Cell Phone Encryption/Security in The USA
John Navas
In <bbft4u$6...@qualcomm.com>, g...@qualcomm.com (Gregory G Rose) wrote:
>(snipped fairly heavily)
>
>In article <fdbae11.03060...@posting.google.com>,
>Roger Fleming <roger_f...@hotmail.com> wrote:
>Plug: There's a paper accepted for Crypto 2003 (of
>which I'm the general chair this year):
> - Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication
> Elad Barkan (Technion),
> Eli Biham (Technion),
> Nathan Keller (Technion)
>See http://www.iacr.org/conferences/crypto2003/content.html
>for more program details.
>... end Plug.
See <http://www.everything2.com/index.pl?node=GSM>:
A5 is the family of ciphers used for ensuring privacy between the
base station and the mobile. There is generally no security from the
base station to the rest of the phone network. This is where law
enforcement taps take place. End-to-end privacy (encryption between
one phone and another) was not implemented at the system level.
There are two versions of the A5 cipher. When the GSM standard was
being created, there were worries from law enforcement and national
security interests that the encryption would be too strong. Countries
such as France wanted a weak cipher that was easy to break; countries
with strong privacy laws such as Germany wanted a strong cipher that
was difficult to break. NATO was worried about countries like Iraq
gaining access to strong cryptography.
The end result was that two versions were created: A5/1 and A5/2.
A5/1 was the full version, and was used within Europe and the USA.
A5/2 was export strength - i.e. it was a weak cipher. There was a
minor scuffle when it was discovered that Australia had been sold
A5/2.
On April 10, 2000, Alex Biryukov, Adi Shamir, and David Wagner
published a paper entitled "Real Time Cryptanalysis of A5/1 on a PC".
In it, they detailed weaknesses in the algorithm and in it's
implementation that allowed the retrieval of a key for an
A5/1-encrypted conversation within one second, using a normal
personal computer. A5/1 has been exposed as being totally pathetic.
Furthermore, it was revealed that the cipher was fairly simple - it
only used three linear feedback shift registers (basic cipher
components), and the last ten bits of the key were always zero.
The inescapable conclusion was that all versions of A5 - including
A5/1 - had been deliberately weakened.
See also "GSM Interception"
<http://www.dia.unisa.it/ads.dir/corso-security/www/CORSO-9900/a5/Netsec/netsec.html>
(or <http://makeashorterlink.com/?O26B12835>). Abstract:
The GSM standard was designed to be a secure mobile phone system with
strong subscriber authentication and over-the-air transmission
encryption. The security model and algorithms were developed in
secrecy and were never published. Eventually some of the algorithms
and specifications have leaked out. The algorithms have been studied
since and critical errors have been found. Thus, after a closer look
at the GSM standard, one can see that the security model is not all
that good. An attacker can go through the security model or even
around it, and attack other parts of a GSM network, instead of the
actual phone call. Although the GSM standard was supposed to prevent
phone cloning and over-the-air eavesdropping, both of these are
possible with little additional work compared to the analog mobile
phone systems and can be implemented through various attacks. One
should not send anything confidential over a GSM network without
additional encryption if the data is supposed to stay confidential.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
Mok-Kong Shen
John Navas wrote:
>
[snip]
> ..... There is generally no security from the
> base station to the rest of the phone network. This
> is where law enforcement taps take place. ......
[snip]
A chain is as strong as its weakest link. So the
security is zero. Further, cell phone enables tracking
of the person carrying it (even when it's switched off,
unless with the battery removed, as someone claimed in
sci.crypt previously).
M. K. Shen
Josh III
That is the first time I have heard this.
But I knew from my own experiments that a cellphone transmits a burst within
a second or two *after* it is switched off, so that proves at least the
transmitter is still powered up. :D
These Cellphones are sneaky little devices aren't they!
"Mok-Kong Shen" <mok-ko...@t-online.de> wrote in message
news:3F0D982C...@t-online.de...
John Navas
In <bekd9n$vmn$1...@news.chatlink.com> on Thu, 10 Jul 2003 15:03:09 -0400, "Josh
III" <lipi...@Xhotmail.com> wrote:
>"Mok-Kong Shen" <mok-ko...@t-online.de> wrote in message
>news:3F0D982C...@t-online.de...
>>
>> A chain is as strong as its weakest link. So the
>> security is zero.
It's certainly not very good, but I wouldn't say it's zero.
>> Further, cell phone enables tracking
>> of the person carrying it
True, *if* it's turned on.
>> (even when it's switched off,
>> unless with the battery removed, as someone claimed in
>> sci.crypt previously).
Not true. Urban myth. Internet paranoia.
>Very interesting! :>
>
>That is the first time I have heard this.
Don't get too excited -- it's just another Usenet urban myth.
>But I knew from my own experiments that a cellphone transmits a burst within
>a second or two *after* it is switched off, so that proves at least the
>transmitter is still powered up. :D
That's just part of the normal shut down, which takes the phone a significant
amount of time. After that the transmitter stays off.
>These Cellphones are sneaky little devices aren't they!
Not really.
--
Best regards,
John Navas <http://navasgrp.home.att.net/> HELP PAGES FOR
CINGULAR GSM + ERICSSON PHONES: <http://navasgrp.home.att.net/#Cingular>
Mok-Kong Shen
John Navas wrote:
>
> >"Mok-Kong Shen" <mok-ko...@t-online.de> wrote:
> >>
> >> A chain is as strong as its weakest link. So the
> >> security is zero.
>
> It's certainly not very good, but I wouldn't say it's zero.
If you think that the normal telephone network is
safe for you, then yes. Otherwise .....
>
> >> Further, cell phone enables tracking
> >> of the person carrying it
>
> True, *if* it's turned on.
>
> >> (even when it's switched off,
> >> unless with the battery removed, as someone claimed in
> >> sci.crypt previously).
>
> Not true. Urban myth. Internet paranoia.
That was at least what was claimed by someone in sci.crypt
quite a time ago (saying though that that applies to the
more modern cell phones) without being refuted and I have
read also a German newspaper reviewing a security specialist
who recommended removing the battery.
M. K. Shen
John Navas
In <3F0DCCA3...@t-online.de> on Thu, 10 Jul 2003 22:29:23 +0200,
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>John Navas wrote:
>
>> >"Mok-Kong Shen" <mok-ko...@t-online.de> wrote:
>
>> >> A chain is as strong as its weakest link. So the
>> >> security is zero.
>>
>> It's certainly not very good, but I wouldn't say it's zero.
>
>If you think that the normal telephone network is
>safe for you, ...
Safe enough for normal use.
>> >> Further, cell phone enables tracking
>> >> of the person carrying it
>>
>> True, *if* it's turned on.
>>
>> >> (even when it's switched off,
>> >> unless with the battery removed, as someone claimed in
>> >> sci.crypt previously).
>>
>> Not true. Urban myth. Internet paranoia.
>
>That was at least what was claimed by someone in sci.crypt
>quite a time ago (saying though that that applies to the
>more modern cell phones) without being refuted and I have
>read also a German newspaper reviewing a security specialist
>who recommended removing the battery.
Repeat: Not true. Urban myth. Internet paranoia.
Mok-Kong Shen
John Navas wrote:
>
> >> >"Mok-Kong Shen" <mok-ko...@t-online.de> wrote:
> >
> >> >> A chain is as strong as its weakest link. So the
> >> >> security is zero.
> >>
> >> It's certainly not very good, but I wouldn't say it's zero.
> >
> >If you think that the normal telephone network is
> >safe for you, ...
>
> Safe enough for normal use.
If you mean that for 'security', then I have no comment.
> >> >> Further, cell phone enables tracking
> >> >> of the person carrying it
> >>
> >> True, *if* it's turned on.
> >>
> >> >> (even when it's switched off,
> >> >> unless with the battery removed, as someone claimed in
> >> >> sci.crypt previously).
> >>
> >> Not true. Urban myth. Internet paranoia.
> >
> >That was at least what was claimed by someone in sci.crypt
> >quite a time ago (saying though that that applies to the
> >more modern cell phones) without being refuted and I have
> >read also a German newspaper reviewing a security specialist
> >who recommended removing the battery.
>
> Repeat: Not true. Urban myth. Internet paranoia.
I acknowledge your repetition. But I am not convinced
nonetheless.
M. K. Shen
John Navas
In <3F0DD2C0...@t-online.de> on Thu, 10 Jul 2003 22:55:28 +0200,
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>John Navas wrote:
>> Safe enough for normal use.
>
>If you mean that for 'security', then I have no comment.
I'm not worried that someone will go to all that trouble and expense just to
listen in when I chat with my daughter.
As for sensitive conversations, I *never* use *any* sort of wireless phone for
that.
>> Repeat: Not true. Urban myth. Internet paranoia.
>
>I acknowledge your repetition. But I am not convinced
>nonetheless.
Suit yourself.
Mok-Kong Shen
John Navas wrote:
>
> Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>
> >John Navas wrote:
>
> >> Safe enough for normal use.
> >
> >If you mean that for 'security', then I have no comment.
>
> I'm not worried that someone will go to all that trouble and expense just to
> listen in when I chat with my daughter.
>
> As for sensitive conversations, I *never* use *any* sort of wireless phone for
> that.
So why do you care about the security of cell phones
in the first place?
M. K. Shen
John Navas
In <3F0DD9C5...@t-online.de> on Thu, 10 Jul 2003 23:25:25 +0200,
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>John Navas wrote:
It keeps out most snoops.
Tom St Denis
> [POSTED TO alt.cellular.cingular - REPLY ON USENET PLEASE]
>
> In <3F0DD9C5...@t-online.de> on Thu, 10 Jul 2003 23:25:25 +0200,
> Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>
>
>>John Navas wrote:
>
>
>>>I'm not worried that someone will go to all that trouble and expense just to
>>>listen in when I chat with my daughter.
>>>
>>>As for sensitive conversations, I *never* use *any* sort of wireless phone for
>>>that.
>>
>>So why do you care about the security of cell phones
>>in the first place?
>
>
> It keeps out most snoops.
More important than the voice portion are the control channels. I
personally don't care if people hear what I say. But when calls start
going to Austria or something I'll ask questions.
Tom
Andrew Swallow
"Josh III" <lipi...@Xhotmail.com> wrote in message
news:bekd9n$vmn$1...@news.chatlink.com...
> Very interesting! :>
>
> That is the first time I have heard this.
>
> But I knew from my own experiments that a cellphone transmits a burst
within
> a second or two *after* it is switched off, so that proves at least the
> transmitter is still powered up. :D
>
> These Cellphones are sneaky little devices aren't they!
>
probably just the phone telling the network goodbye
and requesting the activation of any preset diversion.
Andrew Swallow
Julian
> As for sensitive conversations, I *never* use *any* sort of wireless phone for
> that.
Since we are on the topic of wireless encryption, would anyone happen to
know if the DECT standard, common on cordless phones in Europe, is easy
to crack or not?
Julian
jer
>
>>>That was at least what was claimed by someone in sci.crypt
>>>quite a time ago (saying though that that applies to the
>>>more modern cell phones) without being refuted and I have
>>>read also a German newspaper reviewing a security specialist
>>>who recommended removing the battery.
>>
>>Repeat: Not true. Urban myth. Internet paranoia.
>
>
> I acknowledge your repetition. But I am not convinced
> nonetheless.
>
> M. K. Shen
The only reason removing the battery was recommended was to prevent
turning the phone back on inadvertently. Once the phone is turned
off, it's off.
--
jer email reply - I am not a 'ten' ICQ = 35253273
"All that we do is touched with ocean, yet we remain on the shore of
what we know." -- Richard Wilbur
jer
Absolutley. Powering down a handset results in a data burst to signel
it's leaving the network, instead of waiting for the network to
eventually decide the phone has wandered off the coverage map to
activate alternate call termination features, which wastes network
resources.
Pawel Krawczyk
> The only reason removing the battery was recommended was to prevent
> turning the phone back on inadvertently. Once the phone is turned off,
> it's off.
If it was off, then alarm clock wouldn't work. At least in Siemens ME45
I own it works even when the telephone is switched off.
--
Paweł Krawczyk, Kraków, Poland http://echelon.pl/kravietz/
ABA Kraków: http://www.aba.krakow.pl/
horses: http://kabardians.com/
crypto: http://ipsec.pl/
John Navas
In <bem71t$j9j$1...@druid.ceti.pl> on Fri, 11 Jul 2003 13:29:04 +0200, Pawel
Krawczyk <kravietz...@echelon.pl> wrote:
>On 07/11/2003 12:34 PM, jer wrote:
>
>> The only reason removing the battery was recommended was to prevent
>> turning the phone back on inadvertently. Once the phone is turned off,
>> it's off.
>
>If it was off, then alarm clock wouldn't work. At least in Siemens ME45
>I own it works even when the telephone is switched off.
True, the microprocessor continues to run in a very low power mode in order to
keep the clock updated. The transmitter and receiver are nonetheless
completely *off*, and with the transmitter off, there is *no* way for the
phone to be tracked.
Josh III
after the phone is seemingly powered down, i.e., The display lite is off
and the screen is blank, then comes the burst.
Might not be anything sinister, but there is a "perception of deception".
Especially if you're paranoid with alot of modern electronics technology
(including software) like myself. :D
"jer" <gd...@airmail.ten> wrote in message
news:3F0E9406...@airmail.ten...
> Andrew Swallow wrote:
> > "Josh III" <lipi...@Xhotmail.com> wrote in message
> > news:bekd9n$vmn$1...@news.chatlink.com...
>
Tom St Denis
> Granted, but at least on a Nokia 5180i (TracFone) this short burst occurs
> after the phone is seemingly powered down, i.e., The display lite is off
> and the screen is blank, then comes the burst.
>
> Might not be anything sinister, but there is a "perception of deception".
> Especially if you're paranoid with alot of modern electronics technology
> (including software) like myself. :D
Solution: Don't buy a cell phone.
Or another solution: Win the lotto, start a cellphone production line,
control the software specifically to your liking.
Tom
Mok-Kong Shen
John Navas wrote:
> Pawel Krawczyk <kravietz...@echelon.pl> wrote:
>
> >On 07/11/2003 12:34 PM, jer wrote:
> >
> >> The only reason removing the battery was recommended was to prevent
> >> turning the phone back on inadvertently. Once the phone is turned off,
> >> it's off.
> >
> >If it was off, then alarm clock wouldn't work. At least in Siemens ME45
> >I own it works even when the telephone is switched off.
>
> True, the microprocessor continues to run in a very low power mode in order to
> keep the clock updated. The transmitter and receiver are nonetheless
> completely *off*, and with the transmitter off, there is *no* way for the
> phone to be tracked.
As said previously, I have no exact knowledge about the
matter, but the following is from a post of Signal Tracker
in the thread 'Blocking / Shielding wireless signals for
privacy' of sci.crypt of Oct 02:
-------------------------------------------------------
"Tom St Denis" <tomst...@yahoo.com> wrote in message
news:<3d99d6b8$1...@news.teranews.com>...>
> There is a reason why people invented the off button.
>
> If I don't want my cell to be active, I do the magical age-old idea of
> "turning it off".
>
> Tom
The new G3 phones and other new wireless tech. are "always on". RFID
tags, Bluetooth, 802.11a, 802.11b, Wi Fi ...
------------------------------------------------------
M. K. Shen
John Navas
In <bemllj$tnm$1...@news.chatlink.com> on Fri, 11 Jul 2003 11:38:24 -0400, "Josh
III" <lipi...@Xhotmail.com> wrote:
>Granted, but at least on a Nokia 5180i (TracFone) this short burst occurs
>after the phone is seemingly powered down, i.e., The display lite is off
>and the screen is blank, then comes the burst.
>
>Might not be anything sinister, but there is a "perception of deception".
>Especially if you're paranoid with alot of modern electronics technology
>(including software) like myself. :D
If you really have a "perception of deception" then you probably are paranoid.
This really is silly.
--
Best regards,
John Navas
In <UTAPa.7592$lJd1...@news01.bloor.is.net.cable.rogers.com> on Fri, 11 Jul
2003 15:40:36 GMT, Tom St Denis <tomst...@iahu.ca> wrote:
>Josh III wrote:
>> Granted, but at least on a Nokia 5180i (TracFone) this short burst occurs
>> after the phone is seemingly powered down, i.e., The display lite is off
>> and the screen is blank, then comes the burst.
>>
>> Might not be anything sinister, but there is a "perception of deception".
>> Especially if you're paranoid with alot of modern electronics technology
>> (including software) like myself. :D
>
>Solution: Don't buy a cell phone.
Better yes, don't buy any "modern electronics technology" (or "software").
[follow-up set to alt.conspiracy.black.helicopters]
--
Best regards,
John Navas
In <3F0EDFCB...@t-online.de> on Fri, 11 Jul 2003 18:03:23 +0200,
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>John Navas wrote:
>> True, the microprocessor continues to run in a very low power mode in order to
>> keep the clock updated. The transmitter and receiver are nonetheless
>> completely *off*, and with the transmitter off, there is *no* way for the
>> phone to be tracked.
>
>As said previously, I have no exact knowledge about the
>matter,
No offense, but that's painfully obvious.
>but the following is from a post of Signal Tracker
>in the thread 'Blocking / Shielding wireless signals for
>privacy' of sci.crypt of Oct 02:
>
>-------------------------------------------------------
>"Tom St Denis" <tomst...@yahoo.com> wrote in message
>news:<3d99d6b8$1...@news.teranews.com>...>
>> There is a reason why people invented the off button.
>
>>
>> If I don't want my cell to be active, I do the magical age-old idea of
>> "turning it off".
>>
>> Tom
>
>The new G3 phones and other new wireless tech. are "always on". RFID
>tags, Bluetooth, 802.11a, 802.11b, Wi Fi ...
>------------------------------------------------------
There are no "G3" phones. True "3G" phones are just coming on the market.
RFID tags are passive devices (never actually "on") with very short range.
Bluetooth is off when turned off. Likewise 802.11. (WiFi is 802.11b, not
something else.) This all raises serious questions about the credibility of
the source. Be very skeptical of what you read on the Internet (including
what I post:) -- there's some good stuff out there, but there's also a
tremendous about of utter rubbish.
Many (most?) modern electronic devices *do* continue to run in a low power
mode in order to provide minimal services like keeping the clock updated and
responding to your IR remote control, as I noted. Nevertheless, the cell
phone transmitter and receiver are completely *off*, and with the transmitter
off, there is *no* way for the phone to be tracked by the carrier.
This is pretty obvious to anyone with any electronics knowledge. If, for
example, the cell phone was staying in touch with base stations when turned
off, then it WOULDN'T NEED TO SEARCH FOR SERVICE when turned on. In addition,
the BATTERY WOULD BE RAPIDLY DEPLETED, since the radio transmitter and
receiver consume far more power than the low power mode of the microprocessor
-- in effect, the phone would be on STANDBY with the display off, and standby
time is limited.
The notion that you can be tracked with your phone off is silly, but if you're
still worried, have your phone checked for RF emissions when it's turned off.
Tip: There won't be any.
John Myre
"John Navas" <spamf...@navasgroup.com> wrote in message
news:upBPa.916$dk4....@typhoon.sonic.net...
> [POSTED TO alt.cellular.cingular - REPLY ON USENET PLEASE]
>
> In <bemllj$tnm$1...@news.chatlink.com> on Fri, 11 Jul 2003 11:38:24 -0400,
"Josh
> III" <lipi...@Xhotmail.com> wrote:
>
> >Granted, but at least on a Nokia 5180i (TracFone) this short burst
occurs
> >after the phone is seemingly powered down, i.e., The display lite is
off
> >and the screen is blank, then comes the burst.
> >
> >Might not be anything sinister, but there is a "perception of
deception".
> >Especially if you're paranoid with alot of modern electronics technology
> >(including software) like myself. :D
>
> If you really have a "perception of deception" then you probably are
paranoid.
> This really is silly.
It is certainly not silly to wonder what "off" really means when
you have physical evidence of RF *after* the device is apparantly
shut down.
Consider, for example, what rules a government should have
about cell phones within sensitive areas. If you were responsible
for setting these rules, what would you do? I would hope that you
wouldn't simply assume there is no vulnerability there, since, hey,
any other attitude is "paranoid" - I heard it on Usenet!
The whole point is that the cell phone is a complex device, and
since the software can communicate even when the screen is
dark, how do we assure ourselves that it can't happen at other,
inconvenient times? Assurances that the manufacturers have no
vested interest in your conversations is not enough. Bugs and
unexpected interactions between features are common in many
contexts.
JM
Mok-Kong Shen
I hope it wouldn't be considered an offense if I use
your own words to say that 'This all raises serious
questions about the credibility of the [your] source'.
The following is from
http://www.aimglobal.org/technologies/rfid/what_is_rfid.htm
and apparently contradicts your claim above that RFID tags
are [all] passive devices:
RFID tags are categorized as either active or passive.
Active RFID tags are powered by an internal battery
and are typically read/write, i.e., tag data can be
rewritten and/or modified. .......
M. K. Shen
John Navas
In <3F0EF29B...@t-online.de> on Fri, 11 Jul 2003 19:23:39 +0200,
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>John Navas wrote:
>> RFID tags are passive devices (never actually "on") with very short range.
>I hope it wouldn't be considered an offense if I use
>your own words to say that 'This all raises serious
>questions about the credibility of the [your] source'.
>
>The following is from
>
>http://www.aimglobal.org/technologies/rfid/what_is_rfid.htm
>
>and apparently contradicts your claim above that RFID tags
>are [all] passive devices:
>
> RFID tags are categorized as either active or passive.
> Active RFID tags are powered by an internal battery
> and are typically read/write, i.e., tag data can be
> rewritten and/or modified. .......
Active RFID devices are indeed possible, but are larger and much more
expensive, and AFAIK, most if not all consumer-level RFID devices to date are
passive. When we worry about RFID (as in this context), it's mostly about the
tiny passive tags that could be embedded in products, not the relatively large
anti-theft tags currently on or in packages (that get deactivated in the
store). If you know of an actual RFID consumer-level device that's active,
I'd be very interested.
While consumer-level RFID is probably coming sooner or later, thus far it's
mostly been a technology in search of a market. Note that WalMart just
canceled its in-store trial (where RFID devices would be embedded in
individual products), focusing instead on warehousing (where RFID devices are
embedded in pallets and containers).
John Navas
In <bemrh4$jrc$1...@sass2141.sandia.gov> on Fri, 11 Jul 2003 11:18:28 -0600,
"John Myre" <jm...@sandia.gov> wrote:
>"John Navas" <spamf...@navasgroup.com> wrote in message
>news:upBPa.916$dk4....@typhoon.sonic.net...
>> If you really have a "perception of deception" then you probably are paranoid.
>> This really is silly.
>
>It is certainly not silly to wonder what "off" really means when
>you have physical evidence of RF *after* the device is apparantly
>shut down.
What's silly is to be concerned (not wonder) about it. Even without
understanding of what's going on (cell phone signing off the network), the RF
is obviously related to the shutdown process. Only if the RF occurred later
would there be any real cause for concern.
>Consider, for example, what rules a government should have
>about cell phones within sensitive areas. If you were responsible
>for setting these rules, what would you do? ...
Prohibit them -- they're a big security hole.
>The whole point is that the cell phone is a complex device, and
>since the software can communicate even when the screen is
>dark, how do we assure ourselves that it can't happen at other,
>inconvenient times? Assurances that the manufacturers have no
>vested interest in your conversations is not enough. Bugs and
>unexpected interactions between features are common in many
>contexts.
For you to be tracked (the context of this debate), it would take the active,
secret cooperation of all cellular manufacturers, not just "bugs and
unexpected interactions." That's not a real possibility; i.e., it's silly.
Andrew Swallow
[snip]
>
> The notion that you can be tracked with your phone off is silly, but if
you're
> still worried, have your phone checked for RF emissions when it's turned
off.
> Tip: There won't be any.
>
or the sound system of a computer you will hear a series of
clicks every hour or so. (Some networks do it every half hour.)
A switched off cell phone will not generate any clicks.
Andrew Swallow
Andrew Swallow
news:bemrh4$jrc$1...@sass2141.sandia.gov...
[snip]
>
> Consider, for example, what rules a government should have
> about cell phones within sensitive areas. If you were responsible
> for setting these rules, what would you do? I would hope that you
> wouldn't simply assume there is no vulnerability there, since, hey,
> any other attitude is "paranoid" - I heard it on Usenet!
>
purchased by the general public. Having looked at it, it comes
as a CD-ROM containing many volumes. This document is
very repetitive and boring.
The volume on encryption comes separately which has (had)
a restricted distribution.
Andrew Swallow
Andrew Swallow
> Granted, but at least on a Nokia 5180i (TracFone) this short burst occurs
> after the phone is seemingly powered down, i.e., The display lite is off
> and the screen is blank, then comes the burst.
>
> Might not be anything sinister, but there is a "perception of deception".
> Especially if you're paranoid with alot of modern electronics technology
> (including software) like myself. :D
>
See a previous post by me giving a do-it-your-self method of
monitoring mobile phone transmissions.
With the phone switched on monitor the phone for two hours
and note when it transmits. Turn the phone off. After the
closedown transmission it should be silent until you switch
it back on again.
Note: Ensure that you have only got one mobile phone
near by otherwise you will not know which phone is
transmitting.
Andrew Swallow
Phil Frisbie, Jr.
> It is certainly not silly to wonder what "off" really means when
> you have physical evidence of RF *after* the device is apparantly
> shut down.
That has already been correctly explained in this thread, but since I am an FCC
licensed radio tech with a firm understanding of networked radio communications
let me confirm it! That 'burst signal' is the phone saying to the cellular
network "Hey! I am being turned off so I cannot take any calls for now".
<FUD removed >
--
Phil Frisbie, Jr.
Hawk Software
http://www.hawksoft.com
Mok-Kong Shen
The context was not about economy etc. but about an
(non-qualified definite) claim. One shouldn't be too
sure about things that couldn't happen in one's view
just because one doesn't have informations about these.
To do so could be risky, especially in what concerns
'security'. In WWII the Germans didn't think that their
Enigmas could ever be cracked. Otherwise, the war
presumably would have lasted a little bit longer.
M. K. Shen
Mok-Kong Shen
John Navas wrote:
>
[snip]
> For you to be tracked (the context of this debate), it would take the active,
> secret cooperation of all cellular manufacturers, not just "bugs and
> unexpected interactions." That's not a real possibility; i.e., it's silly.
If you were a VIP, there could be some possibility that
someone manages to let you have a (specially done) bugged
phone. Or do you have no respect at all to the profession
of private detectives etc.?
M. K. Shen
John Navas
In <3F0F1DB1...@t-online.de> on Fri, 11 Jul 2003 22:27:29 +0200,
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>John Navas wrote:
>> Active RFID devices are indeed possible, but are larger and much more
>> expensive, and AFAIK, most if not all consumer-level RFID devices to date are
>> passive. When we worry about RFID (as in this context), it's mostly about the
>> tiny passive tags that could be embedded in products, not the relatively large
>> anti-theft tags currently on or in packages (that get deactivated in the
>> store). If you know of an actual RFID consumer-level device that's active,
>> I'd be very interested.
I didn't think so.
>> While consumer-level RFID is probably coming sooner or later, thus far it's
>> mostly been a technology in search of a market. Note that WalMart just
>> canceled its in-store trial (where RFID devices would be embedded in
>> individual products), focusing instead on warehousing (where RFID devices are
>> embedded in pallets and containers).
>
>The context was not about economy etc. but about an
>(non-qualified definite) claim.
The actual context was (is) tracking by having devices on. As I have noted,
RFID is irrelevant in this context (for a number of reasons).
>One shouldn't be too
>sure about things that couldn't happen in one's view
>just because one doesn't have informations about these.
>To do so could be risky, especially in what concerns
>'security'.
I don't agree -- there are too many real things to worry about that are far
more risky (e.g., driving in a car) than being tracked by a cell phone that's
been turned off.
>In WWII the Germans didn't think that their
>Enigmas could ever be cracked.
That's utterly different (as I'm pretty sure you know).
>Otherwise, the war
>presumably would have lasted a little bit longer.
Not at all relevant, but probably not.
John Navas
In <3F0F1F56...@t-online.de> on Fri, 11 Jul 2003 22:34:30 +0200,
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>John Navas wrote:
>>
>[snip]
>> For you to be tracked (the context of this debate), it would take the active,
>> secret cooperation of all cellular manufacturers, not just "bugs and
>> unexpected interactions." That's not a real possibility; i.e., it's silly.
>
>If you were a VIP, there could be some possibility that
>someone manages to let you have a (specially done) bugged
>phone.
You're really reaching now. [grin]
>Or do you have no respect at all to the profession
>of private detectives etc.?
I have no respect at all.
[follow-up set to alt.conspiracy.black.helicopters]
MikeWrite
"Mok-Kong Shen" <mok-ko...@t-online.de> wrote in message
news:3F0F1F56...@t-online.de...
Didn't the Mossad do that to some terrorist leader? I've heard two
versions: 1) the phone was rigged with a small explosive package. Mossad
guy calls terrorist, makes some cryptic comment about impending demise, then
bang, head goes splat. 2) Mossad tracked a guy's cell phone transmission and
used it to target a missile.
I've also heard we had a covert team in Iraq years ago who got caught, and
the Iraqi intelligence service called somebody here - CIA, DIA, somebody -
on one of the captured team's encrypted cell phones, informing us that our
little secret mission was no longer much of a secret.
Mike
Jan Panteltje
<jm...@sandia.gov> wrote in <bemrh4$jrc$1...@sass2141.sandia.gov>:
>
>The whole point is that the cell phone is a complex device, and
>since the software can communicate even when the screen is
>dark, how do we assure ourselves that it can't happen at other,
>inconvenient times? Assurances that the manufacturers have no
>vested interest in your conversations is not enough. Bugs and
>unexpected interactions between features are common in many
>contexts.
>
>JM
or trying to trace me down by my cell phone, I would mail it to say
Alaska, with it 'on'.
Then I would buy a prepaid handy and use that to commit the crimes
that are the reason 'they' are following me.
I think some of these have 48 hours or more standby, so send it by DHL.
See the face of those cops as they raid the premises (likely postoffice)
it was send too, or the Mossad missile hits the wrong location....
But of cause I have now given away my little secret, so ......
Hope this info is of use to anyone.
Jan Panteltje
<spamf...@navasgroup.com> wrote in <MQBPa.926$dk4....@typhoon.sonic.net>:
Well, not so hasty, a RECEIVER could be made that uses micro amps only.
Then a special code could be sent to that specific phone to give a burst for tracking
purposes (so when requested).
Modern GSM are highly programmable (you must have noticed) and you could write
your own code even without as much money as winning the Lotto, as Tom suggested.
NO they are not safe, yes I am electronics qualified, if you are going to kill Bush
at least remove the batteries.
Something for the CIA or NSA or dep. of home-security to have some guys 'modify'
phones and then channel these to their users.
Does seem pretty normal operation to me.
>Best regards,
Jan Panteltje
Swallow" <am.sw...@eatspam.btinternet.com> wrote in
<ben0eo$bao$1...@titan.btinternet.com>:
Only if your receiver is realy one of those rotten ones.
My old AIWA radio does it, my old AIWA walkman does it, my
new mp3 player (DLink) you can have in the same pocket as the GSM.
Same for my HiFi I build myself (all metal case).
John Navas
In <benh3h$gh2$2...@reader1.tiscali.nl> on Fri, 11 Jul 2003 23:25:40 GMT, Jan
Panteltje <pant...@yahoo.com> wrote:
>On a sunny day (Fri, 11 Jul 2003 16:45:32 GMT) it happened John Navas
><spamf...@navasgroup.com> wrote in <MQBPa.926$dk4....@typhoon.sonic.net>:
>>The notion that you can be tracked with your phone off is silly, but if you're
>>still worried, have your phone checked for RF emissions when it's turned off.
>>Tip: There won't be any.
>Well, not so hasty, a RECEIVER could be made that uses micro amps only.
>Then a special code could be sent to that specific phone to give a burst for tracking
>purposes (so when requested).
>Modern GSM are highly programmable (you must have noticed) and you could write
>your own code even without as much money as winning the Lotto, as Tom suggested.
>NO they are not safe, yes I am electronics qualified, if you are going to kill Bush
>at least remove the batteries.
>Something for the CIA or NSA or dep. of home-security to have some guys 'modify'
>phones and then channel these to their users.
>Does seem pretty normal operation to me.
ROTFL! That's ridiculous! (You're kidding -- right? If not, you really need
to cut out the late night TV.)
[follow-up set to alt.conspiracy.black.helicopters]
John Navas
In <benetv$p5c$1...@slb3.atl.mindspring.net> on Fri, 11 Jul 2003 18:49:33 -0400,
"MikeWrite" <fDlEaL...@yahoo.com> wrote:
>"Mok-Kong Shen" <mok-ko...@t-online.de> wrote in message
>news:3F0F1F56...@t-online.de...
>> If you were a VIP, there could be some possibility that
>> someone manages to let you have a (specially done) bugged
>> phone. Or do you have no respect at all to the profession
>> of private detectives etc.?
>
>Didn't the Mossad do that to some terrorist leader? I've heard two
>versions: 1) the phone was rigged with a small explosive package. Mossad
>guy calls terrorist, makes some cryptic comment about impending demise, then
>bang, head goes splat. 2) Mossad tracked a guy's cell phone transmission and
>used it to target a missile.
>
>I've also heard we had a covert team in Iraq years ago who got caught, and
>the Iraqi intelligence service called somebody here - CIA, DIA, somebody -
>on one of the captured team's encrypted cell phones, informing us that our
>little secret mission was no longer much of a secret.
There are indeed lots of silly stories. (You don't really believe them --
right?)
[follow-up set to alt.conspiracy.black.helicopters]
John Navas
In <benetv$p5c$1...@slb3.atl.mindspring.net> on Fri, 11 Jul 2003 18:49:33 -0400,
"MikeWrite" <fDlEaL...@yahoo.com> wrote:
>"Mok-Kong Shen" <mok-ko...@t-online.de> wrote in message
>news:3F0F1F56...@t-online.de...
>> If you were a VIP, there could be some possibility that
>> someone manages to let you have a (specially done) bugged
>> phone. Or do you have no respect at all to the profession
>> of private detectives etc.?
>
>Didn't the Mossad do that to some terrorist leader? I've heard two
>versions: 1) the phone was rigged with a small explosive package. Mossad
>guy calls terrorist, makes some cryptic comment about impending demise, then
>bang, head goes splat. 2) Mossad tracked a guy's cell phone transmission and
>used it to target a missile.
>
>I've also heard we had a covert team in Iraq years ago who got caught, and
>the Iraqi intelligence service called somebody here - CIA, DIA, somebody -
>on one of the captured team's encrypted cell phones, informing us that our
>little secret mission was no longer much of a secret.
There are indeed lots of silly stories. (You don't really believe them --
right?)
[follow-up set to alt.conspiracy.black.helicopters]
--
jer
NNTP-Proxy-Relay: library2.airnews.net
NNTP-Posting-Time: Fri, 11 Jul 2003 19:20:34 -0500 (CDT)
NNTP-Posting-Host: !_V/l1k-Y&N$2Oc+]UQM%fcS0 (Encoded at Airnews!)
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Disposition-Notification-To: jer <gd...@airmail.ten>
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02
X-Accept-Language: en-us, en
John Navas wrote:
[....]
> Active RFID devices are indeed possible, but are larger and much more
> expensive, and AFAIK, most if not all consumer-level RFID devices to date are
> passive. When we worry about RFID (as in this context), it's mostly about the
> tiny passive tags that could be embedded in products, not the relatively large
> anti-theft tags currently on or in packages (that get deactivated in the
> store).
Another example of passive RFID devices are the toll tags used in
vehicles for toll charges as one screams through a toll booth under
the scanner's panel antennas. I peeked - there is no battery.
[....]
jer
[....]
> It is certainly not silly to wonder what "off" really means when
> you have physical evidence of RF *after* the device is apparantly
> shut down.
>
> Consider, for example, what rules a government should have
> about cell phones within sensitive areas.
Commercial aircraft in flight would be one example. Try killing some
in-flight time by playing one of those silly games on your cell phone
and see what happens when a cabin attendent sees ya. Trust me,
they're not gonna wait for the flight deck to ask for a cabin search,
and you won't like their suggestion of where you can put your 'toy'.
jer
> On 07/11/2003 12:34 PM, jer wrote:
>
>> The only reason removing the battery was recommended was to prevent
>> turning the phone back on inadvertently. Once the phone is turned
>> off, it's off.
>
>
> If it was off, then alarm clock wouldn't work. At least in Siemens ME45
> I own it works even when the telephone is switched off.
I said the phone is off - I didn't say anything about a clock.
Gregory G Rose
Jan Panteltje <pant...@yahoo.com> wrote:
>>... True "3G" phones are just coming on the market.
True, if you adopt the definition of 3G == WCDMA.
There are rather a lot of phones deployed that
meet the ITU definition of 3G, though. (Off topic
for sci.crypt, sorry.)
Greg.
--
Greg Rose INTERNET: g...@qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
John Navas
In <beoeuq$p...@qualcomm.com> on 12 Jul 2003 00:56:10 -0700, g...@qualcomm.com
(Gregory G Rose) wrote:
>In article <benh3h$gh2$2...@reader1.tiscali.nl>,
>Jan Panteltje <pant...@yahoo.com> wrote:
>>>... True "3G" phones are just coming on the market.
>
>True, if you adopt the definition of 3G == WCDMA.
That wasn't my definition.
>There are rather a lot of phones deployed that
>meet the ITU definition of 3G, though. ...
I disagree.
Mok-Kong Shen
John Navas wrote:
>
> [POSTED TO alt.cellular.cingular - REPLY ON USENET PLEASE]
>
> In <3F0F1DB1...@t-online.de> on Fri, 11 Jul 2003 22:27:29 +0200,
> Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>
> >John Navas wrote:
>
> >> Active RFID devices are indeed possible, but are larger and much more
> >> expensive, and AFAIK, most if not all consumer-level RFID devices to date are
> >> passive. When we worry about RFID (as in this context), it's mostly about the
> >> tiny passive tags that could be embedded in products, not the relatively large
> >> anti-theft tags currently on or in packages (that get deactivated in the
> >> store). If you know of an actual RFID consumer-level device that's active,
> >> I'd be very interested.
>
> I didn't think so.
What do you mean by this? You don't think that I know
whether there are consumer-level devices of that kind?
Does it matter whether I know or whether there exists
such? The point was that you claimed previously that
[all] RFID tags are passive and are thus never on and
that claim is clearly false and consequently, following
your own advice, your credibility should be questioned.
(There was never a mention of 'consumer-level' in
the discussion.)
>
> >> While consumer-level RFID is probably coming sooner or later, thus far it's
> >> mostly been a technology in search of a market. Note that WalMart just
> >> canceled its in-store trial (where RFID devices would be embedded in
> >> individual products), focusing instead on warehousing (where RFID devices are
> >> embedded in pallets and containers).
> >
> >The context was not about economy etc. but about an
> >(non-qualified definite) claim.
>
> The actual context was (is) tracking by having devices on. As I have noted,
> RFID is irrelevant in this context (for a number of reasons).
See above. Re-read your own previous post.
> >One shouldn't be too
> >sure about things that couldn't happen in one's view
> >just because one doesn't have informations about these.
> >To do so could be risky, especially in what concerns
> >'security'.
>
> I don't agree -- there are too many real things to worry about that are far
> more risky (e.g., driving in a car) than being tracked by a cell phone that's
> been turned off.
An opponent would generally try multiple means, if
feasible. If one of these succeeds, then his goal
is reached. Isn't that clear?
>
> >In WWII the Germans didn't think that their
> >Enigmas could ever be cracked.
>
> That's utterly different (as I'm pretty sure you know).
For the nature of being too sure of one's 'logical'
view/thinking, there is a fairly good analogy here in
my opinion.
> >Otherwise, the war
> >presumably would have lasted a little bit longer.
>
> Not at all relevant, but probably not.
History is not what could be reproduced in laboratory
arbitrary number of times. I leave it to common
sense to judge the validity of your view.
M. K. Shen
Mok-Kong Shen
MikeWrite wrote:
>
> "Mok-Kong Shen" <mok-ko...@t-online.de> wrote:
> > If you were a VIP, there could be some possibility that
> > someone manages to let you have a (specially done) bugged
> > phone. Or do you have no respect at all to the profession
> > of private detectives etc.?
>
> Didn't the Mossad do that to some terrorist leader? I've heard two
> versions: 1) the phone was rigged with a small explosive package. Mossad
> guy calls terrorist, makes some cryptic comment about impending demise, then
> bang, head goes splat. 2) Mossad tracked a guy's cell phone transmission and
> used it to target a missile.
>
> I've also heard we had a covert team in Iraq years ago who got caught, and
> the Iraqi intelligence service called somebody here - CIA, DIA, somebody -
> on one of the captured team's encrypted cell phones, informing us that our
> little secret mission was no longer much of a secret.
There was a story saying that a foreign company marketing
telephones (or other communication equipments I don't
remember now) in US had sort of a key built into it to
enable taping of messages.
M. K. Shen
Mok-Kong Shen
John Navas wrote:
>
> Panteltje <pant...@yahoo.com> wrote:
>
> >John Navas<spamf...@navasgroup.com> wrote:
>
> >>The notion that you can be tracked with your phone off is silly, but if you're
> >>still worried, have your phone checked for RF emissions when it's turned off.
> >>Tip: There won't be any.
>
> >Then a special code could be sent to that specific phone to give a burst for tracking
> >purposes (so when requested).
> >Modern GSM are highly programmable (you must have noticed) and you could write
> >your own code even without as much money as winning the Lotto, as Tom suggested.
> >NO they are not safe, yes I am electronics qualified, if you are going to kill Bush
> >at least remove the batteries.
> >Something for the CIA or NSA or dep. of home-security to have some guys 'modify'
> >phones and then channel these to their users.
> >Does seem pretty normal operation to me.
>
> ROTFL! That's ridiculous! (You're kidding -- right? If not, you really need
> to cut out the late night TV.)
I am not sure who is kidding and who is not. It could
possibly be that some others are ROTFL.
M. K. Shen
John S.
>completely *off*, and with the transmitter off, there is *no* way for the
>phone to be tracked.
The receiver however is on all the time. It is on in order to receive the pages
that indicate to the phone that there is an incoming call. You are correct
however in that the transmitter is OFF and cannot be tracked.
However, there is a dialog between the phone and the cellular system as the
phone travels around. It recognizes that it is losing signal and gaining
another base stations signal. It then will "speak up" and tell the system that
it has changed lovations.
A phone that is sitting on your desk, stationary, for a long period of time
doesn't notify the system that it is changing quadrants. In this instance the
system will from time to time "ask" the handset where it is. It will then
answer up.
But the receiver is ALWAYS on when the handset is switched on.
--
John S.
e-mail responses to - john at kiana dot net
Michael Amling
Josh III wrote:
> Granted, but at least on a Nokia 5180i (TracFone) this short burst occurs
> after the phone is seemingly powered down, i.e., The display lite is off
> and the screen is blank, then comes the burst.
One burst, coming at a fixed time after the display blanks, like
three seconds? And nothing thereafter?
> Might not be anything sinister, but there is a "perception of deception".
> Especially if you're paranoid with alot of modern electronics technology
> (including software) like myself. :D
--Mike Amling
Steven M. Scharf
> >
> > >> Safe enough for normal use.
> > >
> > >If you mean that for 'security', then I have no comment.
> >
> > I'm not worried that someone will go to all that trouble and expense
just to
> > listen in when I chat with my daughter.
> >
> > As for sensitive conversations, I *never* use *any* sort of wireless
phone for
> > that.
>
> So why do you care about the security of cell phones
> in the first place?
A CDMA cell phone, and even a GSM phone without A5/3,
is more secure than a wireline phone. A wireline is subject to
tapping anywhere along the pair between the handset and the
central office.
Steven M. Scharf
news:benh3h$gh2$2...@reader1.tiscali.nl...
> Well, not so hasty, a RECEIVER could be made that uses micro amps only.
> Then a special code could be sent to that specific phone to give a burst
for tracking
> purposes (so when requested).
Already receivers like that, but not in undoctored production phones (as far
as
we all know!). It's called "Wake On Radio", though the purpose is not
ostensibly for
tracking, it's to turn on dormant devices in the field. Very similar to
Magic Packet
(Wake on LAN), the technology that can turn on a computer than is in S4
(physically off but still plugged into the mains), when a specific packet is
detected
by the Ethernet device.
If you're concerned that your phone has been doctored to track you then you
could remove the battery as recommended at:
"http://www.mobilecloak.com/privacy/security.html"
but don't you think that the person that did the mods would have installed a
tiny
lithium cell to power the tracking device independent of the regular
battery.
nemo
Simon G Best
> Granted, but at least on a Nokia 5180i (TracFone) this short burst occurs
> after the phone is seemingly powered down, i.e., The display lite is off
> and the screen is blank, then comes the burst.
>
> Especially if you're paranoid with alot of modern electronics technology
> (including software) like myself. :D
A ""perception of deception""? What, the spies actually *want* you to
be suspicious?
Once you've pressed the 'off' button, is there any point in keeping the
display active? It seems the designers thought not, and so had it go
blank before the power-down process is complete.
Simon
John Navas
In <3F0FD5A4...@t-online.de> on Sat, 12 Jul 2003 11:32:20 +0200,
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>John Navas wrote:
>>
>> In <3F0F1DB1...@t-online.de> on Fri, 11 Jul 2003 22:27:29 +0200,
>> Mok-Kong Shen <mok-ko...@t-online.de> wrote:
>>
>> >John Navas wrote:
>>
>> >> .... If you know of an actual RFID consumer-level device that's active,
>> >> I'd be very interested.
>>
>> I didn't think so.
>
>What do you mean by this?
That you're just blowing smoke, trying to spread FUD.
>You don't think that I know
>whether there are consumer-level devices of that kind?
If you knew of any, you'd presumably say so.
>Does it matter whether I know or whether there exists
>such?
I think so. Otherwise you're just blowing smoke, trying to spread FUD.
There is *no* danger of being tracked by a cell phone that's been turned off.
John Navas
In <3F0FE063...@t-online.de> on Sat, 12 Jul 2003 12:18:11 +0200,
Mok-Kong Shen <mok-ko...@t-online.de> wrote:
This has gotten utterly ridiculous!
[follow-up set to alt.conspiracy.black.helicopters]
Josh III
This ceaseless bickering is counter-productive, borderline off-topic, let
alone just plain ole' *silly*! :)
"John Navas" <spamf...@navasgroup.com> wrote in message
news:5GVPa.1156$dk4....@typhoon.sonic.net...
Josh III
"Simon G Best" <s.g....@btopenworld.com> wrote in message
news:3F10279C...@btopenworld.com...
> A ""perception of deception""? What, the spies actually *want* you to
> be suspicious?
The deception perception I am referring to is when the cellphone is
*seemingly off* , for about 2-3 more seconds its really not.
....for those that haven't been keep up with this thread, we all should know
now from previous posts what the 'after off' burst is for, i.e., telling
the network goodbye.
>
> Once you've pressed the 'off' button, is there any point in keeping the
> display active? It seems the designers thought not, and so had it go
> blank before the power-down process is complete.
I'll have to crank up the ole' IC-R7100 receiver again to be sure, but I
think
its just one burst about 1-2 seconds after the display and display light
blink out.
Josh III
think its just one burst about 1-2 seconds after the display and display
light
blink out.
"Michael Amling" <nos...@nospam.com> wrote in message
news:3F100EF7...@nospam.com...
Steven M. Scharf
news:bepc67$lmb$1...@news.chatlink.com...
> Children! Children!
>
> This ceaseless bickering is counter-productive, borderline off-topic,
let
> alone just plain ole' *silly*! :)
There is an excellent solution, available on most news readers. In Outlook
it's
Tools>Message Rules>Blocked Senders List>
My newsreader is bright and clean now that I've blocked certain senders that
contribute to the ceaseless bickering, plus it removes the temptation to
engage
in it.
Mok-Kong Shen
Jan Panteltje wrote:
>
> "John Myre"
> <jm...@sandia.gov> wrote:
> >
> >The whole point is that the cell phone is a complex device, and
> >since the software can communicate even when the screen is
> >dark, how do we assure ourselves that it can't happen at other,
> >inconvenient times? Assurances that the manufacturers have no
> >vested interest in your conversations is not enough. Bugs and
> >unexpected interactions between features are common in many
> >contexts.
> >
> >JM
> I know it seems silly, but if I knew that 'they' were following me
> or trying to trace me down by my cell phone, I would mail it to say
> Alaska, with it 'on'.
> Then I would buy a prepaid handy and use that to commit the crimes
> that are the reason 'they' are following me.
> I think some of these have 48 hours or more standby, so send it by DHL.
>
> See the face of those cops as they raid the premises (likely postoffice)
> it was send too, or the Mossad missile hits the wrong location....
>
> But of cause I have now given away my little secret, so ......
> Hope this info is of use to anyone.
The idea has been there essentially. Years ago someone
told me about a fiction he read: An agent, knowing that
he would be 'silenced' by his colleagues after successful
completion of his mission, attached his device to a
truck. So the colleagues blindly followed the truck and
he was able to escape.
BTW, I happen to learn elsewhere two interesting URLs
about taping of telephone calls:
http://www.silicon.com/news/500009-500001/1/5093.html?rolling=2
http://www.pbs.org/cringely/pulpit/pulpit20030710.html
M. K. Shen
Jan Panteltje
<spamf...@navasgroup.com> wrote in
<Q8IPa.1027$dk4....@typhoon.sonic.net>:
>[POSTED TO alt.cellular.cingular - REPLY ON USENET PLEASE]
>
>In <benh3h$gh2$2...@reader1.tiscali.nl> on Fri, 11 Jul 2003 23:25:40 GMT, Jan
>Panteltje <pant...@yahoo.com> wrote:
>
>>On a sunny day (Fri, 11 Jul 2003 16:45:32 GMT) it happened John Navas
>><spamf...@navasgroup.com> wrote in <MQBPa.926$dk4....@typhoon.sonic.net>:
>
>>>The notion that you can be tracked with your phone off is silly, but if you're
>>>still worried, have your phone checked for RF emissions when it's turned off.
>>>Tip: There won't be any.
>
>>Well, not so hasty, a RECEIVER could be made that uses micro amps only.
>>Then a special code could be sent to that specific phone to give a burst for tracking
>>purposes (so when requested).
>>Modern GSM are highly programmable (you must have noticed) and you could write
>>your own code even without as much money as winning the Lotto, as Tom suggested.
>>NO they are not safe, yes I am electronics qualified, if you are going to kill Bush
>>at least remove the batteries.
>>Something for the CIA or NSA or dep. of home-security to have some guys 'modify'
>>phones and then channel these to their users.
>>Does seem pretty normal operation to me.
>
>ROTFL! That's ridiculous! (You're kidding -- right? If not, you really need
>to cut out the late night TV.)
No not kidding, look, even if the program for the firmware of the phone is in ROM
(not flash memory) most amateur electronic hackers could replace the code
(ROM) by some other one.
Things you will need is circuit diagram, type of processor used, and an assembler.
A good desoldering station, and some expertise with small surface mount devices.
It is done all the time for chips in *cant tell you* equipment.
Think TV decryption modules (CAMS).
If you do not think this happens you are incredible naive:-)
I would still consider this a low tech / medium tech attack.
JP
John Navas
In <bepvi7$305$2...@reader1.tiscali.nl> on Sat, 12 Jul 2003 21:44:40 GMT, Jan
Panteltje <pant...@yahoo.com> wrote:
>On a sunny day (Fri, 11 Jul 2003 23:56:32 GMT) it happened John Navas
><spamf...@navasgroup.com> wrote in
><Q8IPa.1027$dk4....@typhoon.sonic.net>:
>>ROTFL! That's ridiculous! (You're kidding -- right? If not, you really need
>>to cut out the late night TV.)
>No not kidding, look, even if the program for the firmware of the phone is in ROM
>(not flash memory) most amateur electronic hackers could replace the code
>(ROM) by some other one.
>Things you will need is circuit diagram, type of processor used, and an assembler.
>A good desoldering station, and some expertise with small surface mount devices.
>It is done all the time for chips in *cant tell you* equipment.
>Think TV decryption modules (CAMS).
>If you do not think this happens you are incredible naive:-)
No, I'm incredibly sane. :)
>I would still consider this a low tech / medium tech attack.
I would still consider this ridiculous.
Just Reading
...
> See <http://www.everything2.com/index.pl?node=GSM>:
>
> A5 is the family of ciphers used for ensuring privacy between the
> base station and the mobile. There is generally no security from the
> base station to the rest of the phone network. This is where law
> enforcement taps take place. End-to-end privacy (encryption between
> one phone and another) was not implemented at the system level.
>
> There are two versions of the A5 cipher. When the GSM standard was
> being created, there were worries from law enforcement and national
> security interests that the encryption would be too strong. Countries
> such as France wanted a weak cipher that was easy to break; countries
> with strong privacy laws such as Germany wanted a strong cipher that
> was difficult to break. NATO was worried about countries like Iraq
> gaining access to strong cryptography.
>
> The end result was that two versions were created: A5/1 and A5/2.
> A5/1 was the full version, and was used within Europe and the USA.
> A5/2 was export strength - i.e. it was a weak cipher. There was a
> minor scuffle when it was discovered that Australia had been sold
> A5/2.
>
> On April 10, 2000, Alex Biryukov, Adi Shamir, and David Wagner
> published a paper entitled "Real Time Cryptanalysis of A5/1 on a PC".
> In it, they detailed weaknesses in the algorithm and in it's
> implementation that allowed the retrieval of a key for an
> A5/1-encrypted conversation within one second, using a normal
> personal computer. A5/1 has been exposed as being totally pathetic.
>
> Furthermore, it was revealed that the cipher was fairly simple - it
> only used three linear feedback shift registers (basic cipher
> components), and the last ten bits of the key were always zero.
>
> The inescapable conclusion was that all versions of A5 - including
> A5/1 - had been deliberately weakened.
It may indeed be that A5/1 is easy to break, but I have not seen anyone
argue that A5/2 is not easier to break. Does anyone know why Cingular,
at least in the New England GSM850 area, have choosen to implement A5/2,
*not* the A5/1 "used within Europe and the USA"?
Both ATTTWS and TMobile *are* using A5/1, as the article above suggests.
Will Spencer
wrote:
>It may indeed be that A5/1 is easy to break, but I have not seen anyone
>argue that A5/2 is not easier to break. Does anyone know why Cingular,
>at least in the New England GSM850 area, have choosen to implement A5/2,
>*not* the A5/1 "used within Europe and the USA"?
>
>Both ATTTWS and TMobile *are* using A5/1, as the article above suggests.
For additional background information, check the GSM Security FAQ
entry on this topic at:
For detail, check _Cryptanalysis of the A5/2 Algorithm_ at:
http://gsmsecurity.com/papers/a52.pdf
My question to you is: Why do you believe that ATTWS and TMobile are
using A5/1? What is your reference?
Will Spencer
Webmaster: http://www.gsmsecurity.com
Just Reading
Personal observations -- I have a Nokia 6340i phone that in field test
mode, on screen 01-10, shows the Cipher being used when a call is in
progress. When getting service from Cingular I see 'A52' as the value;
when getting service from ATTWS or TMobile I see 'A51' as the value.
These were all seen in the Boston metro area, on a trip from metro west
to Logan airport.