How to get rid of wiretapping of an android mobile phone. Anti-surveillance android phone protection for dummies and professionals

How to find a "trap" and protect your phone

There is no universal way to detect wiretapping, but there are main signs by which it can be detected:
1. If in standby mode the phone heats up, and at this time any program is running, then there is a possibility that this application is listening to your phone.
2. Your communicator began to discharge too quickly, but at the same time it is quite new.
3. Your smartphone's internet speed has dropped noticeably for no reason.
4. If the communicator started repeating or phoning.
5. For smartphones, there are many applications that can detect wiretapping and protect the mobile phone.

Methods of obtaining information

Three methods of eavesdropping are used: active, passive, and by installing malicious software. The second one requires huge funds: this is equipment, the price tag of which starts from a couple of hundred thousand dollars, and trained personnel. The wiretapping radius in this case is about 500 meters. This equipment allows you to track GSM calls in real time. For an active method, mobile systems are required, which cost from several tens of thousands of dollars. As in the first case, the use of this technique requires qualified personnel. This complex becomes a kind of communication, thereby replacing the nearest operator's tower. If you are not the owner of a politician or these two methods are unlikely to be applied against you. But the third, malicious software, may well be used by ordinary people, whose secrets are not so expensive. With the help of viruses, scammers can transfer information from your phone, clean up and do many other "dirty tricks".

As from the special services

Although it is safer to use Internet programs as information transfer than GSM communications, special services may well get access to them. Services such as Facebook, Viber, Watsapp, VKontakte, at the request of the authorities, with the aim of combating terrorism and money laundering, can provide them with records of your conversations and correspondence. Alas, we know that the secret services are also not always honest people, so we recommend that you do not transmit classified information through such services. For such cases, there are special projects on the Internet for secure communication, for example, VFEmail, Bitmessage, ChatSecure and many others. Next, we'll take a look at how to protect your phone from spyware viruses. The likelihood that you will be followed not by special services, but by special programs developed by hackers, is much higher. These applications can collect all the information on your phone with the aim of selling it in the future. In order to protect your phone from wiretapping, try not to download dubious applications for your gadget. It is not uncommon for close people (wife, friend, colleague) to hire a hacker to wiretap you for some reason. If they have access to your phone, then they themselves can drop the desired file on it, after which total tracking will be established over the communicator. The advice for this case is banal - be more vigilant with loved ones and set passwords, do not give your device to anyone.

How to prevent theft: all the details

Try to constantly remember where your communicator is. In addition, to protect your phone, never lose sight of it, carry it in a safe place, and try to reach it in crowded places as little as possible. If you didn’t see it and the communicator was stolen, as soon as you find it was missing, change the password on all accounts that you logged in through this device, contact

Prevent all programs from accepting files themselves

In many cases, the security of your mobile device is entirely up to you. Some programs have automatic permission to accept all files sent to you without asking, change this parameter in the settings to protect the phone, otherwise attackers will easily gain access to your calls, messages, photos, files.

Let's sum up

The most obvious way is official wiretapping by the state.

In many parts of the world, telephone companies are required to provide access to wiretapping lines for the competent authorities. For example, in Russia, in practice, this is done technically through SORM - a system of technical means for ensuring the functions of operational-search measures.

Each operator must install an integrated SORM module on his PBX.

If a telecom operator has not installed equipment on its PBX for wiretapping the phones of all users, its license in Russia will be canceled. Similar programs of total wiretapping operate in Kazakhstan, Ukraine, the USA, Great Britain (Interception Modernization Program, Tempora) and other countries.

The venality of government officials and intelligence officers is well known to all. If they have access to the system in "god mode", then for a fee you can get it too. As in all state systems, in the Russian SORM is a big mess and typically Russian carelessness. Most of the technicians are actually very low-skilled, which allows unauthorized access to the system without being noticed by the intelligence services themselves.

Telecom operators do not control when and which subscribers are listening on SORM lines. The operator does not check in any way if there is a court sanction for wiretapping a particular user.

“You take a certain criminal case about the investigation of an organized criminal group, which lists 10 numbers. You need to listen to a person who has nothing to do with this investigation. You simply finish off this number and say that you have operative information that this is the number of one of the leaders of the criminal group, ”say knowledgeable people from the site“ Agentura.ru ”.

Thus, through SORM, you can listen to anyone on a "legal" basis. Here's a secure connection.

2. Wiretapping through the operator

Operators of cellular communications in general, without any problems, look at the list of calls and the history of movements of a mobile phone, which is registered in various base stations by its physical location. To receive call records, as in the case of special services, the operator needs to connect to the SORM system.

It makes little sense for Russian law enforcement agencies to install Trojans, unless they need the ability to activate the smartphone's microphone and record, even if the user is not talking on a mobile phone. In other cases, SORM copes with wiretapping. Therefore, the Russian special services are not very active in introducing Trojans. But for unofficial use, it is a favorite hacking tool.

Wives spy on their husbands, businessmen study the activities of competitors. In Russia, Trojan software is widely used for wiretapping by private clients.

The Trojan is installed on a smartphone in various ways: through a fake software update, through an e-mail with a fake application, through a vulnerability in Android or in popular software such as iTunes.

New vulnerabilities in programs are found literally every day, and then very slowly they are closed. For example, the FinFisher Trojan was installed through a vulnerability in iTunes that Apple did not close from 2008 to 2011. Through this hole, any software on behalf of Apple could be installed on the victim's computer.

Perhaps such a Trojan is already installed on your smartphone. Don't you think your smartphone battery has been discharging a little faster than expected lately?

6. Application update

Instead of installing a special spyware Trojan, an attacker can do even smarter: choose an application that you yourself voluntarily install on your smartphone, and then give him all the authority to access phone calls, record conversations, and transfer data to a remote server.

For example, it could be a popular game that is distributed through the "left" catalogs of mobile applications. At first glance, this is an ordinary game, but with the function of wiretapping and recording conversations. Very comfortably. The user with his own hands allows the program to go online, where it sends files with recorded conversations.

Alternatively, malicious application functionality can be added as an update.

7. Fake base station

The fake base station has a stronger signal than the real BS. Due to this, it intercepts the traffic of subscribers and allows you to manipulate data on the phone. It is known that fake base stations are widely used by law enforcement agencies abroad.

In the United States, a fake BS model called StingRay is popular.

And not only law enforcement agencies use such devices. For example, merchants in China often use fake BSs to send mass spam to mobile phones within a radius of hundreds of meters. In general, in China, the production of "fake honeycombs" is put on stream, so in local stores it is not a problem to find a similar device, assembled literally on the knee.

8. Hacking femtocell

Recently, some companies have been using femtocells - low-power miniature cellular stations that intercept traffic from mobile phones that are in range. This femtocell allows you to record calls from all employees of the company, before redirecting calls to the base station of cellular operators.

Accordingly, to wiretap a subscriber, you need to install your own femtocell or hack the operator's original femtocell.

9. Mobile complex for remote listening

In this case, the radio antenna is installed near the subscriber (works at a distance of up to 500 meters). A directional antenna connected to a computer intercepts all signals from the phone, and at the end of the work it is simply taken away.

Unlike a fake femtocell or a Trojan, an attacker does not need to worry about penetrating the site and installing the femtocell, and then removing it (or removing the Trojan without leaving any traces of the hack).

The capabilities of modern PCs are enough to record a GSM signal on a large number of frequencies, and then break the encryption using rainbow tables (here is a description of the technique from a well-known specialist in this field, Carsten Noll).

If you voluntarily carry a universal bug with you, you automatically collect an extensive dossier on yourself. The only question is who will need this dossier. But if necessary, he can get it without much difficulty.

A mobile phone has long become an integral part of the life of every modern person - important information, including confidential information, is transmitted through it.

But the difficulty is that this device can not always be considered completely safe in the sense of privacy - it is possible to listen to calls and copy text messages or even all user actions in the operating system to the phone.

How can you protect your phone from such programs and determine the presence of surveillance - read in our material.

Content:

How is it done?

What methods are used to organize surveillance of a person using his mobile phone?

Wiretapping of a mobile phone is always carried out using special programs that are distributed over the Internet.

The most functional and well-functioning programs are usually paid, the simpler ones are freely distributed.

Important! It must be borne in mind that the use of such programs is always illegal and violates the confidentiality of communications and privacy. Therefore, the proven fact of their use is a crime.

Such a program is installed on a phone that it is necessary to listen and acts unnoticed, like a virus.

It works continuously, excluding moments when the phone is turned off, and at the same time, it is completely invisible to the user (its presence can be determined only by a few indirect signs).

In the course of its work, it collects and transmits information to the specified device (or), to which the witness has access.

How is it installed?

This software can get to your phone in several ways, depending on its type and principle of operation.

Most commonly used the following installation methods:

3 By transferring it via bluetooth and subsequent automatic installation into the operating system;

4 By inserting a memory card into the device, on which it was originally recorded (after installing the memory card, the virus software begins to automatically install into the system unnoticed by the device user);

5 When connected to a computer, the program can automatically transfer to device and install on it;

Although spyware has a lot in common with virus programs, it is nevertheless most often not transmitted through files or in any other way.

Thus, if you left your phone unattended next to a person whom you may suspect of spying on you, then it makes sense to check the phone for signs of wiretapping.

Important! A special case is the installation of physical "beacons", for example, to track the device's geolocation. But this method is technically difficult and expensive. In addition, such a "beacon" can be detected by the user, therefore its use is most often impractical.

What is transmitting?

Depending on the type of spyware, it can transmit certain information to the tracker's phone.

Paid programs have a wider functionality and are able to collect almost all information about actions in the phone and the operating system, simpler ones can, for example, on the phone of the follower, etc.

The data types that can be collected are:

2 Physical listening tracking outgoing and incoming calls in real time, or in recording;

3 Call log data - outgoing, incoming, missed calls, etc .;

5 Information about installed programs, downloaded files, etc .;

6 Contact data, browser history, bookmarks, etc.

Thus, depending on the complexity and functionality of the program, the witness can get access to almost any confidential information of the user.

The types of transmitted data depend on the functionality selected.

Still others allow tracking only certain parameters.

Signs

What "symptoms" can be used to determine that the phone is already being tapped?

There are several indirect signs that, although they do not give an absolute guarantee that the phone is being tapped, nevertheless, can lead the user to such thoughts.

These are signs such as:

Remaining warm or hot phone battery, which is at rest and blocked, which also speaks of the background work of any program (this does not happen with productive and powerful devices, since virus software does not take up a large amount of processor resources);
The smartphone began to discharge very quickly, and this state came suddenly, this is also associated with an additional load on hardware resources, which it has;
It takes longer to boot up the phone and turn it on or off completelythan usual (although this is also possible when installing the next update, downloading a "heavy" resource-intensive program, physical wear and tear of the phone or its malfunction for another reason);
Screen backlight blinks when the device is turned on and off, can also be a sign of presence or malfunction;
Interference with conversation, most similar to pulsating noise - this is a clear sign of wiretapping, but it does not always appear.

Since many signs are nonspecific, and can be a symptom of another problem, they should all be considered in a complex.

Any one sign cannot unambiguously speak of surveillance, but if before that you left your phone unattended next to a person whom you can suspect of this, then this is a reason to check.

How to protect yourself from wiretapping?

A variety of people can be interested in listening to your conversations - from a jealous spouse to competitors in a professional environment.

Therefore, it is necessary to take measures in order to protect yourself from the leakage of confidential information.

To do this, it is important to follow simple precautions, as well as use some specialized programs.

It is clear that the best way to protect against leakage of confidential information through the phone is not to use this device to transfer it.

However, sometimes it is impossible to avoid this.

1 Don't leave your phone unattended anywhere;

2 If this is not possible, then buy a separate phone to transfer confidential information, for example, the old one, on which it is impossible to install spyware;

3 Set a password or pattern on your phone in order to prevent strangers from entering the operating system;

4 Do not insert a memory card into the devicethat do not inspire confidence in you;

5 Do not connect your device to questionable computers;

7 Do not open questionable files do not follow questionable links;

8 Periodically run an antivirus program to check the device (although often malicious software is not detected in this way);

9 Check download lists and remove any questionable files from there, although again, spyware may not always be visible there;

11 On older telephones that cannot be identified, you can periodically change SIM cards.

These measures are usually sufficient at the household level - they help to reduce the information of jealous spouses and hyper-controlling parents.

For more serious cases, you will need to use other methods that involve the use of additional devices.

Devices

Developed by special devices for protection against wiretapping:

Cryptotelephones - special telephones equipped with special devices for. The disadvantages of such a device are its high cost, voice delay for a few seconds, and also the fact that the second subscriber must have the same device;
Scambler - a special device installed directly on the phone. In real time, incoming and outgoing data information is encrypted;

Masker - a special accessory attached to the device. Creates interference on the line that interferes with the normal hearing of the person conducting the wiretap. The subscribers themselves do not hear this noise.

All this is enough expensive and inconvenient devicesrequiring maintenance.

However, if there is a significant need, their purchase is advisable, since they provide excellent quality of protection against wiretapping.

What are the options for wiretapping conversations on a mobile phone, how can you provide protection against attacks of this kind, and how can a subscriber determine that his / her phone may be wiretapped? Due to the recent wave of spy scandals that have arisen, these issues are becoming urgent again. The journalists asked the Ukrainian mobile operators to explain how to behave to the subscriber in such cases.

It turned out to be striking that almost all the operators, where the journalists turned, simply could not give answers to the questions posed. The only company that agreed to help turned out to be representatives of MTS Ukraine. The operator Life :) did not give an answer to the directed request at all, but Kyivstar answered that they were not experts in such matters, and that such questions should be addressed to special state services (read, Ministry of Internal Affairs, SBU, etc.) ) The article below also used information about wiretapping of mobile phones obtained from public sources.

How carriers protect their networks

When developing the GSM technology, as well as at the stage of its implementation, all the requirements from the controlling state authorities were taken into account. bodies to the level of protection. It is because of these requirements in many countries around the world that the sale and purchase of special equipment, such as powerful encryptors, crypto equipment, scramblers, is prohibited, as well as very secure technologies for public communication. But mobile operators themselves protect their radio channels using signal encryption methods. Very sophisticated algorithms are used for encryption. What kind of cryptoalgorithm will be used for encryption is selected at the stage when a connection is established between the base station and the subscriber himself. The likelihood of leakage of information about the subscriber from the operator's equipment, as the MTS employees assured the journalists, is practically zero. Why to zero, we asked - and all because of the complexity and control over access to the operator's facilities and equipment.

How can you "listen" to mobile phones

In total, there are two methods of wiretapping subscribers - an active method and a passive method. When passive listening to a subscriber, you need to use very expensive equipment and have specially trained workers. If you have money (read - a lot of money), special complexes can be purchased on the black market, using which you can listen to the conversations of any subscriber within a radius of up to 500 meters. Ask why you need to have big money? The answer is simple - the price of one such kit starts from several hundred thousand euros. How such a kit looks like can be seen in the next photo. There are many sites on the network where you can familiarize yourself with the description and principle of operation of such kits and listening systems.

As manufacturers of such listening systems convince, their systems can track GSM-conversations in real time, because the principle of operation of the equipment is based on access to the SIM-card of a mobile subscriber, or directly to the database of the mobile operator itself. Although, if those who are not listening to you have such access, they can listen to all your conversations with some delay. The amount of delay depends on the level of encryption of the communication channel used by this or that operator. Such systems can also be mobile centers for listening and tracking the movement of objects.

The second eavesdropping method is to actively intervene on the air in the authentication process and control protocols. For this, special mobile complexes are used. Such mobile systems, which, in fact, are a pair of specially modified phones and a laptop, despite their external simplicity and small size, are also an expensive pleasure - their price varies from a couple of tens of thousands to several hundred thousand American dollars. And again, only highly qualified specialists in the field of communications can work on such equipment.

The attack on the subscriber is carried out according to the following principle: since the complex is mobile and is at a close distance to the subscriber - up to 500 meters - it "intercepts" signals for establishing a connection and data transmission, replacing the operator's base station. In fact, the complex itself becomes an "intermediary bridge" between the nearest base station and the subscriber himself.

After "capturing" the desired mobile subscriber in this way, this complex can actually perform any control function over the intercepted channel: for example, connect the listener with any number necessary for those who listens, lower the encryption algorithm or generally disable this encryption for a specific communication session, etc. .d.

How a similar complex looks approximately - can be seen in the photo below.

As the experts shared, it is impossible to 100% determine that the subscriber's phone is being tapped at this very moment. However, indirect evidence can be obtained that may indicate that such a possibility exists. In the recent past, some mobile models (namely, push-button phones) had a special symbol-icon in the form of a lock in their functionality. If the lock was closed, then the signal is encrypted, and vice versa - if the lock is open ... well, you understand everything yourself.

But already in phones for the last 5-6 years there is no such function ... It's a pity. Although, for some models of smartphones, special applications are provided that will signal the owner of the phone about the configuration of the settings used in the current communication session. One of the options is to notify the user about the mode in which his conversation is transmitted - using encryption algorithms or openly. A few of these applications are listed below:

EAGLE Security

It is one of the most powerful applications for protecting your mobile from wiretapping. This program prevents any connection to false base stations. To determine the validity of a station, a signature and station ID check is used. In addition, the program independently monitors and remembers the location of all base stations and, if it detects that some base is moving around the city, or its signal from time to time disappears from its location, such a base is marked as false and suspicious and the application will notify the owner of this. phone. Another useful feature of the program is the ability to show which of the applications and programs installed on your phone have access to your phone's video camera and microphone. There is also a function to disable (prohibit) access of any software you do not need to the camera.

Darshak

This program differs from the previous one and its main function is to track any suspicious activity on the network, including when using SMS, which can be sent without the permission of the owner of the phone. The application evaluates in real time how secure your network is and what encryption algorithm is used at that moment and much more.

Android IMSI-Catcher Detector

This application also helps to protect your smartphone from any connections to pseudo-bases. The only drawback of this program is that you will not find it on Google Play, and if you still want to install it, you will have to tinker with this procedure.

CatcherCatcher

The CatcherCatcher program, like its counterparts above, is engaged in detecting false base stations that attackers (or special services?) Use as intermediate "intermediary bridges" between the subscriber and the real base station.

And lastly, experts also recommended using special applications to ensure the security of personal conversations and data, including - to encrypt your conversations. Similar analogs are Orbot or Orweb anonymous web browsers, for example. There are also special programs that encrypt your phone conversations, photos, and many are already using secure messengers.

- Hello, this is a call from the FSB.
- I know.
- Where from?
- You phoned me on the switched off mobile phone.

What's the most secure phone?

These are the phones that have become residents of my backpack in the last 2 weeks. Knowledgeable people will immediately understand what these two pipes are on the left.

The more I dug, the sadder I became. Every (second?) Person on Earth carries a bug with him and for nothing gives all his communication on a silver platter to third parties. And no one cares about it except professional paranoid.

Despite the fact that there are more phones on the planet than all other devices put together (a little bent, but almost so), there are catastrophically little materials. For example, I still haven't really found a description of those operator commands that secretly turn on the phone for wiretapping. Or how do operators and authorities fight (and do) fight scramblers?

Why are there no hacker / open source phone projects? Vaughn, the laptop was gash, what is the more complicated mobile phone?
(Although there are some discussions here).

Let's think for a second what it would look like hacker phone?
Whatever functions it has, what it would be stuffed with hardware and software.
In the meantime, let's see what is on the market, what piece solutions have already been implemented, what you can peep from them.

I will allow myself to boast of a new pipe with a little lyrics in front of harsh IS terms and concepts.

Heavy is good. Severity is reliable.

Yes, this is a Snatch phone (DEXP Ixion XL145). My fellow countrymen from Vladivostok took and competently reworked / rethought the Highscreen Zera S Power (cut the corners at the back, added leather-like trim, doubled the number of cores from 4 to 8, upgraded the camera from 5 to 8 MP).

How is this phone connected with IB?

First, I got it by the method of "soft" social engineering. But I can't write about this yet.

Secondly, it will now be easier for me to shoot videos and photos of spy devices.

(to the article about bug detectors, field indicators and legal emulators of "bugs")

For example, an acoustic safe squeals like this:

For reference, the Dexp Snatch costs 7,500 rubles (although the Dexp lineup has models with a large battery for both 4,500 and 14,000 rubles), and an acoustic safe costs about 10,000 rubles.

I have a lot of respect for long-playing phones. I always used old xeniums. Apparently, Vladivostok residents have it in their blood - they are too lazy to recharge every day, so they burned down a whole line of 10 models with powerful batteries. A 4000 mAh battery (6-8 video recordings of reports with DEF CON) and a case thicker than a centimeter. (Nearby is an old, kind, trustworthy phone "for bribes", which has been serving me as a flashlight for more than 5 years.)

Looking at Boris dick you get Razor, I come to the conclusion that very often a simple and crude method can be effective. For example, you can protect yourself from covertly turning on the microphone by stupidly putting the mechanical toggle switch on / off the microphone.

On the top right, there is a smart phone case "Cocoon" (acoustic safe), which was given to me to play around by Detector Systems when I took from them an armful of field indicators and bug emulators. (Review coming soon.)
An acoustic safe is a product designed to protect speech information circulating in the places where the owner of a cell phone is in the event of its activation for the purpose of listening through cellular channels. Protection is provided by automatic acoustic noise of the speech transmission path when an attempt is made to remotely activate the microphone of a cell phone handset. Products "Ladya" and "Kokon" have passed certification tests according to the requirements of the State Technical Commission of the Russian Federation (Certificates No. 697, 698) and can be used in dedicated premises up to category 1 inclusive.

The cell phone is placed inside the Cocoon. In the case of tacit remote activation of the phone in the listening mode, the only unmasking sign is a change in the strength of the electromagnetic field (i.e., the cell phone's transmitter is unauthorizedly switched on for transmission). This change is recorded by the field indicator, which is part of the product, which gives a command to automatically turn on the acoustic noise generator. In this case, the entire path of transmission of speech information is noisy in such a way that there are no signs of speech at the receiving end.

Specifications:

Noise level at the point of placement of the cell phone microphone: not less than 100 dB
Effective noise spectrum: 250 - 4000 Hz
Time of continuous operation from one set of batteries: not less than 6 months
Power supply for the Cocoon product: CR 2032 lithium battery
Time of continuous operation from one set of batteries: not less than 2 months

History

The first mentions of the confrontation between special services and "hackers" in the field of telephony appeared in 1993-1995.

ZRTP (2006)

A cryptographic encryption key agreement used in Voice over IP (VoIP) systems. ZRTP describes a method for obtaining keys using the Diffie-Hellman algorithm for the organization of the Secure Real-time Transport Protocol (SRTP). ZRTP performs key negotiation in the same RTP stream over which the audio / video connection is established, that is, it does not require a separate communication channel. Developed by Phil Zimmermann, author of Pretty Good Privacy, Jon Callas and Alan Johnston in 2006. The protocol description was submitted to the IETF on March 5, 2006.

2009
Karsten Nohl, a member of the German hacker group CCC (Chaos Computer Club), announced at the group's conference on December 28 that he had succeeded in breaking the data encryption algorithm in GSM networks.

Karsten Nohl, founder of Security Research Labs, announced the discovery of a vulnerability in SIM cards with Data Encryption Standard (DES) encryption. This is an outdated standard, which, however, is used by a large number of manufacturers, and hundreds of millions of SIM cards support DES. So, this vulnerability allows, when sending a fake message from a telecom operator to the phone, to receive a 56-bit key in a response message (the response is sent automatically, and about 25% of DES cards are susceptible to such "deception").

(A small and not very hardcore note that flashed on Habré)

Wiretapping and protection of mobile phones

How carriers protect their networks

When developing the GSM technology, as well as at the stage of its implementation, all the requirements from the controlling state authorities were taken into account. bodies to the level of protection. It is because of these requirements that in many countries of the world the sale and purchase of special equipment, such as powerful scramblers, crypto equipment, scramblers, is prohibited, as well as very secure technologies for public communication. But mobile operators themselves protect their radio channels using signal encryption methods. Very sophisticated algorithms are used for encryption. What kind of cryptoalgorithm the encryption will be carried out is selected at the stage when a connection is established between the base station and the subscriber himself. The likelihood of leakage of information about the subscriber from the operator's equipment, as the MTS employees assured the journalists, is practically zero. Why to zero, we asked - and all because of the complexity and control over access to the operator's facilities and equipment.

How can you “listen” to mobile phones?

In total, there are two methods of wiretapping subscribers - this is an active method and a passive method. When passive listening to a subscriber, you need to use very expensive equipment and have specially trained workers. If you have money (read more money), you can buy special complexes on the black market, using which you can listen to the conversations of any subscriber within a radius of up to 500 meters. Ask why you need to have big money? The answer is simple - the price of one such kit starts from several hundred thousand euros. How such a kit looks like can be seen in the next photo. There are many sites on the network where you can familiarize yourself with the description and principle of operation of such kits and listening systems.

How a similar complex looks approximately - can be seen in the photo below.

image

EAGLE Security

Android IMSI-Catcher Detector

CatcherCatcher

Overview of solutions for the protection of telephone conversations
(Some materials are taken from promotional brochures, so sound skepticism and comments are welcome)

TopSec GSM, created on the basis of the Siemens S35 phone by the German company Rohde & Swartz, provides "complete traffic protection".

The device is a regular Siemens S35 phone, upgraded with a special crypto-chip. Encryption is enabled by a special option in the phone menu. In secure mode, the phone can work both with a second TopSec telephone and with an ELCRODAT 6-2 ISDN telephone of the same company.

Protection is ensured by encrypting traffic with a 128-bit key, and the session key is calculated using a 1024-bit key, which provides additional security. A distinctive feature of this phone is that encrypted packets are created in it in such a way that they are transparently perceived and transmitted over GSM networks, like ordinary GSM packets.

The price of this phone is $ 2700. Such a high price, however, did not prevent the high popularity of TopSec GSM. So, the Bundeswehr (German armed forces) signed a contract for the supply of such phones for their own needs.

A slightly more fashionable version from the same company is a wireless headset.

Short description:
TopSec Mobile is a voice encryption device that can be connected to any mobile phone using the Bluetooth interface. TopSec Mobile provides privacy and wiretapping protection anywhere in the world.

Features:

Connection to the user's phone via Bluetooth interface
TopSec Mobile works with almost all modern mobile phones
Can also be used with modems and satellite phones with Bluetooth interface
Cannot be identified by the mobile operator
Voice encryption with Advanced Encryption Standard (AES) 256-bit key

The device uses a combination of asymmetric 1024-bit and symmetric 128-bit encryption to provide a high level of security.

To establish a secure connection, the user after dialing the number just needs to press the button labeled crypto ("encryption"). The other subscriber must also use a TopSec GSM telephone - or a similarly equipped landline telephone such as the Rohde & Schwarz ELCRODAT 6-2 ISDN model. The company began selling such devices after acquiring a hardware encryption department from Siemens Information & Communication Mobile.

TopSec GSM phone operates in two frequency bands - 900 and 1800 MHz, so it can be used in any region where GSM 900/1800 networks are available. The company sells new models in many countries around the world for about $ 3,000.

Minus This approach is the presence of a dedicated call control server between subscribers registered on the server. But this is a necessary condition for building distributed interaction systems:

no comments, except maybe it's cool that they create "their own AppStore" for secure applications

Russian pipes

Scrambler
(Meanwhile in the USSR Russia)

"GUARD Bluetooth" from the LOGOS company.
I will quote Lukatsky:

A primordially shovel device. There is no design as such. The headset is firmly "sewn" into the device and can only be replaced with the device. But the protection of negotiations is guaranteed - the device is connected via Bluetooth to a transmitter - a computer or a phone (not a word is said about protecting a Bluetooth channel using E0). The device has not been tested, but its review can be found on the net. The appearance of "GUARD Bluetooth" in comparison with the same TopSec Mobile gives a very good idea of \u200b\u200bhow the domestic and Western cryptographic information protection tools relate (both in appearance, and in terms of ease of use, and functionality). On the other hand, this device does not require any external server - it can work "point-to-point".

Description from user
Description from the manufacturer

PDA Assistant
Hardware and software kit for securing conversations in GSM networks
The hardware and software product “Referent-PDA” is designed for smartphones (communicator) devices running under the Windows Mobile 2003/2005 operating system. "PDA Referent" allows you to prevent eavesdropping on conversations between two communicators. The kit consists of SD / miniSD - module, software and Qtek-8500 smartphone.

The program interface contains: a dial-up field, call control buttons, a button for canceling the entry of the last digit and an indicator that displays the dialed number, the caller's number for an incoming call, the status when establishing a connection, etc.
The program is launched automatically when the SD / miniSD - “PDA Referent” module is connected, and an icon appears on the communicator screen in the lower right corner to indicate that the program is running in the background mode. To call another subscriber in a secure mode, you must click on the indication icon, and then perform the same actions in the opened PDA Referent program as in a normal call. When a call comes from another set of PDA Referent, instead of the "telephone" program, the interface of the "PDA Referent" program opens automatically, then all actions are the same as for a regular call.

In the process of establishing a connection, special information is exchanged for mutual authentication of devices and generation of a session key.
Reception and implementation of an unsecured voice call is performed using the standard communicator software.

The main difference between the product and its analogues is the use of a low-speed data transmission channel (up to 1600 baud), which allows working with a weak GSM signal (in places of poor reception), in roaming, when using different operators, etc.

Let's just call it "phone"

(I "squeezed" this mobile phone from Kostya, who represents Hideport.com)

Chips - mechanical control of acoustics (on / off button for the microphone), control of the integrity of the case (hidden alarm when trying to get inside the pipe)

This thing seems to have a means of accessing other networks (cable modem, analog / digital modem, radio modem, satellite terminal or GSM modem). But I still have to find out about this.

I also got into the production of phones for special services, I was allowed to take a couple of photos:

crumbs of details

Such a phone operates in four bands (850, 900, 1800 and 1900 MHz), it has a subscriber encryption principle, a speech compression algorithm of the ACELP 4800 bit / s class, good, high speech quality; the encryption algorithm is a standard known in Russia, GOST 28147, 1989 release. Due to the fact that there is full encryption, cryptographic synchronization is required, so before you start talking, you need to wait 10 seconds for the connection to be established. The phone also has an FSB certificate.

On the side of the case there is a button that turns on the crypto mode. The talk time in the closed mode is 4 hours, and in the open mode it is 4.5 hours, and the difference is explained by the fact that the script processor starts working in the phone in closed mode.

Phones that implement this additional encryption can work both with a national operator (MTS, Megafon) and, if you are traveling, with an international one; in Latin America it is 850/1900, and in Europe and Asia it is 900/1800. And in international networks, the phone will function provided that there is not only roaming there, but also that the operator supports the BS26T data transfer service. The crypto button allows you to switch the phone either to encryption mode or to operating mode, from which you can call a regular phone - chat with friends, family, and so on.

Subscriber encryption method

Unfortunately, the GSM standard was designed in such a way that it was impossible to install a proprietary encryption algorithm in the phone, providing an uninterrupted band of guaranteed protection.

The switches use transcoders, which do the following: when you speak into the microphone of your phone, the vocoder works in the phone, it compresses the speech, creating a 12 kbps stream. This stream in encrypted form reaches the base station, where it is decrypted and then in compressed form reaches the switch. On the switch, it is unclenched, creating a 64 kbit stream - this is done, among other things, so that the security authorities can listen to you. Then the stream is compressed again and goes to the second mobile subscriber. And now, if you take and encrypt the channel from subscriber to subscriber, then decompression and compression of the stream on the switch will not allow decrypting the incoming information. Unfortunately, it is impossible to disable this transcoder when working in the vocal tract, therefore, in order to provide a subscriber encryption method (and this is necessary for guaranteed protection from everyone and everything), we are forced to use a data transmission channel. The GSM standard has a BS26T service for transmitting data at a fairly low speed - 9600 bps. In this case, the transcoder is turned off, and you actually get a direct, without additional transformations, communication line. Low speed, really.

Accordingly, in order to transmit speech, it must be compressed, and quite strongly - no longer like standard GSM, at 12 kbps, but even stronger, up to a speed of 4.8 kbps. Then it is encrypted, and all this encrypted information freely passes through any switches in the world - if you are in Latin America, and the other person is somewhere in the Far East, you will go through a lot of different switches and some other equipment, but if you have established a data transmission channel, this connection will work.

And in no part of the world, not a single special service, not a single enemy of yours will be able to overhear you, because speech is encrypted in your phone, and only the interlocutor decrypts it. But for this principle of encrypted voice transmission to function, it is necessary that operators support the BS26T service.

Almost all operators in the world support it, but parts of Latin America, Asia and Australia are an exception. To protect against the imposition of special SMS that put your phone on audio monitoring, you need to be well versed in the circuitry of the device and its software.

Keys are very important in this technique, they are loaded into the phone from a disk using a computer, it is impossible only for it to be connected to the Internet; if it has Wi-Fi, it should be blocked all the time. A session key for encryption is formed from two keys: a fixed one, which is loaded from a disk using a computer (this key is changed once a year), and a random one, it is generated by the phone for each communication session. The random key changes every time, and the previous keys are physically erased from memory after the connection is broken, so you can be absolutely calm: even having restored the fixed key, no one will be able to reproduce your conversations.

Generating keys and connecting new users

StealthPhone
Held in hands StealthPhone Touch

I saw this model too

As an encryption algorithm, a symmetric encryption algorithm of guaranteed strength Tiger, which is the company's own development, is used.

The key length is 256 bits.

The algorithm belongs to the class of synchronous stream gamma ciphers. Synchronization is carried out using an initialization vector (synchro-message), which is transmitted (or stored) in clear text along with the ciphertext. The length of the sync message varies from 4 to 12 bytes and is determined by the context of the use of the encoder.

To bring the encoder into a working state, its initialization procedure is performed, at the input of which a secret key and a sync message are supplied. The output of the initialization procedure is the values \u200b\u200bof all elements of the encoder state that determine its operation.

The HMAC-SHA256 algorithm is used as the basic algorithm for calculating the data authentication code.

Stealthphone and Stealthphone Tell systems use 384 bit elliptic curves (NSA approved the use of asymmetric elliptic curve cryptographic algorithms with 384 bits key length for processing top secret documents).

a little more details

VoGSM Cryptographic Voice Encryption Algorithms
To protect speech in GSM voice transmission channels, time-frequency conversion of the speech signal of guaranteed strength is used, which is resistant to double vocoder conversion.

The main elements of the transformation are:

Splitting a speech signal into elementary segments;
Nonlinear transformation over elementary line segments;
Permutation of segments of speech among themselves;
Processing of the received signal for transmission through the AMR speech codec and the GSM channel.
The transformation parameters (the number and length of the speech signal segments) depend on the key.

Nonlinear transformation parameters are also determined by a cryptographic key.
The total algorithmic and system (introduced by the cellular network) delay does not exceed 2.5 seconds.

Cryptographic speech encryption algorithms for IP telephony programs
To ensure the protection of voice information when using IP telephony applications, including Skype and Viber, time-frequency conversion of the guaranteed voice signal is used, converting the transmitted speech into a speech-like signal.

Conversion includes:

Comb of N filters (filter bank);
Dispersion delay line (filter with random phase-frequency response);
Length substitution N.

The transformation parameters (number of filters, delay line parameters) depend on the key.
The permutation of the spectral bands in the filter bank is specified by the session key when the connection is established.
For dynamic conversion, the stripes are rearranged once every 3-5 seconds.
Algorithmic delay does not exceed 1 second. The bandwidth of the processed speech signal is 300 - 3400 Hz. The minimum substitution length N is 24.

Several transformations are allowed depending on the bandwidth of the Internet connection. The maximum delay allowed is 2 seconds. With an unstable or low-speed Internet connection, it is possible to use an algorithm that does not require synchronization. This ensures fast connection entry and stability of the crypto connection.

But about how I went to visit the Stealthphone will be in another article.

Invisible phone
It is not visible on the Internet, but it is.

Change IMEI (international identification number)
Protection against active and passive complexes (interception of conversations and remote control of the telephone and other attacks on the device from the operator or the GSM mobile complex)
Delete information about calls from the phone's memory (deleted information is stored in special memory compartments and is available to specialists)
The impossibility of localizing the phone and its owner (as well as determining the main phone number and associated other phone numbers)

Additional functions

Using a virtual number for calls

You can use any SIM card, any operator. The system automatically binds the SIM card number to the virtual number. They call you on the virtual number and automatically get to your phone. When making an outgoing call, you can change your number to any (for example, to your virtual). There is a function of changing the voice (it is impossible to identify the caller during the phonoexamination). Even if your virtual number is put under control, there will be no information on this number.

From tube description

False base stations

A special device called an IMSI trap (a unique identifier written in a SIM card, IMSI - International Mobile Subscriber Identity) pretends to be a real base station of a cellular telephone network for nearby mobile phones. This kind of trick is possible because in the GSM standard a mobile phone must authenticate itself at the request of the network, but the network itself (base station) does not have to confirm its authenticity to the phone.

As soon as the mobile phone accepts the IMSI trap as its base station, this repeater device can deactivate the encryption function enabled by the subscriber and work with the usual open signal, transmitting it beyond the real base station.
With the help of IMSI traps, false calls or SMS can be sent to the phone, for example, with information about a new service of the fake operator, which may contain the activation code for the microphone of the mobile device. It is very difficult to determine that a mobile phone in standby mode has a microphone turned on, and an attacker can easily hear and record not only phone calls, but also conversations in the room where the mobile phone is located.

Falsification of identity

In recent years, it has become increasingly popular to use a mobile phone as proof of identity. For example, a way to recover a lost password for a Google account is to send an SMS confirming the code to the owner of the phone. Some banks use a similar two-step authentication, sending codes to special mobile numbers in order to verify the identity of the customer before proceeding with the transaction. Mobile versions of Trojans have been discovered that can intercept SMS messages with passwords sent by banks and break two-step authentication.
PDF)

If there is a mobile phone near you (in the area of \u200b\u200b10 meters), act as if you are on the first channel live.

So, are we going to make an open source DIY phone with strong software and hardware cryptography?

Open source
mechanical control over transmitter-receivers
built-in light and sound indicator of activity of the receiver-transmitter
strong cryptography (hardware and software)
base station selection control
acoustic steganography, masking the fact of encryption
control of the integrity of the phone case
side channel leak testing

What else to add?

Motherboard connectors Fan 4 pin to 3 pin connector

Free software for building patterns

Which filmoscope or slide projector to choose?

Everything is fine in this information message Alexander Borisovich Evseev