Big Brother Is Listening
More People Can Tune In
To Your Cellphone Conversation
Than You Think
We tend to gab away on our mobile phones assuming that no one is listening. If you've ever sat on public transportation, in a restaurant or in a cinema you'll know how daft that assumption is. For some reason having a phone against our ear makes us suddenly loquacious and disproportionately loud, allowing more or less anyone to hear at least one side of the conversation. But how about if someone wants to listen to both parties? How hard is that, and what can we do to stop it?
Well, first off, eavesdropping (named charmingly after the Saxon problem of one person's roof dripping rainwater onto another person's property) isn't that hard with cellphones, although it's getting harder. Conversations on early, analog-based cellphones weren't encrypted and so therefore were accessible to any resourceful radio hobbyist. GSM phones (short for Global System for Mobile communication), which account for more than 80% of the world's cellphones, are more secure, but not as secure as you might think. For one thing, while cellular traffic may be encrypted between the handset and the base-station -- the fixed aerial that sits atop buildings or on roadsides and shuffles cellular traffic between the user and the network -- it's not usually encrypted when it's traveling elsewhere on the network, or between networks. For another thing, any encryption that does exist is, well, spotty. "Eavesdropping of GSM networks is quite easy to do," says Roman Korolik, managing director of SecureGSM, a software provider in Australia.
There are several ways to do this. If you're a government, you can listen to all the unencrypted traffic inside the network, usually via a box at the cellular operator's offices. If you want to vacuum up lots of conversations, you could also tap into the network's microwave or satellite links.
But even if you don't have these resources, you could hack into the traffic between base station and end-user, through something called an IMSI catcher. It is basically a glorified laptop that impersonates a base-station. An IMSI catcher (the IMSI stands for "International Mobile Subscriber Identity," the identifier linked to the SIM card that gives a GSM phone its number) will fool the phones in that area into funneling their calls through it, allowing the bad guy to listen to your calls.
No one seems to know how many of these devices are out there. Jane's Defence Weekly last year reported that Vietnam had bought two Passive GSM Monitoring Systems from a London-based company called Silver Bullet Ltd. The two units, which look like oversize laptops, allow for "fast, reliable, and undetectable interception of GSM traffic," according to the company's literature. Although it doesn't say so, this appears to be a glorified kind of IMSI catcher. (Silver Bullet didn't respond to email and telephone requests for comment.) So who else has these kinds of tools? "I can't say with any certainty," says Bangkok-based journalist Robert Karniol, who wrote the Jane's report. "I can only assume that pretty well every country in Asia and beyond has some sort of capability."
So what can you do about it? Well, the obvious thing would be to avoid talking about sensitive matters over the phone. Failing that, the answer is to turn what you're saying into something that other people can't understand -- by encrypting it. There are quite a few companies keen to sell you devices that do this. Perhaps unsurprisingly, some of them happen to be the same companies selling eavesdropping products: Silver Bullet, for example, also offers a range of encryption devices including the SilverShield, a device that attaches to the end of some cellphone models. Indeed, most such products are hardware based, making them expensive and quickly out of date in the fast moving world of cellphone technology.
But starting to appear are tools that make this easier and cheaper. SecureGSM, for example, started selling software last year that encrypts traffic between two GSM phones running Microsoft Windows Mobile software. A United Kingdom-based company called Voylent Security has just launched a similar product for phones such as Nokia's that use the Symbian operating system. It's pretty simple to use: Install the software on both phones and dial a prefix before the actual number. Instead of the call traveling through the normal voice channel, it is encrypted and sent as Circuit Switched Data, or CSD, through a separate channel. The data is then decrypted at the other end. There's a slight delay but nothing more noticeable than on an Internet telephone call.
Their customers? For SecureGSM, companies involved in research and development, finance, mineral exploration or stock exchanges and the like. "The majority of people talk to their grandmother about what they had for lunch. They don't really care," says Melbourne-based Mr. Korolik. "But businesses...do need it if they operate in areas where the information they speak about could be used by somebody." Voylent, which offers a version of its Symbian encryption free for individual use, says its main target markets are financial service providers and law-enforcement agencies.
I'm not suggesting you go out and get this stuff and start encrypting all your calls. But it's probably worth bearing in mind that it's relatively easy to eavesdrop on your cellphone conversation and that it may not be the best medium for passing along sensitive information. And all the encryption in the world won't help if you choose to make your phone calls within earshot of dozens of other people.
手机窃听易如反掌 加密措施见招拆招
你的手机究竟有多安全?
我们经常拿着手机闲聊,以为没有人会听我们的谈话内容。但是如果你坐过公共汽车、去过餐馆或者去过电影院,你就会知道,这种想法是多么地愚蠢。由于某种原因,将手机抵在耳朵上会让你突然变得特别多话,而且声音明显放大,因此多多少少会有人听到了至少一方的谈话。那么,是不是有些人还听到了两方的谈话?这个难度究竟有多大?我们又该如何应对呢?
其实,窃听手机谈话并不难,尽管现在它的难度在日益增大。早先的模拟手机通话都没有经过加密,一个设备齐全的无线电爱好者就可以轻松窃听。而全球移动通信系统(Global System for Mobile communication, GSM)则更安全一些,目前全球有80%的手机用户在使用这一系统,但它也没有你想像的那么安全。首先,虽然手机通话流量在手机与基站之间的传输中或许被加密,但当它在网络中的其他地方或者在网际之间穿梭时却往往未被加密。其次,现有的任何加密手段都存在缺陷。“窃听GSM网络非常容易,”澳大利亚软件供应商SecureGSM的董事总经理罗曼?科罗利克(Roman Korolik)说。
有很多办法可以做到这一点。如果你是政府官员,通过手机运营商办公室里的一个盒子就可以听到网络内部所有未经加密的信息。如果你还想收听大量谈话,你可以进入该网络的微波段或者卫星信号来接受。
即便你没有这些资源,你仍可通过国际移动用户识别码(International Mobile Subscriber Identity, IMSI)捕集器来捕捉基站与终端用户之间的信息。它基本上是一部能够仿冒基站的笔记本电脑。IMSI捕集器干扰周围区域的手机将通话信息通过它来传输,这样某些人就可以窃听你的电话了。
没有人知道市面上究竟有多少这样的窃听设备。《简氏防务周刊》(Jane's Defence Weekly)去年报导,越南从一家名为Silver Bullet Ltd.的伦敦公司手中购买了两部被动式GSM移动电话监听系统(Passive GSM Monitoring Systems)。两部设备酷似超大型笔记本电脑,据说明书称,该设备可“快速、可靠、不被察觉地窃取GSM信息。”尽管公司未明确表示,但这看上去更像是豪华版IMSI捕集器。(Silver Bullet未回复记者的电子邮件及电话采访。)
还会有谁拥有这样的设备?《简氏防务周刊》这份报告的作者、驻曼谷的罗伯特?柯尼尔(Robert Karniol)说,“这个我无法肯定。”他说,“我觉得亚洲及其以外的每个国家都有一定的窃听能力。”
那么你该如何应对窃听?最简单的办法就是避免通过电话谈一些敏感话题。做不到?那就试着把你说的内容变成其他人无法理解的信号--把它加密。有很多公司会特别热衷于向你推销加密设备。如果你发现它们当中有哪家公司同时还出售窃听产品,这一点儿也不奇怪:比如,Silver Bullet就提供附加在手机终端上的SilverShield等一系列加密设备。事实上,大多数此类产品要靠硬件发挥作用,因此往往价格昂贵,并且随着手机技术的更新换代很快就过时了。
不过,一些既便宜又好用的加密工具已开始涌现。比如,SecureGSM去年开始销售的一种软件,它可以对运行微软(Microsoft) Windows Mobile的GSM手机间的通话加密。英国的一家名为Voylent Security的公司也刚刚推出类似产品,适用于采用Symbian操作系统的诺基亚(Nokia)手机及其他类似手机。它用起来非常简单:在两部手机上都安装上这种软件,拨打电话时只要在被呼叫号码前加上一个预先设定的号码即可。普通电话都通过正常的语音渠道传输,而采用该软件的手机通话则被加密,并作为电路交换数据(Circuit Switched Data, 简称CSD)通过一个特定的渠道传输。之后,该数据会在另一端解密。这会导致语音延迟,但绝对不会像网络电话那样明显。
有谁会成为他们的客户?对SecureGSM来说,研发、金融、采矿或股票交易所等各类公司都可能成为他们的客户。“大多数人只是通过手机闲聊,比如告诉祖母他们午餐吃了什么。他们根本不在乎是否会被窃听,”驻墨尔本的科罗利克说。“但企业……如果他们谈话的内容可能被某些人利用的话,就真的很需要加密设备。”Voylent称,它的目标市场主要是金融服务供应商和执法机构。该公司也向个人用户提供一款免费的Symbian加密软件。
我并不是说你一定要去买一个加密设备或软件将你所有的谈话都加密。不过有一点值得牢记在心:窃听手机通话非常容易,手机也许并不是交流敏感信息的最好途径。而且如果你在几十个人当中大声地讲电话,恐怕再好的加密措施也无济于事了。
Jeremy Wagstaff
