Phone tap technology widely available; both GSM & CDMA phones easy to tap

NEW DELHI: The staggering collateral damage of the leaked Radia tapes has alerted Corporate India to the danger of phone tapping. While there is a great deal of concern over government agencies misusing their power to intercept phone conversations, the far bigger danger is in phones being tapped illegally by unauthorised private parties.

Technology available today makes it very easy to intercept and record phone conversations passively, without the callers or the telecom operator noticing.

The ease and cost-effectiveness of passive interception technologies available today have tremendous implication for corporate data security and corporate espionage. Many of these technologies might already be in private hands and we will never know whose phones have been tapped and what corporate secrets compromised.

“A lot of the stuff we see in the James Bond movies is actually true,” said Vikas Desai, lead technology consultant for India and Saarc region at RSA, a security consulting firm.

“Whenever there is a device between the conversation of two people — be it a router, base station or a switch — the dialogue can be easily tapped. It is especially true now that many operators are relaying their traffic via internet pipes,” he added.

Both GSM & CDMA phones easy to tap

About 80% of India’s 483 million active mobile subscribers (as of September, according to Trai) use GSM technology, characterised by the use of a small chip called SIM card and deployed by operators such as Airtel, Vodafone, Idea, etc. The rest use CDMA technology, used by companies such as Reliance Communications and Tata Teleservices. Both standards are prone to easy interception.

Being the more widely used telecom standard around the world, equipment for GSM interception is more easily available. A number of websites sell off-the-shelf interception equipment they will ship anywhere in the world and many of them will also customise surveillance systems for the user. Some vendors insist on end-user certificates and government authorisation.

An email enquiry sent by an ET reporter to Shield Security, a firm that deals in surveillance equipment, was returned with a note saying the firm dealt only with government agencies. Many websites don’t insist on such clearances. Once such systems are available in the market, their availability in the grey market is anybody’s guess. Local resellers of security equipment are also said to be selling such systems.

Intercept Monitoring Systems does not list a physical presence anywhere in the world on its website. The website will sell you an Active GSM interception system with a range of 2 km and the ability to record 4 conversations simultaneously for $400,000 (Rs1.8 crore). Delivery within 30 days.

A more advanced fully passive GSM interception system with a range of 20 km and the ability to intercept up to 240 conversations simultaneously will set you back by $990,000 (Rs 4.5 crore). A range of products that cover GSM, CDMA and satellite phones are available on this website. Several similar websites offer such products and advertise customised surveillance products.

Most accept payments through wire transfers, Paypal and credit cards. In theory, it should be impossible to bring in such equipment to India. But due to their compact size, such equipment might go unnoticed in a larger consignment. There is also the recourse to smuggling in the equipment.

People familiar with such technologies say there are agents in India who can sell you such equipment. “The cost is also much lower now. You can get very powerful machines for about Rs65 lakh,” a person with knowledge of such equipment said.

Most of these kits are highly portable, involving little more than a suitcase-sized box, a powerful laptop that can run three softwares simultaneously and a powerful antenna.

It’s an indication of the lack of the government’s awareness of the danger of illegal tapping that it has never asked the telecom regulator to come out with guidelines to prevent such interception. According to Section 25A of the Indian Telegraph Act, 1885, anybody who intercepts the content of any message is liable to be punished with imprisonment up to three years or a fine or both.

Another danger of the lack of awareness about such technology is that even top government officials who regularly handle sensitive information might be prone to undetectable surveillance.

Passive interception and active interception are two of the most popular ‘off-the-air’ interception techniques available. In passive interception, the system listens into the conversation between the mobile phone and the nearest base station of the telecom operator.

These products come bundled with advanced software that can help identify the target using a number of different parameters. This means using any information such as the target’s mobile number, location, make of the handset, or the International Mobile Subscriber Identity (IMSI) number in isolation or in combination to narrow down on the target.

Once the IMSI number is cracked, a phone can be easily tapped everytime it makes a call. Many of these kits come with a phone that can send a ‘silent SMS’ to a phone to obtain its IMSI number.

Active interception involves the creation of a rogue base station that sends out a signal that is stronger than that of the legitimate base station owned by the telecom operator. In effect, the rogue network mimics the real network. Mobile phones are designed to switch to the strongest network available. In 2G networks, the phone is required to authenticate itself to the network but the network is not required to authenticate itself to the phone.

Hackers have exploited this well-known loophole for years. In July, at the Defcon security conference in Las Vegas, ethical hacker Chris Paget shocked attendees with a homemade device that could easily tap and record conversations on 2G GSM networks using the active interception method.

While the technique was not new, what was shocking was the amount it cost him to develop the equipment — $1,500 (Rs67,500). And most of that was the cost of the laptop used to operate the system.

The more advanced 3G network requires two-way authentication between the mobile phone and the network. But Paget, who has in the past demonstrated the vulnerabilities of wireless security systems such as radio frequency identification systems, is able to deploy a jammer to block the 3G signals.

This prompts most phones to switch to the available 2G network, thus becoming vulnerable to the active interception attack, also known as a ‘man in the middle’ attack.

One way to secure your phone conversations is to deploy an additional layer of proprietary encryption. Rogue networks have the ability to crack the simple encryption used by GSM networks. But smartphones used these days can generate complex encryption keys to secure conversations and text messages.

There are German and Israeli phones available in the market that claim to be secure. But these are expensive. A package including the phone and encryption costs Rs 40,000-50,000 for three months.

(With inputs from Harsimran Julka, Avinash Celestine and Joji Thomas Philip)