This article gives in-depth technical information about the functioning of mobile phone networks, the security measures adopted by various mobile phone systems and privacy threats. These are three topics that need to be seriously considered if you want to honestly and satisfactorily conduct a comprehensive study on mobile phone-related threats. As a result, a section has been devoted to each topic so that the concepts of methodology can be easily presented in a systematic and understandable way. The first section highlights all aspects of mobile phone networks.
This discussion begins with an explanation of the wired and wireless components of the mobile phone network; thereafter, the reader is led into the depths of the mobile phone network by showing the two parts of the network based on their connection with the communication units. Analog mobile phone systems have been reconsidered with more practical details and special emphasis has been placed on their advantages and disadvantages. Digital mobile phone systems have been carefully introduced with adequate technical and conceptual details. By comparing the two systems, the advantages of digital over analog mobile phone systems have been brought to the reader. This section ends by creating awareness about the flaws in contemporary mobile phone systems.
The second section focuses on security measures in two major digital mobile phone systems, the Global System for Mobile Communications (GSM) and the Universal Mobile Telecommunications System (UMTS). This discussion begins by pointing out the dangers arising from choosing communication through wireless means, thereafter, detailed conceptual and technical details on security measures were provided in the GSM. Shortly thereafter, there was a clear delineation of the limitations present in GSM security, citing examples to corroborate the claims. Next, it was introduced, clarifying the characteristics, capabilities and safety functions of UMTS. This section concludes with a description of the security flaws that exist in UMTS and an optimistic comment about the future of mobile communications.
This discussion begins with the technical details of signal interception in terms of relevant techniques such as femtocell and IMSI-catcher. Next, the mechanism of man-in-the-middle attack is discussed with special emphasis on its important role as the main technique of signal interception. Next, the details of obtaining data from a mobile phone are discussed in the framework of forensic analysis as it involves access to user information through a mobile phone. This is immediately followed by a discussion of the various ways by which a malicious attacker can obtain user information via their mobile phone or the mobile operator’s database server. This section concludes with a call for practical and reliable security solutions for contemporary mobile devices.
1.How mobile phone networks work
Mobile phone systems are a mixture of wireless and wired communication systems. This is because the connection between the mobile phone and the service unit, also called the base station, is through wireless communication, while the connection between the base stations to a sophisticated switching center, also called the mobile switching center, is through optical fiber or microwave links. The connection between the base station and the mobile switching center may be direct or through a control unit called a base station controller. The role of the mobile switching centre is to connect mobile phones to other mobile phones or fixed phones via a public switching telephone network.
In order to explain in detail what has been mentioned above about wired communications, it is necessary to clarify that connections between base stations, base station controllers, mobile switching centres and public switching telephone networks are by means of optical fibre or microwave links. By knowing these basic functionalities and the simple interconnections between the communication and control units, the concept can be formed that the connections between the mobile phone and the base stations represent the radio access network, while the connections between the base station and the mobile switching centers and between the mobile switching centers to each other and the public switching telephone network together form the core network, Which is also called static network.
Going back to the past, we find that early mobile phone systems, such as the first generation North American system, known as the Advanced Mobile Phone System (AMPS), used analog signal representation and processing. AMPS is the mobile phone system standard developed by Bell Labs, and was officially implemented in the U.S. in 1983 and in Australia in 1987, following approval by the Federal Communications Commission (FCC). During the 1980’s and 2000’s, it was this technology that was prevalent in North America and other regions. AMPS uses a range of frequencies between 824 megahertz (MHz) and 894 MHz. To increase competition and control prices, the US government mandated the presence of two carriers, called A and B carriers, in each market. These carriers have been allocated 832 frequencies: 790 for sound and 42 for data. A channel is created using a pair of frequencies, one for transmission and the other for data receipt. The frequencies used in analog sound channels are usually 30 KHz wide. This 34 KHz was chosen as the standard size because it sound quality is comparatively as good as a wired telephone.
Compared to contemporary digital technology, one can unquestionably observe that since AMPS is an analog technology, it has many weaknesses. One obvious drawback lies in its inherent inefficient use of the frequency spectrum and the most disturbing of all its drawbacks is that it can be easily intercepted using a radio receiver called a frequency scanner. This assertion can be further reinforced with a historical account to promote clarity and better understanding. In the 1990’s, “cloning” was a technological epidemic that cost the industry millions of dollars. A spy equipped with specialist equipment can intercept a phone’s ESN (electronic serial number) and MIN (mobile identification number, also known as telephone number). If the ESN/MIN pair is intercepted, it can be cloned to another phone and used in other regions to make calls at no additional cost. Such shortcomings led to the development and transformation of better and more reliable techniques.
The second generation system entered the digital age, but only with voice communication and some types of data communication. Advances in mobile technology led to the proliferation of third generation systems with additional features such as multimedia communications, mobile commerce, etc. The Global System for Mobile Communication (GSM), Code Division Multiple Access (CDMA) and Third Generation (3 G) systems are some of the widely used digital systems of our time. CDMA, a technology designed by Qualcomm in the US, uses spread spectrum communication for radio links. Rather than sharing a channel like many other network interfaces, CDMA spreads digital data over the entire bandwidth available, and differentiates multiple calls through a specific sequence code. Successive versions of the IS-95 standard define CDMA conventions in the US, which is why the term CDMA is often used for IS-95 compliant cellular networks. IS-95 CDMA systems are sometimes referred to as CDMA One. The next evolutionary step for CDMA to 3 G services is CDMA2000, TIA/ELA/IS-2000 series, Release A, which is based on the ITU IMT-2000 standard.
GMS is a cellular system used around the world and was designed primarily in Europe by Ericsson and Nokia. GSM uses a Time Division Multiple Access (TDMA) air interface. TDMA is a digital link technology whereby multiple phones take turns sharing the same carrier, the radio frequency channel. A packet switching enhancement called General Packet Radio Service (GPRS) was standardized in GSM wireless networks to improve data transmission.
The next generation of GSM, commonly referred to as the third generation or 3 G, is known as the Universal Mobile Telecommunications System (UMTS) and involves improving the GSM network with wideband CDMA (W-CDMA) air interfaces. One of the many advantages of digital mobile phone systems is the ability to encrypt signals for better privacy and security. Although the mobile phone signal is encrypted when transmitted over a radio access network, it does not fully guarantee the confidentiality of the signal because encryption algorithms are not crack-proof and are susceptible to strategic interception attacks, like GSM encryption algorithms. Another enlightening and concrete thing is about multi-mode phones that can switch from digital mode to analog mode depending on the availability of system coverage. In this scenario, the wireless signal can be transmitted over a radio access network without encryption, while the user is, in most cases, unaware of this threat to his privacy.
It is worth noting that the last two paragraphs, which are in fact a short form of this report, have made some practical comments about the advantages and disadvantages of existing mobile technology. The ultimate goal of these sharp statements is to broaden our horizons, broaden our perspectives and, most importantly, work as a catalyst towards the improvement of existing mobile technology.
2. Security measures in different mobile phone systems
Data protection should be an important area of concern for every small business owner. When you consider all the important data you store – from financial records to customers’ personal information – it’s not hard to understand how a breach can seriously harm your business.
In order to successfully carry out a thorough, accurate and competent check of security measures in different mobile phone systems, the scope of this analysis will be limited to GSM and UMTS security since these are certainly the dominant systems due to their widespread use and universal popularity. Security limitations in mobile communications arise from the fact that the communication is wireless, meaning that the transmission and receipt of messages is through the air. This inadvertently leads to vulnerabilities that endanger mobile networks as spies and hackers can exploit these inherent vulnerabilities to fully gain control of mobile phone systems. With the aim of eliminating these shortcomings, security measures have been integrated into the GSM with the aim of controlling access to mobile services and protecting the privacy of mobile phone users from revealing any important information on the radio path. Further paragraphs will be devoted to the interpretation of these safeguards.
The first security measure is anonymity. The aim is to make the identification of the user of the system difficult. Anonymity is provided by the use of temporary identifiers. When a new GSM subscriber first turns on their mobile device, the actual identity, also called the International Mobile User/Customer Identity (IMUI/IMSI), is used and then a temporary mobile user/customer identity (TMUI/TMSI) is issued to that subscriber After that, the temporary identifier is used. The only possible way to determine the temporary identity being used is to track the user. As a result, the use of TMUI prevents the identification of a GSM user by a potential mole or hacker.
In addition to anonymity, another security measure is authentication. The purpose of including this security feature is for the operator to know who is using the system for billing purposes. This security function checks the identity of the smart card holder and then decides whether this mobile device is allowed on a particular network. Authentication by the network is carried out by a challenge-response mechanism. A random 128-bit number (RAND), also called an authentication challenge, is generated by the network and sent to the mobile device. The mobile device uses this RAND as input and using a secret key K (128 bit) assigned to that mobile device through the A3 algorithm, encrypts the RAND and sends back the signed response (SRES-32 bit).
The network repeats the same SRES process and compares its value to the response received from the mobile device to check whether the mobile device actually contains the secret key. Authentication is successful when both values of SRES match, allowing the customer to connect to the network. As a result, security is achieved because each time a new random number is generated, the mole and the hacker cannot obtain any relevant information by listening to the channel.
The ultimate security measure is user data and signalling security. The goal of user data protection is to secure user data passing on the radio path and the purpose of signaling protection is to ensure that sensitive information on the signaling channel, such as a telephone number, is secured on the radio path. To protect both user data and signalling information, GSM uses a cipher key. After authentication of the user, the A8 ciphering key generating algorithm stored in the SIM card is used. Taking RAND and K as inputs, this results in the ciphering key K. To encrypt or decrypt data, this K (54 bits) is used with the A5 ciphering algorithm. It should also be mentioned that A5 is done by mobile itself and not by SIM card, as it is a robust algorithm that requires relatively high processing capacity
3. Privacy threats from a technical point of view
Computer networks around the world contain a vast storehouse of sensitive information about you. This is information – secrets shared in emails, your financial statements, records of your purchases, and diagnoses of illnesses – that you can consider extremely personal. Well, businesses, governments and criminals also value this information and want control over it. We’ve isolated the 12 biggest threats to your privacy from today’s technologies and offered some tips on what you can do to protect yourself. Click ‘Next’ below to view.
Having understood the essence of mobile communication technology, carefully and accurately detailing the technical underpinnings underlying threats to the privacy of mobile phone users will further strengthen our understanding. The provision of this technical detail is what this section aims to do. The strategy is to check successively all aspects of signal interception, access to text messages, access to user records and access to information stored on mobile devices. These are the four major threats and will be adequately analysed in further paragraphs.
To clarify the technical details related to signal interception, it would be better to discuss the equipment before the technique. This will lead to a quick and easy understanding of the concepts as the investigation delves deeper into the technical complexities. In the beginning, two surprisingly powerful tools will be checked. They are Femtocell and IMSI-Catcher. Femtocell, originally known as Access Point Base Station, is a small cellular base station, typically designed for use in residential or small business environments. It connects to the service provider’s network via digital subscriber line (DSL) or broadband such as cable. Femtocell allows service providers to provide service indoors, especially where access would have been limited or unavailable. Femtocell encapsulates the functionality of a common base station, but extends it to allow for a simple, self-sustaining deployment. Although much of the implementation focus is on UMTS, the concept also applies to all standards, including GSM, CDMA2000, Time Division Synchronous Code Division Multiple Access (TD-SCDMA) and Worldwide Interoperability for Microwave Access (WiMAX) solutions.
Although Femtocell is a technology designed to meet public welfare needs, recently this technology has been used for malicious purposes such as unauthorized access and/or service theft, fraud and identity card theft, privacy and privacy violations, etc. Reports are emerging on how to protect it from being used for. The underlying technology that can be used by malicious attackers is man-in-the-middle attack and unfortunately there are two ways to implement it with femtocell. The first way is to directly intercept the signal being sent over the DSL link from the femtocell to the base station and the second way is to deploy fake femtocells that will inadvertently connect mobile phones. The inevitable consequence of any of these methods is signal interception and illegal acquisition of confidential and/or important information.
On the other hand, the IMSI-catcher is innately a malicious tool. It is specifically designed to interrupt the transmission of International Mobile Subscriber Identity (IMSI) and intercept GSM mobile phone calls. This exploits a well-known security flaw in the GSM, which is that the GSM specification requires the handset to be certified to the network, while not requiring the network to be certified to the handset. As a result, the IMSI-catcher pretends to be a base station and stores the IMSI numbers of all mobile stations in that area when they attempt to connect to the IMSI-catcher. This prompts the mobile phone connected to it not to use call encryption, making it easier to intercept and convert call data into audio. Paying close attention to the method adopted here, one can easily come to the conclusion that it is a form of man-in-the-middle attack.
From what has been explained in the preceding paragraph, it can be inferred that the underlying technology providing these devices with the ability to intercept signals is essentially man-in-the-middle attack. As a result, the focus of the present investigation will shift away from devices to said technology. The best way to do this is to highlight the relevant findings of an excellent research paper on the man-in-the-middle attack on UMTS. The researchers have claimed that this attack allows an intruder to impersonate a valid GSM base station in front of a UMTS subscriber, even if UMTS authentication and key agreement were used. As a result, an eavesdropper can listen to all traffic initiated by the mobile station.
To carry out this attack, the researchers assumed that the attacker knew the IMSI of his victim. This is quite realistic because the attacker can easily obtain IMSI from the mobile device by initiating an authentication process before the attack and disconnecting from the mobile device after receiving the IMSI. After this has been established, the attack is divided into two phases, which will be discussed in further paragraphs.
In a first step, the attacker follows the following steps to obtain a valid authentication token from any real network on behalf of the victim’s mobile phone: (1) During connection setup, the attacker sends the security capabilities of the victim’s mobile device to the visited network, (2) The attacker sends the TMSI of the victim’s mobile device to the visited network. If the TMSI is not known to the attacker, he sends an incorrect TMSI that unfortunately cannot be resolved by the network, (3) if the network cannot resolve the TMSI, he sends an identification request to the attacker and the attacker replies with the victim’s IMSI, (4) the visited network requests authentication information for the victim’s mobile device from its home network, (5) the home network provides authentication information to the visited network, (6) the network sends an authentication challenge and authentication token to the attacker, and (7) the attacker is disconnected from the visited network.
In the second step, the attacker impersonates a valid GSM base station on the victim’s mobile device by following the following steps: 1. The victim’s mobile device and the attacker establish a connection and the mobile device sends its security capabilities to the attacker; 2. The victim’s mobile device sends its TMSI or IMSI to the attacker; 3. The attacker sends the authentication challenge and authentication token to the mobile device that was received from the actual network in the first phase of the attack; 4. Victim’s mobile device successfully verifies authentication tokens; 5. Victim’s mobile device answers with authentication response; 6. The attacker gains control and chooses to use “no encryption” or weak encryption which could be a cracked version of the GSM encryption algorithm; and 7. The attacker sends the GSM cipher mode command, including the chosen encryption algorithm, to the mobile device.
After this step, the attacker fully gains control of the desired communication network and the final target, signal interception, is achieved. It is clear from the description of this technique that there are challenges and limitations in implementing this technique, but we must keep in mind that this is not impossible, especially given the recent increase in speed and computational capacity of technological devices. Ultimately, this attack is actually due to an inherent flaw in GSM technology, which only provides access protection, not protection from active attacks. As a result, user traffic and signaling information, such as cipher keys and authentication tokens, are sent explicitly over the network, making them vulnerable to interception and/or impersonation.
Open Handset Alliance
An organization founded in 2007 by Google, T-Mobile, Qualcomm, Motorola, and other companies that sponsor and promote the Android Open mobile phone platform. Based on Linux, Android was developed to compete with all mobile phone platforms, including Windows Mobile and Apple’s iPhones, as it offers an open platform that encourages third-party application development. For more information, visit www.openhandsetalliance.com. Enter and search for Google’s advertising grants. Now a well-known name, Google has shown interest in spreading its brand and group of devices to the wireless market. The company’s business model has been surprisingly successful on the Internet, and technically speaking wireless is no different.
Read Also:
- Mobile Phones, Privacy And Electronic Surveillance
- Bad Effects Of Mobile Phone On Eyes
- How Can We Get Rid Of The Habit Of Looking At Mobile Phone Repeatedly
- Children Smartphone Launched! ‘Wrong On The Internet ’ Will Save Things From This AI Mobile
- What Is Nano Banana Trend? Learn How To Make Your 3D Figure On Mobile Here
- Thinnest 5G Mobile Phone, See Slim And Stylish Smartphones Of 2025
- Mobile App-Related Crimes
- Harmful Effects Of Mobile Phones On Head
