PDA


View Full Version : "Scanner" Listening to Cell Phone Conversations


ptshpboy23
10-12-2005, 06:12 PM
I just got off the phone with a representative from a cable company who was attempting to sell me his VOIP plan, and during the conversation he mentioned that he had a friend... who had a neighbor... who had a scanner that was able to "listen in" on his neighbors phone conversations. Before you know it, he was the victim of identity theft.

Is there any truth to this statement? I mentioned the fact that this would be true only in "analog" cell phone conversations, and that digital would prevent that from happening. He then replied back that it doesn't matter since cell phones broadcast at particular frequencies that can be locked into.

Should I be worried... given these types of remarks?

Ramon197B
10-12-2005, 06:15 PM
I just got off the phone with a representative from a cable company who was attempting to sell me his VOIP plan, and during the conversation he mentioned that he had a friend... who had a neighbor... who had a scanner that was able to "listen in" on his neighbors phone conversations. Before you know it, he was the victim of identity theft.

Is there any truth to this statement? I mentioned the fact that this would be true only in "analog" cell phone conversations, and that digital would prevent that from happening. He then replied back that it doesn't matter since cell phones broadcast at particular frequencies that can be locked into.

Should I be worried... given these types of remarks?

You should only be worried if you do "analog" Roaming. Anybody can scan your siginal or trace your personal Info. Digital Roam prevents this. :Popcorn2:

ptshpboy23
10-12-2005, 06:17 PM
So if I am in a Sprint service area, and I am using their digital network, I can be rest assured that this type of thing cannot happen? I never roam anyway. And I never use Analog roam either.

Ramon197B
10-12-2005, 06:19 PM
So if I am in a Sprint service area, and I am using their digital network, I can be rest assured that this type of thing cannot happen? I never roam anyway. And I never use Analog roam either.


Yes, your safe. If you on Sprint Network, then you safe. Just make sure if you do Roam ever, dont use Analog Roaming, use Digital.

Sidenote: If you do use Analog raoming you are in risk of that happening, it does not happend to everybody, all the time. Depends where you at. I will still use digital over Analog.

FloorMatt
10-12-2005, 06:19 PM
You should only be worried if you do "analog" Roaming. Anybody can scan your siginal or trace your personal Info. Digital Roam prevents this. :Popcorn2:

I agree.

I have.....heard ( ;) ) of this type of scanning being done; your modern scanners prevent you from scanning the cellular frequencies.

Now, with an older scanner (or some with modifications), you can listen to cordless phones and cellular conversations. In alot of cases, you'll only hear ONE side of the conversation.

Now, I think it is possible to listen to digital calls......with alot of work. (I can't think of any specific methods, though.) Still wouldn't be worried about it.

ZiggyZ
10-12-2005, 06:20 PM
It is nearly impossible to tap into someones phone conversation with a scanner if they are using a CDMA phone. Not saying it's impossible, cause the technology does exist but there have not been any "known" cases or problems.

FloorMatt
10-12-2005, 06:22 PM
Yeah, that's another thing.......Spread Spectrum-type of communication devices......you can hear a conversation for a little bit, then get cut off. (If I can recall......it's been a while since I've messed with radios.)

Ramon197B
10-12-2005, 06:23 PM
I agree.

I have.....heard ( ;) ) of this type of scanning being done; your modern scanners prevent you from scanning the cellular frequencies.

Now, with an older scanner (or some with modifications), you can listen to cordless phones and cellular conversations. In alot of cases, you'll only hear ONE side of the conversation.

Now, I think it is possible to listen to digital calls......with alot of work. (I can't think of any specific methods, though.) Still wouldn't be worried about it.


Maybe in the future some Crack head will know how to do this. I dont think there anyway i can recall "digital Roaming" being trace or if its possible, as of now its not. Dont worry. If you are in sprint network, your safe.

+Eric
10-12-2005, 06:43 PM
Not unless you have some goverment letterhead and some serious cash, it would be next to impossible to get the equipment to "listen" in on and digital cell phone communications. The equipment does exist though.

You should have explained to him that using blatant lies and paranoia as a selling tactic is not only lame, but highlights his weakness as a professional salesman. Maybe that is why he's selling digial phone from a cable company though.

Ramon197B
10-12-2005, 06:50 PM
Not unless you have some goverment letterhead and some serious cash, it would be next to impossible to get the equipment to "listen" in on and digital cell phone communications. The equipment does exist though.

You should have explained to him that using blatant lies and paranoia as a selling tactic is not only lame, but highlights his weakness as a professional salesman. Maybe that is why he's selling digial phone from a cable company though.


I agree. :Popcorn2:

toidi
10-12-2005, 06:56 PM
ah i remember the days when scanners could pick up the old analog cell phones and cordless phones. it was always good for a laugh :)

Ramon197B
10-12-2005, 06:59 PM
ah i remember the days when scanners could pick up the old analog cell phones and cordless phones. it was always good for a laugh :)


There still people who has WIFI connections device (PSP, etc) can pick someone else wireless internet access. FREE INTERNET anyone? :coffee:

Still, you might go to jail by doing this.

Dan
10-12-2005, 07:09 PM
ah i remember the days when scanners could pick up the old analog cell phones and cordless phones. it was always good for a laugh :)


In my area, with A and B carriers for analog the frequencies would often go into an area that was not scanner blocked. I think it had alot to do woth the fact that you had 2 american companies and 2 canadian companies all bouncing off each others cell towers.


A funny side note though. I had my scanner on doing a search of all frequencies as I had lost the fire dept's frequency on my scanner and got the beginning of a cell phone call, which would have been normal but it was my girlfriend and her mother on the call. When my GF was due home, I called the house and told her to be nicer to her mamma, that I couldn't believe she was yelling at her mom for calling the cell phone. Then again, that was back when you got like 180 peak minutes a month for $30 so I could see her being upsset since her mom just wanted to know when she would be home.


Right after that call, I heard another one with some loser giving a phone sex place his credit card number out over the cell phone so he could get phone sex. Both of the calls I heard both end of the conversation, and I couldnt understand paying for phone sex and calling from your cell phone............. you could tell the guy was driving as you could actually hear it when it handed off from one tower to another!


Any hacker with time on his hands can develop a CDMA or GSM decoder, no different than encrypted files can be decoded by people you dont want looking at them if you have enough time on your hands. People with that time usually break into sites like whitehouse.gov and change the front page, etc

toidi
10-12-2005, 07:14 PM
There still people who has WIFI connections device (PSP, etc) can pick someone else wireless internet access. FREE INTERNET anyone? :coffee:

Still, you might go to jail by doing this.


this would have been almost 8 years ago. my dad had a very nice scanner, and it could pick up analog cell phones, this was of course before the FCC banned scanners that could pick up those bands

Ramon197B
10-12-2005, 07:17 PM
this would have been almost 8 years ago. my dad had a very nice scanner, and it could pick up analog cell phones, this was of course before the FCC banned scanners that could pick up those bands

still people still do it. Its odd really, they really cant offord netzero ($10) a month?

Dan
10-12-2005, 07:20 PM
still people still do it. Its odd really, they really cant offord netzero ($10) a month?


Or verizon / SBC yahoo! DSL starting at $14.95 a month? Thsts gonna hurt netzero, etc when they want extra for phone support and the phone companies will give it to you free to increase the number of users they have.

toidi
10-12-2005, 07:21 PM
still people still do it. Its odd really, they really cant offord netzero ($10) a month?


listening to something on a scanner is a lot different than stealing wifi for internet

Ramon197B
10-12-2005, 07:41 PM
listening to something on a scanner is a lot different than stealing wifi for internet


Yea its different. But you still doing something wrong. And its almost the same concept.

SteelersFan
10-12-2005, 07:53 PM
I hereby can confirm that when cell phones were still analog and on the 900 mhz, a scanner was able to pick up cell phone calls. This was also back in the days when someone could clone your phone. Technology has changed, and virtually all cell phones are digital, so that is no longer a viable means to listen to cell phone users. I believe now that most cordless phones are on different frequencies, the normal scanner user can no longer listen in to their neighbor's cordless either. Also, the FCC made it illegal for scanner makers to allow 900 mhz listening to cell phones. In some cases it was easy to clip a certain jumper wire and they would work again, but then after that I believe the FCC put a stop to that too. We're talking mid 1990s here.

toidi
10-12-2005, 08:09 PM
Yea its different. But you still doing something wrong. And its almost the same concept.


i haven't done that since i was in 6th grade, i am now out of highschool. when i did it there was no regulation on scanners.

nashI
10-12-2005, 08:10 PM
SteelersFan, so are you saying that CDMA phones cant be cloned now a days? just curious about your post.

SHAWNCOWDEN
10-12-2005, 08:55 PM
go to www.radioreference.com for police scanner info

nobody scanner user can scan the cdma, gsm, or tdma freqs gov probably can

only apco 25 can be monitored in digital and thats only if its in clear mode and cops & ps only use this form
analog can be heard but cant be trunk tracked "tower switching, hopping" as scanners dont track the old analog system by cell phones u can also hear analog cordless phones and they dont hop towers like celler does as their simplex and dont use towers digital is the best way to go

nashI
10-12-2005, 08:59 PM
seems like a cool site, too cluttered for my reading likes though.

SteelersFan
10-12-2005, 09:14 PM
SteelersFan, so are you saying that CDMA phones cant be cloned now a days? just curious about your post.

How could you ever get out of my message that I am suggesting that the average scanner user can listen to old analog 900 mhz phones? I thought I made it clear that FCC and technology has changed in the past 10 years. Hell if I know if its possible. I would put good money on the fact big brother (government) can monitor whatever they want. As for a normal scanner listener, I would highly doubt it.

nashI
10-12-2005, 09:20 PM
wow no offence but from your last post it almost sounds like you have no idea what your talking about. but i dont think thats the case in reality.

you even qouted me, I didnt say anything about scanning, "This was also back in the days when someone could clone your phone." I was referering to that line from your post. which would translate to "you cant clone phones anymore" atleast CDMA(throw in that for you).

I was just asking if thats what you meant, dont get all hostile on me.

SteelersFan
10-12-2005, 09:35 PM
NashI, I don't follow that scene closely. I don't know if phones today can be cloned. I know back in about 1997, when I lived in San Jose, CA, my phone was cloned. When I went to the digital network, they told me at the time there was a very very slim chance it could ever happen again. I would be lying if I told you I had some scientific reason for knowing something. And, yes, I was able to listen to 900 mhz. phone calls on my scanner back in the 1990s. Have I tried it in the last 5 or so years, no, and I don't see a need to try finding out, as it doesn't interest me. I am no expert, I was basing everything on personal experiences only. I'm not sure what you were expecting from me. Obviously, you know more about technology than I do, so I am done posting and will read all your knowledge on this in the future.

a_c_s
10-12-2005, 09:43 PM
To the OP,

I had my sprint phone cloned during a short 5 minute analog conversation outside the Lincoln tunnel in NYC about 5 years ago...there were a bunch of calls made on my account to Puerto Rico over 24 hours, and Sprint could tell right away it was not me...they actually called me from the fraud department to let me know...they just changed my ESN and the problem has never occurred again...and yes, when necessary, I'll still roam to analog...I just happened to do it in the wrong place at the wrong time years ago...not the end of the world...

that said, the reason the VOIP guy mentioned this is that he wants to sell you service...bottom line...btw, I have Vonage for my home phone and love it, but that's a whole different story...

nashI
10-12-2005, 09:43 PM
SteelersFan, cool we have something in common my analog phone got clonned in 1997 which really sucked I ended up with a gynormous bill that after much debate I didnt have to pay.

like I said I didnt mean to offend you, I just want to make sure it doesnt happen again to me and your post seemed pretty solid, so I was just asking for reasurance.

Madisn
10-12-2005, 10:25 PM
Back in 95 - 97 I used to chase tornados with a buddy across Oklahoma / Texas / Kansas. We had 5-6 radios (depending on what he loaded up that day) - 2 were simply scanners and the rest were for two way communications. On days that turned slow we would use the scanners to listen to cell phone calls - never heard anything good though but it was entertaining at the time... kind of "reality radio".

SteelersFan
10-12-2005, 10:35 PM
SteelersFan, cool we have something in common my analog phone got clonned in 1997 which really sucked I ended up with a gynormous bill that after much debate I didnt have to pay.

like I said I didnt mean to offend you, I just want to make sure it doesnt happen again to me and your post seemed pretty solid, so I was just asking for reasurance.

Everything is cool. I'm not an expert. Just was posting from my personal experiences. I had AT&T in the Bay Area when I was cloned. It wasn't until I got my bill that I knew it was cloned and several hundred $$. When I contacted the fraud department, they immediately knew the calling patterns were not consistent with what mine were. Several were to Puerto Rico, and one was an 800 number to Fredericks of Hollywood. I'm sure something very nice was ordered for the cloner's lovely lady :haha: They were very good about the whole incident and I didn't pay any more than what a monthly bill would have been. Soon afterwards I went to a digital signal and haven't had that problem again. I did think it was strange looking back on the month I was cloned, I'd get phone calls from people with very broken english and I just simply told them they had the wrong number. In 1998 when SprintPCS started placing tv ads, I purchased one of their $50 per month phones, with no contracts for my wife. I believe it was a flat 500 minute plan with no other features. When we moved to PA, my wife kept her Sprint phone and I stayed with AT&T for another year but absolutely hated it out here. Signals were marginal at best, so I switched to Sprint too. Since I actually got the Sprint service in 1998 for my wife, any time I have problems with my Sprint service, they always remark about being a long time subscriber. I guess that pulls some weight with them..who knows! Overall Sprint has been very good to us and I see no reason to ever change to any other carrier.

By the way, whatever happend to that no contract philosophy with them?? Its funny how times have changed and I'm constantly locking into 2 year agreement extensions for one reason or another. Hey, how many out there also had a bag phone for their first cellular phone? Come on, admit it, I can't be the only one!

nashI
10-12-2005, 10:43 PM
yeah well in my case I had a free phone from the cell phone company for some promotional work I did so I wasnt getting a bill, and my phone was cloned for two months , and the person who did it aparently gave the number to a bunch of other people. so suddenly I got a gynormous bill like I said before. first time getting a cell phone bill in over a year. it was almost 7 grand.

and by this time it seemed like I had been making the calls, so it took some convincing to show that they were originating from all sorts of areas to numbers that never had been dialed before in a 14 month period. anyway I lost my free service in the end which was a real bummer.

and I got a really great plan now so, I am being cautious and trying to keep up with whats going on.

hookedonitunes
10-12-2005, 10:49 PM
A FAQ answered... How easy is it to eavesdrop on CDMA cellular?

http://home.san.rr.com/denbeste/eavesdrp.html

nashI
10-12-2005, 10:52 PM
good article.

Dan
10-12-2005, 11:51 PM
Since I actually got the Sprint service in 1998 for my wife, any time I have problems with my Sprint service, they always remark about being a long time subscriber. I guess that pulls some weight with them..who knows! Overall Sprint has been very good to us and I see no reason to ever change to any other carrier.

By the way, whatever happend to that no contract philosophy with them?? Its funny how times have changed and I'm constantly locking into 2 year agreement extensions for one reason or another. Hey, how many out there also had a bag phone for their first cellular phone? Come on, admit it, I can't be the only one!

Sprint customer since 1998, on my own since 2000, and get compliments on my being a long term customer...... I guess it shows somehow that my phone had beenactive since 1998 or something.

The no contract philosophy was great for the customers and bad for sprint. Yes, phones were sold with no rebates, but you could get sick of poor servioce and dump sprint at a moments notice with no penalty. With the new contracts, sprubt can calculate how many customers will go the full 2 years, how many will cancel and pay the fee, how many will default on agreement and not willingly pay the fee, etc. Stock holders want to see steady revenues, not huge fluctuations of customers signing up and leaving!

Bag phone? no a bag phone was actually my 3rd phone. I had a moto 550 flip on cell one, then a moto 550 flip on frontier cellular (now VZW) and got a moto bag phone with magnetic antenna for use in rural ohio when I visited. Had 360 (now alltel) put me on a $16/month 30 peak UL off peak plan that I used when visiting to save the roaming charges. The nice thing was, I knew where to switch my NAM from frontier to 360 so I was never in a roaming zone. Now with sprint and fair and flex, such things are never needed :) Still have the bag phone for "just incase" though betwee my sprint phone and my prepaid cingular phone (just trying them out) I never get into an area that has no coverage :)

+Eric
10-13-2005, 01:40 AM
Any hacker with time on his hands can develop a CDMA or GSM decoder, no different than encrypted files can be decoded by people you dont want looking at them if you have enough time on your hands. People with that time usually break into sites like whitehouse.gov and change the front page, etc

Dood, you're not really being resonable with this statement. "hackers" have yet to figure out any way to decode CDMA or GSM encryption. And breaking into "whitehouse.gov" or any other website is completely different than breaking a serious encryption scheme. One thing, files on a webserver are not encrypted, so they are not even comparable. Serious work has been done, with massive amounts of computer power (with years of time) to try and break some of the best encryption schemes and they have yet to succeed. Do a little research before you start lumping things together and spreading mis-information.

CDMA, TDMA, iDen, GSM, all of them would be virtually impossible to "crack." It is possible, sure... anything is. But at the very least it would take thousands of very powerful computers YEARS to work it out. No one person, regardless of how smart is going to just sit down and come up with an answer.

It took distributed.net 250 days with the help of thousands of computers to find the correct solution to RSA Labs 56-bit encryption. Up that to 64-bit RSA encryption, and it took them 1,757 days, mind you with more and faster computers, their popularity grew. They started trying to find the key for RSA 72-bit encryption on December 3 of 2002!!!! and still haven't found it. On this project there have been 67,000 participants. Distrisbuted.net allows you and me to download a program, run it on our computers and help them try and find the keys. If you computer finds the key then you win 1000 dollars. It's been around for a long time, since '97. So the point is, 67,000 participants and over 1000 days running and still no key for 72bit encryption. To compare this, most secure websites use 128bit encryption, and 256bit is not uncommon for things that need to be a little more secure. But it doesn't stop there, because even 512bit, 1024bit and 2048bit encryption is available, just not resonable for your average person/business.

What the cipher strength of cell phone encryption is, I don't know. But you can bet it's VERY strong. To make matters harder, the way in which it is encrypted is not even public knowledge like most encryption schemes. Most release the source code so the general public can see that it is truely secure and there are no major holes/flaws. Cell phone encryption is NOT public knowledge.

Read the article above, and stop spreading paranoid rumors and mis-information, and stop using the word hackers!

Dan
10-13-2005, 02:19 AM
Dood, you're not really being resonable with this statement. "hackers" have yet to figure out any way to decode CDMA or GSM encryption. And breaking into "whitehouse.gov" or any other website is completely different than breaking a serious encryption scheme. One thing, files on a webserver are not encrypted, so they are not even comparable. Serious work has been done, with massive amounts of computer power (with years of time) to try and break some of the best encryption schemes and they have yet to succeed. Do a little research before you start lumping things together and spreading mis-information.

CDMA, TDMA, iDen, GSM, all of them would be virtually impossible to "crack." It is possible, sure... anything is. But at the very least it would take thousands of very powerful computers YEARS to work it out. No one person, regardless of how smart is going to just sit down and come up with an answer.

It took distributed.net 250 days with the help of thousands of computers to find the correct solution to RSA Labs 56-bit encryption. Up that to 64-bit RSA encryption, and it took them 1,757 days, mind you with more and faster computers, their popularity grew. They started trying to find the key for RSA 72-bit encryption on December 3 of 2002!!!! and still haven't found it. On this project there have been 67,000 participants. Distrisbuted.net allows you and me to download a program, run it on our computers and help them try and find the keys. If you computer finds the key then you win 1000 dollars. It's been around for a long time, since '97. So the point is, 67,000 participants and over 1000 days running and still no key for 72bit encryption. To compare this, most secure websites use 128bit encryption, and 256bit is not uncommon for things that need to be a little more secure. But it doesn't stop there, because even 512bit, 1024bit and 2048bit encryption is available, just not resonable for your average person/business.

What the cipher strength of cell phone encryption is, I don't know. But you can bet it's VERY strong. To make matters harder, the way in which it is encrypted is not even public knowledge like most encryption schemes. Most release the source code so the general public can see that it is truely secure and there are no major holes/flaws. Cell phone encryption is NOT public knowledge.

Read the article above, and stop spreading paranoid rumors and mis-information, and stop using the word hackers!

Dood, stop coming on here acting like you know it all! If a hacker can get into heavily encrypted sites on the internet, they can surely intercept your call if they wish to. If you read all of what I said, I had stated that to most hackers it would not be worth the time.

BTW, I'll use ANY word I want to! If you seriously think its impossible, their will surely be someone to prove you wrong. If they dont do it from the handset to the tower, how about on the fiber-optics and in all the computer switches? Wasn't it sprint that had viruses in the towers in ohio just a few months ago? Obviously someone sent a virus to the towers!

Im not worried about being hacked on my cell, i dont talk about anything impostant and dont give out CC number on it. If someone hacks my calls to listen or clones my ESN number, im not concerned as sprint will be the company eating the loss for unauthorized use.

How long untill all phones come with anti-virus software? We all download ringers from non-sprint sites and can not be sure what exactly we are putting on our phones.

I'm not paranoid, just realistic! for every code or encryption available, their is someone working on cracking it, and digital communication over the air is no different.

skrubol
10-14-2005, 01:05 PM
Evesdropping on GSM would be very very difficult. Evesdropping on CDMA would be nearly impossible. The parallel to internet hacking is quite flawed. Assuming we are talking about intercepting an over the air signal, to just acquire the data would require $100,000's worth of equipment most likely. CDMA uses DSSS (Direct Sequence Spread Spectrum) I believe which uses many small frequency bands simultaneously to transmit on. You would have to capture hundreds of bands to be assured of capturing one conversation I believe. Ok, now you've captured the data, and have a few gigs of raw data. You still don't know the hashing code that your targets phone is using, nor do you know which frequencies it's on. If you monitored the call setup channel, maybe you could get the hashing frequency if you knew the ESN of the phone you were after. If not, it's probably encrypted with the ESN as part of the key. Ok, so after you've crunched for 3 months to get the hashing code, you can then spend another few months processing the data, filtering out any extraneous signals etc.
I do not know enough specifics of CDMA to claim this is accurate, but you can be if it's not, it's simplifying the process.

+Eric
10-14-2005, 05:21 PM
skrubol,

You are on the right track. CDMA is very efficient and it does use Spread Spectrum. Spread Spectrum was developed by the army to thwart evesdropping and it's effective. A CDMA handset actually uses the ENTIRE spectrum when transmitting and receiving. One of the minor hurdles in decoding a CDMA signal would be finding the ESN of "call" you wanna listen in on.

This is truely a minor hurdle. Guess how many CDMA handsets have been produced over the years, it's certainly in the tens of millions. Each one has a UNIQUE ESN, and the handsets ESN is used to encode the transmission. Unlike with AMPS, ESN's ARE NEVER transmitted over the air with CDMA or TDMA(GSM, Iden, ect). The phone simply sends the cell it's MIN (usually it's phone number), and the cell looks up the ESN for that number in it's database. Now that the cell has the correct ESN for the handset it uses that to encode the transmission, and since the phone and the cell know the ESN, they both know how to decode the transmission. So in order to even THINK about attacking a CDMA signal, you would need engage in one hell of a brute force attack using ESN's. Even with hundreds of computers working on this, you would have to assume it would takes years and years and years to find the right one. Even if you knew the ESN, you still need to know the Walsh code, short code, and long code of the transmission so you can pull the packets you want out of the signal. And really, that's all moot anyway. Because if you knew the ESN, where did you get the info on the encryption scheme used to encode the transmission? The ESN is just he "key" to that encryption. As far as I know that's alone is a heavily guarded secret, and would take some corporate espionage to get it......... maybe I'm wrong on that but who cares, it still would be nearly impossible.

Bohemian Iconoclast
10-14-2005, 07:23 PM
...better to "break it down," IMNSHO...

A one-bit encryption key has two possibilities, one or zero...fifty-fifty odds.

Each level increases exponentially...two-bit has four options, three-bit has eight, four-bit has 16...etc...

CDMA uses a 128-bit encryption scheme...a computer might do it in years, a human probably never would, as there is not enough time to hack through "brute force."

Hope that makes it clearer. :)

nashI
10-14-2005, 07:40 PM
ewalt, getting an ESN is probably the most easiest in the whole process of your description. Maybe not by AIR but its certainly obtainable after all its written on the back of the phone, not a very heavily guarded nor a secret.

When my phone was cloned, the person who did it was like “hey let me check out your cool new phone, what kind of battery does this use” and he seemed to have had developed an amazing memory for remembering hex ESN numbers.

and Bohemian your right about a computer taking years to crack a 128 bit encryption scheme, but who uses one computer, someone who would want to crack this would use multiple computers with multiple threads doing it which would significantly decrease the amount of time it takes.

I don’t want to sound like an expert, just a victim. From everything I have read, it appears to be quite difficult to do this on CDMA.

+Eric
10-14-2005, 08:13 PM
nashI,

You're right, it's not hard to get someone's esn. But it's not even about that entirely. Lets say you just wanted to listen to random cellular traffic, how would you know what ESN's are using the signal you are listening to at what exact moment? You couldn't..... it's not reasonable. So lets move on to something a little different. Lets say you wanted to listen in on one particular persons call, and you do know their ESN. How easy would it be to know what tower they are using, or what sector on that tower if there is more than one? Again, this would be very difficult, if not impossible to know. You can be standing right next to someone with the same service you have, and be using an entirely different tower..... I mean, I guess IF you had the equipment, you'd be pulling all the air traffice your equipment could "hear." But you still have to seperate all that out and decipher it all. My point wasn't to try and say that the ESN is the strong point of the system, it's the system as a whole that makes it secure. My point is to illustrate the challenges you'd have with the ESN and encryption alone, as there would be so many other obstacles in your way. Even with the fact that the ESN is not all that heavely guarded, it's still provides a significant problem for anyone trying to subvert the system. What about the method of encryption? Is that public knowledge? Cause having the key alone (key = ESN) doesn't grant you access.

And even with multiple computers, it should still require years of processing time. Maybe I'm wrong..... but if you look at distributed computer efforts, they have thousands if not tens of thousands of computers at their disposal and it's still taking years.......

nashI
10-14-2005, 08:16 PM
good job.

Bohemian Iconoclast
10-14-2005, 09:04 PM
*snip*
and Bohemian your right about a computer taking years to crack a 128 bit encryption scheme, but who uses one computer, someone who would want to crack this would use multiple computers with multiple threads doing it which would significantly decrease the amount of time it takes.

I don’t want to sound like an expert, just a victim. From everything I have read, it appears to be quite difficult to do this on CDMA.


Actually, I was given a number to quote waaay back in 1998 (training at Wells Fargo for online bankinabout Netscape's encryption (also 128-bit)...be aware Moore's Law applies...

It would take ten thousand computers ten thousand years to break 128-bit encryption.

Make of that what you will...

nashI
10-14-2005, 09:09 PM
So what your saying is this is bigger than 911 times 1000.
Yes, Nine hundred and eleven thousand.

nashI
10-14-2005, 10:01 PM
Paste:
Of course, using a 128-bit key eliminates any problem at all because there are 2^128 instead of 2^40 possible keys. Using the same method (a networked of fast workstations) to crack a message encrypted with such a key would take significantly longer than the age of the universe using conventional technology. Remember that 128-bit is not just 'three times' as powerful as 40-bit encryption. 2^128 is 'two times two, times two, times two...' with 128 two's. That is two, doubled on itself 128 times. 2^40 is already a HUGE number, about a trillion (that's a million, million!). Therefor 2^128 is that number (a trillion), doubled over and over on itself another 88 times. Again, it would take significantly longer than the age of the universe to crack a 128-bit key.

Bohemian, acoording to that it would take a very long time, but from what you said last I am glad that we are in agreement that using mutiple computers would decrease the time. after all I did say it would be quite difficult to accomplish.

Bohemian Iconoclast
10-15-2005, 12:46 AM
:good: Well said...

Alchemy
10-15-2005, 04:00 AM
A bit of irony here is that many VoIP phone lines are not encrypted, including Vonage, according to techie discussions on the Vonage Forum. While you guys are [doing a great job of] discussing the fine points of the level of CDMA security, the comparison that started the discussion was to something comparatively very un-secure.

(I still use Vonage - my conversations shouldnt be of any interest to any digital-dinosaur data crunchers anyway :) )

Bohemian Iconoclast
10-15-2005, 12:10 PM
A bit of irony here is that many VoIP phone lines are not encrypted, including Vonage, according to techie discussions on the Vonage Forum. While you guys are [doing a great job of] discussing the fine points of the level of CDMA security, the comparison that started the discussion was to something comparatively very un-secure.

(I still use Vonage - my conversations shouldnt be of any interest to any digital-dinosaur data crunchers anyway :) )


Really?

Let's take a look:
I just got off the phone with a representative from a cable company who was attempting to sell me his VOIP plan, and during the conversation he mentioned that he had a friend... who had a neighbor... who had a scanner that was able to "listen in" on his neighbors phone conversations. Before you know it, he was the victim of identity theft.

Is there any truth to this statement? I mentioned the fact that this would be true only in "analog" cell phone conversations, and that digital would prevent that from happening. He then replied back that it doesn't matter since cell phones broadcast at particular frequencies that can be locked into.

Should I be worried... given these types of remarks?

The VOIP thing was just the point of departure to the question we ended up answering (thx dand411, ewalt and skrubol)...my guess is that direction would be offtopic, based on how I read the OP's intent... :p

plague
10-15-2005, 05:21 PM
...Spread Spectrum was developed by the army to thwart evesdropping and it's effective.

As far as I know, the Army already had encryption to defeat eavesdropping. The old PRC-77s had encryption modules added to them. Frequency hopping/spread spectrum was added to the SINCGARS and newer radios to defeat jamming and DF.

Draggar
10-15-2005, 05:45 PM
Sometimes, regular cordless phones (old ones) can be heard on a regular radio.

I'm willing to bet, though, what the person said was 99% sales pitch.

Alchemy
10-15-2005, 06:07 PM
Really?

Let's take a look:


The VOIP thing was just the point of departure to the question we ended up answering (thx dand411, ewalt and skrubol)...my guess is that direction would be offtopic, based on how I read the OP's intent... :p

I didnt mean to imply that you guys were off topic. Just noting that the very start included a report that a salesman was, in his salespitch, seemingly trying to imply that *all* cell phones were not secure compared to a home VoIP line, which was (with the possible exception of Skype) off-base. I included the comment that you were having a great discussion (which I have enjoyed reading) so as to, hopefully, not get a hostile response to contributing a comment. I'm not sure most people are aware that VoIP is usually not secure at all, tho based on the apparent knowledge level of the discussion, I have apparently annoyed you. I apologize for posting something that has been perceived as off topic.

Bohemian Iconoclast
10-15-2005, 07:48 PM
You don't have to apologize to me...I am not a mod/admin/whatever (thank Al Gore!).

Pointing out that VOIP isn't secure is important, so don't get me wrong...it's just...naaah...nevermind...

Vocoder4GV
10-16-2005, 07:22 AM
CDMA = tens of callers broadcasting on hopping frequencies and time slots with rolling codes that give you 4.3 trillion combinations per second of sound... pretty hard to crack. The equipment to do this is tens of thousands of dollars, VERY illegal, and very complicated.

+Eric
10-16-2005, 12:22 PM
I don't think discussing VOIP is at all off topic. I mean, maybe if we wanted to be really picky about what the topic is, I dunno. But it kind of defeats the purpose of it all if we are that way. As long as someone doesn't stray way away, llike talking about football lol, then I'd say why worry about it, talk about what you want.

Anyway, I didn't really think about VOIP's security as I've never really consider getting vonage or whatever for myself. But now that I've looked into it, you're absolutely right, it doesn't appear that it's secure at all, in any form. In fact, the vonage website does not attack the issue at all! Looking at some other info on VOIP it seems the best way to secure it is VPN links. That's not very reasonable for a company like Vonage or your local Cable company to set up and support. So it's quite funny that the salesman attacked cell phones as being not secure when in reality VOIP is a joke when it comes to security. In the end he was a weak salesman, not able to use the benefits/strengths of this product to sell it, so he turned to slamming the alternative with baseless lies and ignorance. He was just weak and desperate for a sale.

 
SprintUsers.com was created in January 2002 as a resource for users of Sprint PCS products and services to learn about and share information. We have cll phone reviews, Cellular Accessories, Downloads, PDA reviews, Ringtones, all of the latest Sprint PCS news and information, an area where you can find help in creating a ring tone or custom image for you phone, and so much more. The most popular section is the message board where visitors can read and write messages, ask questions, and get advice about their cellular phone from other users.