[e-gold-list] Cell phones are a security risk

Sun Dec 3 06:02:26 MST 2006

So much for cell phone security. Read about cloning on NOOA's site. This
shows it's cheap to break the SMS method for secure payments.

----------------------------------------
http://news.com.com/2102-1029_3-6140191.html?tag=st.util.print

FBI taps cell phone mic as eavesdropping tool

By Declan McCullagh

Story last modified Fri Dec 01 18:46:27 PST 2006

advertisement

The FBI appears to have begun using a novel form of electronic
surveillance in criminal investigations: remotely activating a mobile
phone's microphone and using it to eavesdrop on nearby conversations.

The technique is called a "roving bug," and was approved by top U.S.
Department of Justice officials for use against members of a New York
organized crime family who were wary of conventional surveillance
techniques such as tailing a suspect or wiretapping him.

Nextel cell phones owned by two alleged mobsters, John Ardito and his
attorney Peter Peluso, were used by the FBI to listen in on nearby
conversations. The FBI views Ardito as one of the most powerful men in
the Genovese family, a major part of the national Mafia.

The surveillance technique came to light in an opinion published this
week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug"
was legal because federal wiretapping law is broad enough to permit
eavesdropping even of conversations that take place near a suspect's
cell phone.

Kaplan's opinion said that the eavesdropping technique "functioned
whether the phone was powered on or off." Some handsets can't be fully
powered down without removing the battery; for instance, some Nokia
models will wake up when turned off if an alarm is set.

...
----------------------------------------
National Oceanic and Atmospheric Administration (NOAA) warning

http://www.wasc.noaa.gov/wrso/security_guide/cellular.htm#Cellular%20Phones

Cellular Phones

Your cellular telephone has three major security vulnerabilities:

    * Vulnerability to monitoring of your conversations while using the
    phone.
    * Vulnerability of your phone being turned into a microphone to
    monitor conversations in the vicinity of your phone while the phone
    is inactive.
    * Vulnerability to "cloning," or the use of your phone number by
    others to make calls that are charged to your account.

...

A cellular telephone can be turned into a microphone and transmitter for
the purpose of listening to conversations in the vicinity of the phone.
This is done by transmitting to the cell phone a maintenance command on
the control channel. This command places the cellular telephone in the
"diagnostic mode." When this is done, conversations in the immediate
area of the telephone can be monitored over the voice channel.

...    

Vulnerability to Cloning

Cellular telephone thieves don't steal cellular telephones in the usual
sense of breaking into a car and taking the telephone hardware. Instead,
they monitor the radio frequency spectrum and steal the cell phone pair
as it is being anonymously registered with a cell site.

Cloning is the process whereby a thief intercepts the electronic serial
number (ESN) and mobile identification number (MIN) and programs those
numbers into another telephone to make it identical to yours. Once
cloned, the thief can place calls on the reprogrammed telephone as
though he were the legitimate subscriber.

Cloning resulted in approximately $650 million dollars worth of
fraudulent phone calls in 1996. Police made 800 arrests that year for
this offense.5  Each day more unsuspecting people are being victimized
by cellular telephone thieves. In one case, more than 1,500 telephone
calls were placed in a single day by cellular phone thieves using the
number of a single unsuspecting owner.

...
----------------------------------------

---
You are currently subscribed to e-gold-list as: e-gold-list at kobly.com
To unsubscribe send a blank email to leave-e-gold-list-512001C at talk.e-gold.com

Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.