serious threat models

Matt Blaze mab at crypto.com
Fri Feb 3 16:09:50 EST 2006


Yes, it's not at all clear from these stories just what was
going on or how "high tech" the attack would have to be. What does
"diverting" to a prepaid mobile mean?  Here's a possibility:
they "social engineered" or otherwise compromised the target account
to assigned it a new telephone number and forward the old number
to a prepaid account they control.  The "interceptor" box acts
as a "man in the middle" that receives calls at this prepaid account
and forwards them back to the target's "new" number (all the
while recording the content).

Such an arrangement would allow interception of incoming calls (but
not outgoing calls, unless they managed to get those forwarded
as well somehow -- perhaps there's a GSM feature that can do that,
too).  Cumbersome, but has the advantage to the attacker of not
requiring any custom software or features on the switch or
cryptanalysis of the over-the-air interface, just garden-variety
subscriber account compromise and cobbling together a couple of
off-the-shelf GSM handsets.

-matt

On Feb 3, 2006, at 4:15, Jaap-Henk Hoepman wrote:

>
> I wondered about that too. Do commonly used mobile phone switches  
> have built-in
> functionality to divert (or rather split) calls to another phone;  
> could this be
> done using phone conference facilities? or could you easily use  
> lawfull
> interception fucntionality...? In other words, could it be done by
> reconfiguring the switch?  Or would it require more drastic changes
> (software/hardware) to the switch (which makes the number of people  
> that could
> actually do this much smaller...)
>
> Jaap-Henk
> (who should have paid more attention to phone switches when he  
> worked at
> a telco... but everybody did internet there then ;-)
>
> On Thu, 02 Feb 2006 21:28:31 -0500 "Steven M. Bellovin"  
> <smb at cs.columbia.edu> writes:
>> I hate to play clipping service, but this story is too important  
>> not to
>> mention.  Many top Greek officials, including the Prime Minister, and
>> the U.S. embassy had their mobile phones tapped.  What makes this
>> interesting is how it was done: software was installed on the switch
>> that diverted calls to a prepaid phone.  Think about who could manage
>> that.
>>
>> http://www.guardian.co.uk/mobile/article/0,,1701298,00.html
>> http://www.globetechnology.com/servlet/story/RTGAM. 
>> 20060202.wcelltap0202/BNStory/International/
>>
>>
>> 		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>>
>>
>>
>> ---------------------------------------------------------------------
>> The Cryptography Mailing List
>> Unsubscribe by sending "unsubscribe cryptography" to  
>> majordomo at metzdowd.com
>>
>>
>
> -- 
> Jaap-Henk Hoepman           |  I've got sunshine in my pockets
> Dept. of Computer Science   |  Brought it back to spray the day
> Radboud University Nijmegen |        Gry "Rocket"
> (w) www.cs.ru.nl/~jhh       |  (m) jhh at cs.ru.nl
> (t) +31 24 36 52710/53132   |  (f) +31 24 3653137
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to  
> majordomo at metzdowd.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list