Telecommunications Interception
Telecommunications Interception can be perfomed at multiple points within a call. Some rely on 'bugs' on telephone lines, whilst others such as cell phone interception, may require specific hardware, or in some cases a laptop with a $60 piece of equipment and some time! As many customers are unaware of how they may have their calls intercepted, we have provided a brief analysis of the points where calls can be intercepted below. For detailed information relating to these vulnerabilities, please contact ESD.
Analysis of Telephony Vulnerabilities
The diagram below shows the major elements of a phone conversation, end-to-end. The table below shows the elements and description of each. For our customers reference, we have highlighted whether a Cryptophone call is vulnerable to this interception method. It is important to note that Cryptophone users must still be vigilant to 'bugging' devices located on their phones, however this risk is limited for mobile device users who keep the device on their person, and ESD Australia is well equipped to provide an electronic surveillance detection service if required.
The diagram below does not cover interception of calls at the telephone exchange or telecommunications provider - this is the typical method of interception by law enforcement, and as such limited in scope, but incidents have occurred of hackers penetrating exchanges and re-routing law enforcement 'taps' for their own use such as can be found described here.
Point |
Description |
| A | The physical desktop telephone can be monitored by installing a bug inside the telephone. Note: The eavesdropper would require access to install the bug or to replace the handset. A cordless telephone can be monitored with physical access. |
| B | Mobile telephones can provide intelligence to the eavesdropper through a number of attacks. The installation of a bug or additional software can allow the eavesdropper access to sensitive calls. Or the downloading of data from the handset using a cell phone forensics tool will provide the eavesdropper with all your contacts, call history etc. This also allows the eavesdropper to clone your sim card making remote interception easier. A unprotected phone can also become a victim of its own functionality an example is when a person uses a Bluetooth connect to obtain audio or data. Note: GSMK Cryptophones feature hardened operating systems to prevent the eavesdropper from installing malicious software or abusing the Bluetooth functionality. |
| C | The wiring from your desktop phone to the wall socket can also be bugged. This is done by replacing existing wiring or adapters with pre-bugged peripherals. A smart eavesdropper will replace your unit with an identical pre-configured device. |
| D | The wireless connection between your mobile phone and the cell tower is highly vulnerable to attack. This type of attack is usually done with a device known as a GSM Interceptor or IMSI Catcher. These devices act like a cell phone tower and listen to your call as it passes to the tower. GSM Interceptors are available in Asia for as low as $100,000 USD. And being the size of a briefcase they can easily be carried to a target location. |
| E | Apart from the phone line itself, your conversations can be monitored by using existing power, wiring, fittings and fixtures. A hidden camera or audio device can be used to gain information from sensitive meetings and either record for recovery later or transmitted to another location. Traditional bugging has come a long way. Devices may use carrier current, wiring, frequency hopping or burst transmissions. When a quality device is correctly installed it can provide intelligence for many months or even years utilising pre-existing power. Sophisticated devices start from $1000 USD. |
| F | The installation of monitoring equipment at the mobile phone tower is only effective if you know the subject is not going to move. Monitoring equipment may be discovered by technicians servicing the tower. Making it un cost effective to monitor at this point. GSM Interception is the most ideal method. |
| G | From your home or office your phone line makes its way to the street either by overhead or underground cable. The cable itself or a junction box can be used to locally bug your telephones. |
| I & J | Your calls can be monitored by the network by the telecommunications provider, governments or by malicious hackers without your knowledge from this point. |