- Ensure that your voice mail accounts has a strong password
- Ensure that you do not allow individuals to download software on your cell phone and take precaution over what software you download
- Ensure that law enforcement agencies and governments have proper phone tapping policies, strict laws to deal with illegal taps, and proper processes for implementation of legal taps to ensure the system is not misused
Wednesday, February 16, 2011
Six ways your phone can be illegally tapped
Phone tapping in India has become a national concern with a leading operator revealing that at peak there are upto 100 phone tapping requests a day. In India there are ten major operators, at a conservative average of 50 taps a day per operator, there would be 182,000 authorized phone taps each year. Not a significant number for a country of 500 million cell phones considering the real need to tap corrupt officials, drug dealers, suspected terrorists, mafia and other antisocial elements.
To meet this requirement over 2000 such phone tapping equipment was imported by private security agencies, large businesses besides police and government agencies. Since phone taps are authorized only by the government, it is quite probable that some of the equipment in private hands is being used illegally for spying on politicians and businessmen.
There are six ways in which modern phone systems can be illegally tapped for corporate espionage and spying:
1) Use of Over the Air technology
Modern phone tapping equipment uses over the air technology and does not require to be installed within the premises of the telecom operators. These devices can record conversations of a person within a range of 2 kilometers; all one has to do is to feed in the particular mobile number. Such equipment has reportedly been imported by private agencies in India over the last five years.
2) Unauthorized use of the Lawful Interception System in Telecom Companies
Employees of the Telecom company or security agency can use the telecom company’s lawful interception system to illegally tap phone and delete any audit trails. In a recent case in India where a politician claimed his phone was tapped it was found to out that an employee of a security agency, on contract with a telecom service provider, using a forged letter, was involved in an unlawful tapping.
3) Using Off the shelf software installed on smart phones
In a related post titled "I can spy on your mobile and read your SMSes" , I wrote about the ease where any person could download software to spy on another user’s cell phone. This requires access to the phone or the ability to induce the cell owner to download the software.
4) Voice mail Hacks
Voice mail accounts can be accessed via different telephones provided the password is known. Many users may use weak passwords or default passwords which may allow a third party to hack into voice mail accounts. There is a long running story of phone hacking of voicemails in UK, which saw the News of the World's (NoW) royal editor and a private investigator, jailed for hacking into the mobile phones of royal aides. In July 2009, the Guardian newspaper claimed NoW journalists were involved in hacking up to 3,000 public figures.
5) Sophisticated bugs on Telephone Exchanges
In early March 2005, Vodafone’s network in Greece was infiltrated by phone-tapping software using sophisticated bugging techniques targeting cell phones of senior police and defense officials, cabinet members and the prime minister himself. The bugging operation used two pieces of sophisticated software. The equipment providers own lawful intrusion software and a rogue software that the eavesdroppers implanted in parts of Vodafone’s network to activate the interception feature in the equipment and at the same time hide all traces that the feature was in use. The software allowed the cell phone calls of the targeted individuals to be monitored via 14 prepaid cellphones. Obviously such software was designed by an organization with access to similar network equipment.
6) Exploiting flaws in Base Station Design
In a recent conference, security researchers demonstrated how a fake base station could be set-up to route user call through and eavesdrop on them in the process. The system exploited a weakeness in the GSM authentication process and was relatively cheap and easy to set-up and install.