IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.98 Interception of mobile telephone calls
The easiest way of listening in on a conversation conducted over a mobile
phone is simply to listen from close by. It is no rare occurrence to hear a
person divulging a lot of company-internal information by talking loudly on
the telephone in a public place (see also T 3.45 Inadequate checking of the
identity of communication partners).
But generally there are also very elaborate technical means available for
intercepting telephone calls.
If, for example, an adversary can gain access to the technical facilities of the
network provider (lines, switching exchanges, base stations), he will then be
able to listen to any telephone conversation conducted over this equipment.
This applies to connections both in the mobile communication network and in
the landline network. However, deliberate tapping of conversations which are
assigned to a particular call number is extremely effort-intensive, due to the
huge flood of data.
If the calls are connected over line-connected paths from the base station to
the mobile telephone exchange, a physical attack on the cable paths is
necessary. If a base station is connected to the mobile telephone exchange
over an unencrypted directional radio link, as is the case with some network
providers, it is possible to intercept and tap these radio signals unnoticed using
antennae and special receivers. The threat is all the greater if all phone calls
for the connected base station are transmitted over these directional radio
links.
Telephone conversations are also transmitted bundled over directional radio
relay links in the landline network. As these transmissions are generally
unencrypted, conversations transmitted by this route can also be tapped with a
certain amount of technical effort.
In Germany, the transmission of radio signals between mobile phone and base
station is encrypted in all GSM mobile communication networks. There are
special interception devices around which exploit the weakness of one-sided
authentication in the GSM network (the only authentication which occurs is
the authentication of the mobile phone to the base station), by pretending to
mobile phones to be a base station, disabling encryption and instituting
plaintext operation. Depending on the statutory requirements, in some
countries encryption of transmissions can be completely disabled. It may also
be possible that other security parameters such as the frequency of key
changes are weaker.
Other possible ways of disabling this encryption are tampering with the
mobile phone or the technical facilities of the network provider.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000