Category Archives: Privacy

BSc thesis: Secure Data Transmission over Mobile Voice Channel

data_over_gsm_voice_channel

Student: Maksim Lind
Supervisor: Alexander Tkachenko
Reviewer: Ilya Verenich

Abstract: A number of attempts has been done to address the issue of mobile communication security. In this work, we describe an alternative solution, where security is enforced before any information reaches the phone. Sensitive information such as voice is processed in an external device and then passed into the mobile phone as an analog sound signal. The advantage of this approach is that the external unit and can be attached to any phone with a sound input. While building the system, we analyzed a number of existing solutions, tuned parameters and performed experiments.

Conclusion:
As a result, our system established a secure data connection with transfer speeds up to 2000 bps and a medial error rate of 21 percent. Because of the high error rate, the channel we provided was not reliable enough to carry a voice signal.

The work does not deal with key management problem, but assumes that both parties have established symmetric key beforehand.
The idea itself is pretty neat and has been commercialized by JackPair kickstarter project.

Links:
http://comserv.cs.ut.ee/forms/ati_report/datasheet.php?id=45531&year=2015

Estonian mobile operators vulnerable to interception, impersonation and tracking attacks

Estonian_mobile_operators_ss7_security

Estonian_mobile_operator_security

During the last CCC (31C3), several talks were given which analysed security provided by different mobile operators.

This document provides a security analysis of Estonia’s three mobile networks, based on data collected between October 2012 and December 2014. The analysis is based on data samples submitted to the GSM Map project. It compares implemented protection features across networks. All 3G networks in Estonia implement sufficient 3G intercept protection. None of the networks sufficiently protect against 2G intercept attacks. In all 2G networks, user impersonation is possible with simple tools. All 2G networks in Estonia allow user tracking.

Estonia allows 5 SS7 MAP messages to leak subscriber city location. Estonia allows 2 SS7 MAP messages to leak precise street-level subscriber location (200m). Estonia has 2 operators that leak subscriber keys. Leak of subscriber keys allows an attacker to decrypt calls and SMS of subscriber, by impersonating the network using a fake base station. Estonia has 2 operators susceptible to fraud via change of prepaid/postpaid status.

The EMT seems the most secure, TELE2 the worst secure.

Links:
http://gsmmap.org/assets/pdfs/gsmmap.org-country_report-Estonia-2014-12.pdf
http://ss7map.p1sec.com/country/Estonia/
https://www.youtube.com/watch?v=GeCkO0fWWqc
https://www.youtube.com/watch?v=lQ0I5tl0YLY

Estonian journalists discover global leak of mobile telelephone numbers

The site www.whocall.info enables to search for unlisted mobile numbers from all over the world. One can search by phone numbers: entering a number with the international dialing code (such as 372 in Estonia) will prompt the programme to produce the name of the owner of the number. The article’s author Piret Reiljan said that she found many numbers of high-ranking politicians, including Estonian prime minister Mr Taavi Rõivas.

The site does not perform the opposite search: it does not provide numbers of persons if one searches by name, so one has to previously know the number to get the owner’s name. Even so, it is scary to imagine that the search could also be made to work the other way around. It is not known how all these personal number and names might be used. All we know is that it provides numbers, which have been unlisted by their owners and which are not published anywhere.
The owner of the website is not known. The site itself does not provide any contact information besides the name Whocall Ltd.

“This domain name was registered on October 30 of this year, and its owners are not identifiable from public sources,” said RIA expert Veldre.

According to Veldre it is really possible that someone in various ways collected telephone numbers published on Internet and put them in super database. “The situation is complicated by the fact that under the law of another country may be the case that such information gathering and serving is legal activity. I believe that the Data Protection Inspectorate have their say on this issue,” said the expert.

Veldre added, however, that if it is confirmed that the database contains numbers that should not be publicly available and their owners confirm that they did not made their numbers public, them it maybe be possible to find out how these numbers were leaked.

Links:
http://www.balticbusinessnews.com/?PublicationId=ac63e73d-4922-4f28-9675-a2629bb087c7
http://www.aripaev.ee/uudised/2014/11/26/ekspert-ehk-isegionnestub-lekkimise-koht-tuvastada-
http://www.aripaev.ee/uudised/2014/11/26/uks-lekkekoht-facebook