Cell phones for eavesdropping - finally some public "chatter"
/Pun intended on the subject line!/ Okay, so, we have all known cell phones are "dangerous". Stepping out of the cellular protocols security and vendor-side systems, and forgetting for a second about interception of transmissions through the air, Trojan horses/worms that may install themselves on the cell phone and even bluetooth risks, there is the long talked of risk of "operating" a regular un-tampered cell phone from a far and the risk of modified devices. Sorry for stating the obvious, but cell phones are transmitters. For years now paranoid people and organizations claim that eavesdropping through a cell phone is a very valid risk. Much like somebody pressing "send" by mistake during a sensitive meeting is a very valid yet different risk. Some of the stricter organizations ask you to do anything from (top to bottom) storing the cell phone in a safe, through shutting it off or removing the battery, and all the way to *only* "don't have that around here while we are in a meeting". Then again.. *most* haven't even heard of this risk. Forgetting even this risk, many of us even ignore the obvious. I usually ask people who talk to me while I'm on the phone "even if the NSA (for example) is not interested in what I have to say or not capable of intercepting it and even that I don't care if they heard my conversations... Should the person I talk to hear our conversation?" Lately there seems to be some more awareness about the "dangers" of cell phones. Knowing which risk is more of a threat than the other is another issue. It seems to me that other than in the protocols, where there has been a serious learning curve (and GPRS seems very promising), cellular companies keep doing the same mistakes, and we can see the security problems of the PC world reappearing in cell phones, much like those of the main frames re-appeared in PC's (to a level). History repeated. Heck, I can't even disable Java or the web browser in most cellular computers (we really should refer to them as computers now). Here are some URL's on the subject: Here is one about modified cell phones, which also mentions the risk of eavesdropping through a cell phone as mentioned above: http://www.interesting-people.org/archives/interesting-people/200206/msg0003 1.html Here is a product for sale, a cellular phone BUILT for eavesdropping: http://wirelessimports.com/ProductDetail.asp?ProductID=347 Also, check out the IEEE Pervasive article that mentions this problem area, although discusses more the issue of malware: http://csdl.computer.org/comp/mags/pc/2004/04/b4011abs.htm Or Google for "symbian +virus", for example. Thanks go to David Dagon for the links. ------ End of Forwarded Message ------------------------------------- You are subscribed as eugen@leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
participants (1)
-
Gadi Evron