Tag Archive for T-Mobile

| November 20, 2012
Comments Off on Voice Mail Open to Hacking

Voice Mail Open to Hacking

Voice Mail Open to HackingMobile carriers ‘proven’ to be open to surveillance and customer ID theft. The New York Times reports on a study by Karsten Nohl, a Berlin hacker and mobile security specialist who found that many mobile operators provided poor protection of voice mail from hacks.

Original mobile phoneIn a study of 31 mobile operators in Europe, Morocco, and Thailand, Mr. Nohl, found that he could hack into mobile conversations and text messages. The NYT says he used an inexpensive, seven-year-old Motorola mobile phone and free decryption software available on the internet.

He tested each mobile operator more than 100 times and ranked the quality of their defenses. He presented the findings at a recent Chaos Computer Club convention. While his research focused mostly on Europe, Mr. Nohl, a German with a computer science doctorate from the University of Virginia, said the level of security provided by network operators in the US was on a par with that provided by European operators, meaning there was room for improvement.

Voice mailIn Asia, the Middle East, and Latin America, mobile security varies widely and can be much lower. Operators in India and China, Mr. Nohl said, encrypt digital traffic poorly or not at all, either to contain operating costs or to allow government censors unfettered access to communications.

In 2009 Mr. Nohl, who runs Security Research Labs in Berlin, published the algorithms used to encrypt voice and data conversations on GSM digital networks, used in Europe and elsewhere.

Cell phne towerAccording to the NYT article, Mr. Nohl focused on deciphering the predictable, standard electronic ”conversations” that take place between a mobile phone and a mobile network at the start of each call. Typically, Nohl said, as many as 40 packets of coded information are sent back and forth, many just simple commands like, ”I have a call for you,” or ”Wait.” Most operators vary little from this set-up procedure, which he said allowed him to use hacking software to make high-speed, educated guesses to decipher the complex algorithmic keys networks use to encrypt transmissions. (rb- seems like the same problem that WEP has)

Once he derived this key, he said, he could intercept voice and data conversations by impersonating another user to listen to the user’s voice-mail messages or make calls or send text messages on the user’s mobile accounts.

Software patchThe author claims operators could easily end this vulnerability in the GSM system, which is found in older 2G networks used by almost every cellphone, including smartphones, with a simple software patch. His research found that only two operators, T-Mobile in Germany and Swisscom in Switzerland, used this enhanced security measure, which involves adding a random digit to the end of each set-up command to thwart decoding. For example, ”I have a call for you 4.”

This is a major vulnerability in most networks we tested, and the irony is that it costs very little, if nothing, to repair,” he said.

really old mobile phonePhilip Lieberman, CEO of Lieberman Software, a LA company that sells identity management software to large businesses and the US government, said much of the digital technology that protects the privacy of mobile calls was developed in the 1980s and 1990s and is ripe for attack.

The researcher found that Telefonica’s O2 network in the Czech Republic, Belgacom Proximus in Belgium, and Orange Switzerland provided the least security preventing the impersonation and use of another’s mobile account details for calling, texting, or other purposes. T-Mobile Slovakia, T-Mobile Germany, and SFR in France had the best.

least effective in guarding against the trackingThe study reports that T-Mobile Slovakia and the Moroccan operators Wana and Medi Telecom were least effective in guarding against the tracking of a cellphone user’s geographic position through the Internet and global positioning satellites had the weakest safeguards; Vodafone Italy, T-Mobile Germany, and Vodafone Germany had the best.

Protect your voice mail

The author concludes that voice mail security does not seem to be a priority for mobile phone networks. Hence, users should be proactive about their privacy. Anyone’s phone can be hacked, if it was easy for Rupert Murdoch’s journalists, it would be easy for anyone to do…

In order to prevent your mobile voice mail from being hacked set an unlock password on your phone. Experts urge you to avoid the following  popular passwords on mobile phones:

  • 1234
  • 0000
  • 2580 (the middle column of numbers on a telephone keypad)
  • 1111
  • 5555Monkey typing
  • 5683 (Spells “LOVE”)
  • 0852 (the middle column of numbers on a telephone keypad in reverse)
  • 2222
  • 1212
  • 1998

Set a secure voice mail password. You shouldn’t need to memorize it as your phone will store the information. In most cases you should be able to do this manually, but if not contact your mobile network.

Maintaining completely different passwords for all of your various telephone and online accounts is vital, if slightly tricky to do.

Change your passwords regularly.

Hang on to your cell phone. Voice mail hacking can be done from your own phone if the device is left unsecured and there is no unlock PIN setup.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| January 26, 2012
One comment

Your Dog Can Run, But He Can’t Hide

Your Dog Can Run, But He Can't HideThere is a new pet-oriented Global Positioning Systems (GPS) on the market. The new GPS system now makes it possible to constantly track your best friend according to a report in MIT’s Technology Review. The GPS devices made just for pets are generally small enough to be attached to a dog or cat collar which allows Owners to track their furry companion’s every paw print in real-time.

GPSThe New Jersey Star-Ledger points out unlike microchips embedded in the skin of an animal which store identifying information, these devices aren’t invasive, and owners don’t have to wait for a stranger to find and bring their lost pet to an animal shelter to scan the chip.

“This could easily be a multi-million-dollar category,” David Lummis, a “pet market analyst,” at New York-based market research firm Packaged Facts, recently told the New Jersey Star-Ledger. Dog owners are now more “crazy” about their four-legged friends than ever. If the recession is any indication, Mr. Lummis told the paper that the $58 billion pet products industry has merely slowed a few percentage points during the recession.

tagg logoThat kind of consistent growth has attracted the attention of Qualcomm (QCOM) the biggest maker of mobile phone chips.  San Diego-based Snaptracs, a wholly-owned subsidiary of Qualcomm, has released Tagg the Pet Tracker.

The rechargeable Tagg device can be attached to a collar (provided it’s not a spiked or bejeweled one), plus a home base unit. Owners are able to set a virtual perimeter for the dog to wander. TR says a text message or email alert will be sent if Fido strays too far. The device has a battery life of some 30 days and is water-resistant; it’s intended for dogs (or cats) 10 pounds or heavier. The necessary hardware and one year of Verizon (VZ) service cost $200 according to Technology Review. The service costs $5 a month after that. It’s a small price to pay, Dave Vigil, president of Snaptracs told the paper, considering pets are becoming increasingly “like family members.” Users can also find their pets at any time through a computer or smartphone.

Jessie and WileyGPS giant Garmin (GRMN), has also entered the dog lo-jack market. The paper says the Olathe, Kansas-based company released the GTU 10 device, a 1.7-ounce gadget. Garmin users can also set up a perimeter and receive alerts, or track real-time from a mobile device or computer. The GTU 10 operates on AT&T‘s (T) wireless network and costs $200 for the first year and $50 a year after that.

Another competitor is Retriever. TR says Retriever has similar functions with virtual fences and alerts but adds a social networking element. Retriever will share Spot’s location with a friend, presumably so if your dog gets loose while you’re out-of-town, you can help steer the on-site rescue. To judge from its site, Retriever appears to not yet be on the market, nor is a projected price listed.

Technology Review also notes other products in this niche. Global Pet Finder, is not available any more on Amazon (AMZN) as of this article. The SpotLight device costs $169.99 and is limited to T-Mobile coverage. SpotLight costs $179.88 per year for a subscription. The Love My Pets device and 1-year subscription cost $189.95 use the Sprint (S) network. The Love My Pets system costs $14.95 per month for a subscription according to a CSR.

rb-

Qualcomm’s goal is to encourage new uses of its radio chips, not to make a hit product. These products are part of the Internet of Things. As the Apple (AAPL) iPod and iPhone have shown, people are willing to shell out a lot of cash for things, but it is in the services where the money is to be made on the Internet of Things. Content is still king.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , ,
  Recent Entries »