Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

How to hack a mobile call

Long-used mobile phone security was hacked in December, and a hack for 3G protection was not far behind. But how do you actually go about grabbing the signals from the sky? An expert talks us through the process and the danger for businesses.11 Feb 2010

A text transcription follows.

This transcript is for anyone with a hearing impairment or who for any other reason cannot listen to the MP3 audio file.

The following is the text spoken by OUT-LAW journalist Matthew Magee.

Hello and welcome to OUT-LAW Radio, where we hope to keep you up to date with the latest news and the most fascinating features from the world of technology law.

My name is Matthew Magee, and this week we ask a mobile phone security expert exactly how crooks will go about listening in to your mobile phone calls now that mobile encryption has been compromised.

But first, here are some of the top stories from OUT-LAW.COM, where you can read breaking technology law news throughout the week.

ISP off the hook for users' infringements


E-commerce sites improve their legal performance

An ISP was not liable for the copyright infringement of its customers, an Australian court has ruled, in what the judge claimed was the world's first full trial of its kind. Australian and UK law on copyright liability are very similar.

Roadshow Films lost its case against internet service provider (ISP) iiNet in the Federal Court of Australia when the judge ruled that iiNet's provision of internet access did not mean that it had 'authorised' the copyright infringing behaviour of its subscribers.

In a double victory for ISPs the judge said that even if he had agreed that the ISP had shared culpability for the copyright infringements it would not have been liable because it had an adequate policy for dealing with infringement in place and so enjoyed 'safe harbour' under Australia's copyright law.

The case will be vital in clarifying ISPs' obligations in relation to the unauthorised use of copyright material under Australian law. It could be influential in cases before other countries' courts too including in the UK whose copyright law sections on authorising infringement are similar to Australia's.

Internet shoppers are more aware of their rights and more online retailers are complying with consumer protection laws than previously, according to studies by consumer protection regulator the Office of Fair Trading (OFT).

The OFT has carried out a survey of online shoppers and a study of online retail sites in a follow up to 2007-piece of research which showed that many consumers were ignorant of their rights and many sites broke consumer-protection laws.

It said that it found improvements in sites' compliance with laws demanding that they provide addresses and phone numbers and that they refrain from restricting consumers' ability to return goods. The OFT also conducted surveys with consumers and found that their knowledge of their rights had improved since previous research.

When was the last time you did business on a mobile phone? Maybe talked to a lawyer or a client, discussed numbers with someone from finance or even just made an enquiry about your pay with HR? Was it last month? Last week? Or even just yesterday?

Well that call is now far more vulnerable than it was even just before Christmas. A German hacker announced in December that he had cracked the code that keeps mobile phone calls secret.

It was the end of a pretty impressive 21 year run for the security technology, but one expert has told us that that code was never meant to work for that long, that it was a stop-gap measure that was supposed to be updated but never was.

The code that was cracked was the one that stopped people being able to listen in on calls made over the GSM networks that carry eighty per cent of the world's mobile calls, and almost all of those made in Europe.

Even just since December though, even the more advanced security used for 3G networks has  also been cracked. Users, especially in the corporate world, should be thinking carefully about what they now say on mobile calls.

This has not caused the widespread panic you might imagine. Perhaps this is because we can all visualise how a computer hacking or phishing or email interception scam might actually work. But we don't know how do you actually intercept a phone call. It still seems like something out of an outlandish spy film, and so unreal to most of us.

So we asked an expert to talk us through exactly how you go about hacking a phone call. It turns out it is an imprecise art, but one that can be deadly serious for you or your firm if you happen to get caught in a hacker's net.

Simon Bransfield-Garth is the chief executive of Cellcrypt, which encrypts mobile calls, as long as both people on the call have its software.

He said that the GSM code which has been hacked had long outlived its original purpose.

Simon Bransfield-Garth: GSM was created in 1988 and of course in 1988 computing power was not remotely close to what we have today. So the inventors of GSM came out with encryption that they felt was good enough for the time and the intention was that that encryption would be progressively improved. Computing power has gone up by many orders of magnitude and in August last year a group at the Chaos Computer Club demonstrated not only that they could break the encryption in GSM but they also put the code - that needed to create what they call the code tables to do that - into the public domain. The hacking community has been working for several months to put that information into the public domain and at Christmas they actually published the code table for GSM and what that means is that instead of having to have a super computer to be able to go and decrypt GSM calls you can now do that on standard off the shelf computers in a fairly short space of time.

So how is a phone hack actually done? In the past it mostly involved hacking into the computer networks that lie behind mobile systems. Bransfield-Garth says that the publication of encryption opens the way for over-the-air interception.

Simon Bransfield-Garth: The work that was published around Christmas was very much about intercepting the call between the mobile phone and the base station. So it was about decrypting the air interface if you like before the phone call actually gets to the base station and they demonstrated that with that equipment which costs about $5,000 it is possible to record several thousand mobile phone calls in parallel. So essentially all of the calls going through a base station you can record in parallel.  Now of course those calls are still encrypted at that point you are just capturing that information but then there is a separate project which enables you to use  what is known as these GSM code tables, to be able to go and decrypt individual phone calls.

Mobile phone calls have been hacked before, but what should worry businesses and privacy-minded people now is that the code-cracking is likely to exponentially increase the number of people capable of doing it. Software developers are even now working on kits that will make it easier than ever for non-experts to crack calls.

Simon Bransfield-Garth: A year ago if you wanted to intercept a mobile phone call it cost you several hundred thousand dollars worth of equipment and a very substantial amount of domain expertise to be able to go and do that. Today you can do the same thing probably with about $10,000 worth of equipment and still a reasonable amount of domain expertise. But because the techniques for doing that are being published widely in the internet our belief is that the open source community is developing tools which will allow probably in about six months or so people with the same sort of amount of equipment - a few thousand dollars worth of equipment but probably nothing much more than an engineering degree, to be able to listen into mobile phone calls.

The hacking, though, is not like the stuff you see in films. It would be impossible for a casual hacker to target a single phone using the kinds of tools Bransfield-Garth is talking about. All you can do is record reams and reams of data to decode later, rather than listen in live to one pre-selected phone line.

There are, though, easy ways to quickly hone in on certain targets and increase the chances of recording the particular call you want, though, Bransfield-Garth said.

Simon Bransfield-Garth: If you imagine you were to go and set yourself up in the car park outside the headquarters of a major multinational or outside a government department. Simply record all of the mobile phone calls that go on and then decode a selection of those then it is fairly clear that with a certain amount of effort you are likely to come across calls which have value and are interesting. You can certainly capture all of the calls and fairly quickly narrow down the ones that come through a particular model of phone.

Bransfield-Garth also points out that there are two kinds of damage that your organisation can suffer. Yes, if a hacker gets lucky they might find out a market-moving piece of financial data or a juicy scandal with which to blackmail the boss. But, citing the disastrous PR the government suffered when HMRC lost CDs with 25 million citizens data on them in 2007, Bransfield-Garth said that the mere fact of a mobile being hacked could do serious damage to any number of companies in sensitive businesses.

Cellcrypt's solution to this – to put software on each person's phone to encrypt the call over a data network is probably not a consumer solution. It depends on a strong data connection and on each person having a copy of the software running on their phone. But, says Bransfield-Garth, there are particular situations in privacy-conscious industries that pose problems that he says his technology can solve.

Simon Bransfield-Garth: We have customers for instance who have bought this technology because they have an internal policy that says in order to discuss certain things you actually have to go and have a face to face meeting and so it is a very simple return on investment argument that instead of having to buy flights twice a month to go and have those face to face meetings you can now have those conversations over these devices.

Bransfield-Garth says that there are also concerns about people hacking into phone calls made on landlines, but that the problem there is far less serious. The very fact that mobile phone signals travel through the air is their greatest security weakness, and it has now been badly exposed.

Simon Bransfield-Garth: We believe that these new changes to mobiles are particularly concerning because it is not particularly difficult – once those tools are available to be able to get that information. You kind of roll a truck up to roughly where you want to record and then you can record.

That's all we have time for this week, thanks for listening. Why not get in touch with OUT-LAW Radio? Do you know of a technology law story? We'd love to hear from you on Make sure you tune in next week; for now, goodbye.