7/30/2002 12:43:43 PM EDT by GodBlessTexas]
PCS phones, which is the current US digital standard for mobile phones, have yet to be cracked by anyone I know of. Rumor has it that we'll see GSM, the worldwide standard for digital cellular, in the US in the coming years. Analog cellular is wide open and patently insecure. Not only can they listen in on your conversations, but they can grab the ESN/MIN pairs out of the air if they are close enough to you while you're on the phone. For pagers, the most secure models are the Blackberry line, which use eliptic curve encryption for the messages. Everything else is pretty much insecure unless things have changed since the last time I check. The l0pht guys had a POCSAG decoder you could build relatively cheaply to snatch messages out of the air. I'm not sure if they ever worked on cracking the Motorola FLEX standard. Cordless phones are insecure unless they implement encryption between the handset and the base, and I know of none first hand that do this. While previous generation cordless phones used spectrum specifically set aside for that purpose which is blocked on most modern scanners though most of the blocks are easily bypassed, newer models use 2.4Ghz, which is effectively public spectrum that anyone can listen to with the right equipment. If you get a cordless phone in the 2.4Ghz range, it will likely utilize FHSS (frequency hopping spread spectrum) for compiance to FCC rules and will offer a slight margin of security, but it is still possible for listening in as FHSS is not a panacea and the hop sequence can be determined in most FHSS applications in short time with the right equipment. By using FHSS, you simply protect yourself from the casual listener. Also, with cordless phones, most new systems allow multiple handsets to be associated with a receiver. It's possible this can be abused as well. ICOM makes a HAM radio that can now scan for video signals from 2.4Ghz video distribution devices, including those wireless cameras from X10 and the like you see advertised on the web. If you've got one, that means someone driving around with this radio can effectively see what's being broadcast by your camera. Wireless security issues are a hobby of mine, as well as a professional interest. Remember the Alamo, and God Bless Texas...
Link Posted: 7/30/2002 12:50:40 PM EDT
Link Posted: 7/30/2002 1:01:29 PM EDT
God bless you...you handled this well..GSM is already here and is very secure....it will get more so with efforts underway to handle e-cash and secure transactions...I can use my phone to pay for lunch now.....
Link Posted: 7/30/2002 5:51:52 PM EDT
This is only an issue for telephone conversations. If you have a wireless device, like an upgraded Palm, you can use unsecured wireless data protocols and be okay as long as the data itself is encrypted. Now, if the signal and the data are both encrypted, better still. But you should still be safe to send your credit card number and the like over unsecured wireless as long as you do it from an application that encrypts the data, such as IE with 128-bit encryption.
Link Posted: 7/30/2002 6:27:51 PM EDT
Nothing that they give away to you for signing a one year contract is secure. In fact, nothing wireless is really that secure. Security is a cost tradeoff. If it was very secure, it would be very expensive. Do a google search on wireless or cellular test equipment. There are several testsets out there that can capture, analyze and emulate base/remotes for TDMA, CDMA, PCS, GSM, etc. Rhode & Schwarz, Anritsu and Agilent Technologies testsets come to mind. As you do more investigations, the scarier it gets. Using a cell phone is like yelling across a crowd of people.
Top Top