What is preventing us from sniffing the mobile phone communication?

  • I'm learning wireless penetration testing. It really is amazing. But it made me wonder, what about mobile phones? They are also means of wireless communication. So, our entire voice must be in the air surrounding us. So,

    1. What makes it difficult to intercept?
    2. By the way, is there any standard like 802.11 for Wi-Fi, for telecommunication over mobile phones?

    as per your bounty, what extra information are you looking for? The questions below fully answer part 2 of your question, so I'm guessing you want something else from the first part?

    There isn't much preventing you from decrypting GSM/CDMA traffic, see chao-mu's answer. You need SRTP with ZRTP authentication for secured voice/video communications. Jitsi provides this for computers. Android has ZRTP via CSipSimple. See http://guardianproject.info/tag/zrtp/ and http://code.google.com/p/csipsimple/ and http://www.androidzoom.com/android_applications/zrtp ZRTP isn't likely outside Android and real computers, i.e. no ZRTP for iOS.

    Oops, it appears the zrtp.org plugin works on several other platforms, probably not as user friendly, but still.

    I say this without authority: I recommend removing the additional questions you added and turning them into additional separate question posts. I like that they are more specific than the originals, but they are now beyond this thread in its current state. Paraphrasing, "what makes interception difficult" and "what telecommunication protocols exist" while interesting are what all the work hereto performed have been devoted to, whether they missed the mark or not.

  • chao-mu

    chao-mu Correct answer

    9 years ago

    For telecommunications, check out GSM, CDMA, TDMA, and EDGE. The two competing protocols in the United States are GSM and CDMA. The resources linked below are lacking when it comes to CDMA, but using site:defcon.org and site:blackhat.com in your Google searches will turn up some presentations.

    For interception of GSM, I refer you to a white paper Intercepting GSM traffic from the BlackHat conference:

    Abstract: This talk is about GSM security. We will explain the security, technology and protocols of a GSM network. We will further present a solution to build a GSM scanner for 900 USD. The second part of the talk reveals a practical solution to crack the GSM encryption A5/1.

    The corresponding video of the presentation:

    Also a talk on cellular privacy and the Android platform:

    and a whitepaper on the Lawful Interception for 3G and 4G Networks (though see first comment on this answer):

    This document will first provide a brief description of the various evolutions of public mobile networks that have been commercially deployed, followed by a discussion on the evolution toward the newer “long term evolution” technologies. We then discuss possible configurations for lawful interception of the evolving mobile networks, followed by descriptions of approaches to 3G / 4G interception solutions now available from Aqsacom.

    And a SANS article on GSM security:

    Also note that smart phones typically just automatically connect to networks with SSIDs it remembers. Sniff the airwaves for beacons that it is sending out and set up an evil access point with a matching SSID. Launch a remote attack across the network or man in the middle the device and launch a client-side attack appropriate to the device.

    The main thing to note about Lawful Interception is that the voice data isn't encrypted as soon as it gets to the base station; so the govt only have to record it (with the co-operation of the telco); it is however encrypted between the phone and the base-station.

    @Savara The "encryption" is pretty weak, unfortunately.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM