Cell Phone Security

1
Cell Phone Security

• Linden Tibbets
• Coen 150
• 5/28/2004

2
Introduction

• Changed structure of our lives and the way we do
  business
• Hundreds of models and services
• Potential for major annoyance

3
Endless Uses

• Store contact information
• Make task or to-do lists
• Keep track of appointments and set reminders
• Use the built-in calculator for simple math
• Send or receive e-mail
• Get news, entertainment, and stock quotes from
  the Internet
• Browse regular Internet sites
• Play simple games
• Integrate other devices such as PDAs, MP3
  players, and GPS receivers
• Use credit cards to buy products and services
• Download ring tones, games, and other programs
  for the specific phone

4
Are They Secure?

• Vast amounts of personal information
• Personal Phone Book
• Address
• Credit Card Number
• Email Password
• Account Information

5
A Brief History
6

• Concept Began in 1947
• Researchers improve traffic of primitive car
  phones by reusing freq. in smaller areas called
  cells
• Federal Communications Commission (FCC) hinders
  cell phone progress
• Only enough channels for 23 conversations per
  cell
• Not practical

7
The Cell Phone Boom

• 1967 FCC expands available frequencies
• 1973 Dr. Martin Cooper at Motorola makes first
  cell phone call to his rival Joel Engel at Bell
  Labs
• 1983 First cell phone network in US (Chicago)
• 1987 Over a million users
• 2004 If you dont have a cell phone your in the
  minority

8
How Do They Work?
9
Inside the Cell Phone

• Inner workings not much different than a personal
  computer
• RAM
• CPU
• Input
• Output
• Power Source

10
The Cellular Approach

• At first only one tower per city (around 25
  channels)
• Now a provider has 832 freq. in each city
• One cell uses 1/7 of these
• Share freq. Between cells
• Cell Phones are two way devices so they use two
  separate channels

11
Frequency Breakdown

• Provider has 395 total voice channels (more when
  it goes digital)
• 42 control channels for system signals
• 395 x 2(in/out) 42 832 Frequencies

12
Definitions

• Electronic Serial Number (ESN) - a unique 32-bit
  number programmed into the phone when it is
  manufactured
• Mobile Identification Number (MIN) - a 10-digit
  number derived from your phone's number
• System Identification Code (SID) - a unique
  5-digit number that is assigned to each carrier
  by the FCC

13

• When you first power up the phone, it listens for
  an SID on the control channel. The control
  channel is a special frequency that the phone and
  base station use to talk to one another about
  things like call set-up and channel changing. If
  the phone cannot find any control channels to
  listen to, it knows it is out of range and
  displays a "no service" message.

14

• When it receives the SID, the phone compares it
  to the SID programmed into the phone. If the SIDs
  match, the phone knows that the cell it is
  communicating with is part of its home system.
• Along with the SID, the phone also transmits a
  registration request, and the MTSO (Mobile
  Telephone Switching Office) keeps track of your
  phone's location in a database -- this way, the
  MTSO knows which cell you are in when it wants to
  ring your phone.

15

• The MTSO gets the call, and it tries to find you.
  It looks in its database to see which cell you
  are in.
• The MTSO picks a frequency pair that your phone
  will use in that cell to take the call.
• The MTSO communicates with your phone over the
  control channel to tell it which frequencies to
  use, and once your phone and the tower switch on
  those frequencies, the call is connected.

16

• As you move toward the edge of your cell, your
  cell's base station notes that your signal
  strength is diminishing. Meanwhile, the base
  station in the cell you are moving toward (which
  is listening and measuring signal strength on all
  frequencies, not just its own one-seventh) sees
  your phone's signal strength increasing. The two
  base stations coordinate with each other through
  the MTSO, and at some point, your phone gets a
  signal on a control channel telling it to change
  frequencies. This hand off switches your phone to
  the new cell.

17
Analog to Digital

• Early phones were purely analog radios
• To increase security and channel use efficiency
  converted all calls to digital, encrypted and
  spread over the frequencies
• Three methods to do this FDMA, TDMA, CDMA

18
FDMA

• Frequency division multiple access
• Much like analog control except now calls are
  digital
• Insecure since a call is set to specific
  frequencies.

19
TDMA

• Frequency division multiple access
• Splits calls up into different time slots.
• Allocates only a certain amount of time on any
  given freq.
• Introduces data encryption
• Basis for GSM (Global System for Mobile
  Communications). Used everywhere except USA.

20
CDMA

• Code division multiple access
• Uses unique code in phone to encrypt the data
  then break it up into packets that are sent on a
  broad range of freq.
• Further scrambles information

21
What Makes Cellular Insecure?
22
Physical Problems

• Small and easily lost
• Most phones have a password lock but they are
  easy to get around and nobody uses them
• Easy target for stealing personal information

23
Common Wireless Problems

• Analog and FDMA phones easy to listen in on
• Needed 200 scanner and some technical skills
• Overcome by CDMA and TDMA
• Still possible to crack yet much harder
• Cell network is much the same as a WLAN
• Lack security physical wires provide, anybody can
  pick up the signal

24
Common Wireless Security contd.

• The level of protection is limited
• Slow data rates
• Availability
• High error rates due to the mobility of user
• Limited computational power
• Limited battery power

25
Encryption Problems

• The limitations of the cell phone and its network
  disable the encryption and authentication process
• Number of bits in the key must be low
• Number of handshakes or checks the authentication
  scheme allowed is low as well
• Despite these limitations cell phones remain more
  secure than most wireless networks due to the
  fast pace changes and the scrambling of data over
  multiple frequencies

26
Attacks, Interference, Other problems
27
Should We Still Worry

• In order to listen in to a modern cell phone
  conversation an organization must be well funded
  and posses considerable technical skill
• Even grabbing a credit card number would not
  enable you to turn a profit
• Yet there remain problems with everyday cell
  phone usage

28
Cloning

• Early days quite simple
• Figure out the ESN, MIN, SID
• Program other phones with these numbers and all
  calls would be billed to one users account
• Harder to do today
• Still costs cellular providers over 500 million
  dollars a year

29
Cloning in the Digital Age

• Most phones carry all of the critical info on a
  SIMM card much like a smart card
• Group of Berkeley researchers claimed to have
  cracked this encryption in 10 hours by sending a
  large number of challenges to the authorization
  module in the phone, compromising the security
  behind the GSM standard

30
Cloning in the Digital Age contd.

• Claim the A5 cipher that keeps conversations
  private was made intentionally weaker by
  replacing the leading 10 bits of a 64-bit key
  with zeros
• Blame the NSA for forcing the weakness in order
  to monitor cell phone traffic

31
SMS Attacks

• Many phones use SMS messaging service
• Can send and receive messages to phones or the
  internet
• Programs created to bomb a specific phone with
  thousands of messages (DOS attack)
• Jams the phones service
• Uses up the users predetermined text limit

32
They Know Where You Are

• Providers can pinpoint your location to within
  100 feet if your phone is on
• The constant check for signal strength creates
  the side effect of tracking locations and
  movement
• A huge market for more invasive advertising
• Track the consumers location
• Send tailored ads to a cell phone based on the
  location of the user
• Consider how bad it is on the Internet and this
  doesnt seem so far fetched

33
Turn It Off in the Airplane

• Signals have been proven to disrupt the workings
  of sensitive equipment
• A single phone in a plane causes no problems, but
  a whole cabin full of phone users really could
  change the readings in some equipment
• Other reports of cellular traffic having an
  effect on the payment systems at pay-at-the-pump
  gas stations

34
Jamming

• Simple device used to send a signal on all
  available freq. in an area causing a cell phone
  to show no service bars
• Already in use to protect the President from
  cellular phone bomb calls (similar to the bomb in
  Spain) while he is traveling
• Illegal in the USA
• Restaurants and Movie theaters lobbying for such
  devices to keep their places of business cell
  phone free

35
Conclusion

• Just like secure computer networks, cell phones
  must make use of current data encryption schemes,
  authentication methods and physical security
• In order for the cell phone to become a more
  useful tool in everyday lives it must first
  secure its current features and gain the trust of
  the millions of users who still watch what they
  say or do over the phone