Download - Cell Phone Security
Cell Phone Security
Linden Tibbets
Coen 150
5/28/2004
Introduction
Changed structure of our lives and the way we do business
Hundreds of models and services
Potential for major annoyance
Endless Uses
Store contact information Make task or to-do lists Keep track of appointments and set reminders Use the built-in calculator for simple math Send or receive e-mail Get news, entertainment, and stock quotes from the Internet Browse regular Internet sites Play simple games Integrate other devices such as PDAs, MP3 players, and GPS
receivers Use credit cards to buy products and services Download ring tones, games, and other programs for the specific
phone
Are They Secure?
Vast amounts of personal information– Personal Phone Book– Address– Credit Card Number– Email Password– Account Information
A Brief History
Concept Began in 1947– Researchers improve traffic of primitive car phones
by reusing freq. in smaller areas called ‘cells’– Federal Communications Commission (FCC)
hinders cell phone progress– Only enough channels for 23 conversations per cell– Not practical
The Cell Phone Boom
1967 FCC expands available frequencies 1973 Dr. Martin Cooper at Motorola makes first
cell phone call to his rival Joel Engel at Bell Labs
1983 First cell phone network in US (Chicago) 1987 Over a million users 2004 If you don’t have a cell phone your in the
minority
How Do They Work?
Inside the Cell Phone
Inner workings not much different than a personal computer
– RAM– CPU– Input – Output– Power Source
The Cellular Approach
At first only one tower per city (around 25 channels)
Now a provider has 832 freq. in each city
One cell uses 1/7 of these Share freq. Between cells Cell Phones are two way
devices so they use two separate channels
Frequency Breakdown
Provider has 395 total voice channels (more when it goes digital)
42 control channels for system signals 395 x 2(in/out) + 42 = 832 Frequencies
Definitions
Electronic Serial Number (ESN) - a unique 32-bit number programmed into the phone when it is manufactured
Mobile Identification Number (MIN) - a 10-digit number derived from your phone's number
System Identification Code (SID) - a unique 5-digit number that is assigned to each carrier by the FCC
When you first power up the phone, it listens for an SID on the control channel. The control channel is a special frequency that the phone and base station use to talk to one another about things like call set-up and channel changing. If the phone cannot find any control channels to listen to, it knows it is out of range and displays a "no service" message.
When it receives the SID, the phone compares it to the SID programmed into the phone. If the SIDs match, the phone knows that the cell it is communicating with is part of its home system.
Along with the SID, the phone also transmits a registration request, and the MTSO (Mobile Telephone Switching Office) keeps track of your phone's location in a database -- this way, the MTSO knows which cell you are in when it wants to ring your phone.
The MTSO gets the call, and it tries to find you. It looks in its database to see which cell you are in.
The MTSO picks a frequency pair that your phone will use in that cell to take the call.
The MTSO communicates with your phone over the control channel to tell it which frequencies to use, and once your phone and the tower switch on those frequencies, the call is connected.
As you move toward the edge of your cell, your cell's base station notes that your signal strength is diminishing. Meanwhile, the base station in the cell you are moving toward (which is listening and measuring signal strength on all frequencies, not just its own one-seventh) sees your phone's signal strength increasing. The two base stations coordinate with each other through the MTSO, and at some point, your phone gets a signal on a control channel telling it to change frequencies. This hand off switches your phone to the new cell.
Analog to Digital
Early phones were purely analog ‘radios’ To increase security and channel use
efficiency converted all calls to digital, encrypted and spread over the frequencies
Three methods to do this: FDMA, TDMA, CDMA
FDMA
Frequency division multiple access
Much like analog control except now calls are digital
Insecure since a call is set to specific frequencies.
TDMA
Frequency division multiple access
Splits calls up into different time slots.
Allocates only a certain amount of time on any given freq.
Introduces data encryption Basis for GSM (Global System
for Mobile Communications). Used everywhere except USA.
CDMA
Code division multiple access
Uses unique code in phone to encrypt the data then break it up into packets that are sent on a broad range of freq.
Further scrambles information
What Makes Cellular Insecure?
Physical Problems
Small and easily lost Most phones have a password lock but they
are easy to get around and nobody uses them Easy target for stealing personal information
Common Wireless Problems
Analog and FDMA phones easy to listen in on Needed $200 scanner and some technical
skills Overcome by CDMA and TDMA Still possible to crack yet much harder Cell network is much the same as a WLAN Lack security physical wires provide, anybody
can pick up the signal
Common Wireless Security contd.
The level of protection is limited– Slow data rates– Availability– High error rates due to the mobility of user– Limited computational power– Limited battery power
Encryption Problems
The limitations of the cell phone and its network disable the encryption and authentication process
Number of bits in the key must be low Number of handshakes or checks the authentication
scheme allowed is low as well Despite these limitations cell phones remain more
secure than most wireless networks due to the fast pace changes and the scrambling of data over multiple frequencies
Attacks, Interference, Other problems
Should We Still Worry
In order to listen in to a modern cell phone conversation an organization must be well funded and posses considerable technical skill
Even grabbing a credit card number would not enable you to turn a profit
Yet there remain problems with everyday cell phone usage
Cloning
Early days quite simple Figure out the ESN, MIN, SID Program other phones with these numbers and
all calls would be billed to one user’s account Harder to do today Still costs cellular providers over 500 million
dollars a year
Cloning in the Digital Age
Most phones carry all of the critical info on a SIMM card much like a smart card
Group of Berkeley researchers claimed to have cracked this encryption in 10 hours by sending a large number of challenges to the authorization module in the phone, compromising the security behind the GSM standard
Cloning in the Digital Age contd.
Claim the A5 cipher that keeps conversations private was made intentionally weaker by replacing the leading 10 bits of a 64-bit key with zeros
Blame the NSA for forcing the weakness in order to monitor cell phone traffic
SMS Attacks
Many phones use SMS messaging service Can send and receive messages to phones or
the internet Programs created to bomb a specific phone
with thousands of messages (DOS attack)– Jams the phone’s service– Uses up the user’s predetermined text limit
They Know Where You Are
Providers can pinpoint your location to within 100 feet if your phone is on
The constant check for signal strength creates the side effect of tracking locations and movement
A huge market for more invasive advertising– Track the consumer’s location– Send tailored ads to a cell phone based on the location of the
user– Consider how bad it is on the Internet and this doesn’t seem
so far fetched
Turn It Off in the Airplane
Signals have been proven to disrupt the workings of sensitive equipment
A single phone in a plane causes no problems, but a whole cabin full of phone users really could change the readings in some equipment
Other reports of cellular traffic having an effect on the payment systems at pay-at-the-pump gas stations
Jamming
Simple device used to send a signal on all available freq. in an area causing a cell phone to show no service bars
Already in use to protect the President from cellular phone bomb calls (similar to the bomb in Spain) while he is traveling
Illegal in the USA Restaurants and Movie theaters lobbying for such
devices to keep their places of business cell phone free
Conclusion
Just like secure computer networks, cell phones must make use of current data encryption schemes, authentication methods and physical security
In order for the cell phone to become a more useful tool in everyday lives it must first secure its current features and gain the trust of the millions of users who still watch what they say or do over the phone