What can't be done is listen in to your mobile phone conversations.
Well yes, you can, you just need something that will demodulate GSM and unpick the multiplexes. It's not something you can do with a 20 quid scanner from Tandy though ;-)
What can't be done is listen in to your mobile phone conversations.
Well yes, you can, you just need something that will demodulate GSM and unpick the multiplexes. It's not something you can do with a 20 quid scanner from Tandy though ;-)
gordonjcp wrote:
What can't be done is listen in to your mobile phone conversations.
Well yes, you can, you just need something that will demodulate GSM and unpick the multiplexes. It's not something you can do with a 20 quid scanner from Tandy though ;-)
Far easier in most circumstances to put software on the phone instead to do the same thing in the event they require to do so.
Gilbertd wrote:
Mukiwa wrote:
Every cell site is connected to GCHQ and they can access all SMS's and meta data over the phone networks.
Except for WhatsApp as it is end to end encrypted and doesn't appear anywhere on the network in a form that can be unencrypted. Which is why the security services tried to ban it......
What can't be done is listen in to your mobile phone conversations. The way GSM works is that it uses Time Division Multiplex. Each carrier is split into 10 time slots, 8 carrying speech as data and the other 2 carrying timing information. So if you were to break it down you would hear a snippet of conversation 1, a snippet of conversation 2, then 3, then 4, etc, until you get back to number 1 again. That's why music on hold sounds so bad on a mobile, because the codec is engineered for human speech as it has to fill in the gaps between slots and can't easily cope with music. CDMA and UMTS get even more complex.
GSM is decrypted at the tower - the authorities just get the feed from the carrier.
I used to work in encrypted voice comms over GSM / CDMA. It was much harder over CDMA. Also google search rainbow tables hacks. For a small price you can buy a radio called USRP with open btx loaded onto a pc attached to it. With the right knowledge (again - Google) and you can set up your own GSM base station. Chris Paget did it in 2010 see this (https://www.theregister.co.uk/2010/08/02/gsm_cracking/)
As Brian H said and I used to explain to customers it's ok putting this on your phone - can you prove it hasn't been tampered with? If the phone has been tampered with and bad guys/good guys can listen to your mic or speaker then it's game over and it's all pointless anyway!
GSM works using TDMA correct. UMTS encryption isn't that much harder to crack as it's already been done (https://www.infosecurity-magazine.com/news/3g-encryption-cracked-in-less-than-two-hours/) and (https://www.redcom.com/3g-4g-smartphone-security/)
The basic design of GSM is that the phone will ALWAYS connect to the strongest signal, so all you have to do is turn up the power. All comms normally is encrypted from tower to phone, then phone to tower. It is not encrypted once it is in the BTS equipment. Remember all the noise about back doors into Cisco/Huawei/ZTE equipment? Thats where your calls get tapped it's called "Lawful intercept". Air interface eavesdropping is easy for a state to do,very easy. Did you know that in India GSM encryption is banned? All calls (when I was in the industry anway) were in the clear.
Anyway Google is out there but I can assure you that there is much better stuff out there than Whatsapp. Whatsapp uses IP data to communicate, there are other methods that don't use IP to communicate and they are very hard to find unless you are specifically looking for them.
So the only way to not be tracked is to go full luddite, ditch all tech and live in the Gobi desert, but I bet even there they have GSM coverage these days hahahaha
Many such Public Systems are only allowed by the relevant 'Security Forces' because they are 'officially hackable' - ie. with some 'co-operation' from the Networks etc. And at times of 'National Emergency' (whatever that means these days) the GSM encryption can just be turned off of course..........
The main point is that we are all tracked/(tricked ?) at ALL times via Smartphones/GPS/Wifi/Apps...'Soclal Networking' CCTV/Face Rec/ RFID etc etc and have been for some time...but will GDPR apply after Brexit ??!
Seriously, that's why Governments store huge amounts of (unprocessed) data trails for all of us, it is 'in our best interests'...
and so that's why the bad guys now use Carrier Pigeons and Royal Mail etc instead .... or... wait... just meet in person
Many such Public Systems are only allowed by the relevant 'Security Forces' because they are 'officially hackable' - ie. with some 'co-operation' from the Networks etc
That's always going to be a losing battle, because we can always just turn up the encryption a little. The HTTPS cert for this site uses a 256-bit key which is - to put it mildly - not trivially crackable. If I felt that there was a reasonable threat of a very well-resourced government throwing a huge datacentre at brute-forcing keys I'd just change the certificate more often, and if I thought everyone had CPU power to burn (you do) I'd ramp the keysize up to 2048 bit, pushing the time to factor the keys well into the range of "heat death of the universe".
I can do you all a wicked deal on tinfoil, only three days to go on this epic deal, just PM me ;)
GJCP: ...." was a reasonable threat of a very well-resourced government ".....
Sloth: .... " wicked deal on tinfoil ".....
All I know about phone tracking is that they do!!!. I'm going back over 20 years but my at the time wife was getting 'dirty' phone calls. About 20-30 an hour! It came to a head one Saturday night when we had been out all evening and not had one call. We had just got into bed when the fukking phone rang. Now this spooked me big time. Was the fukker watching us? I immediately phoned her provider (can't remember who it was) and explained she worked in a sensitive position at Heathrow. A female detective was at the door the next day (Sunday!). She explained EVERY call and text made in this country was recorded! As most of the calls were made when my wife was at work, the DC asked my wife to note every call made the next time she was in work and write down the time and who it was from for just one hour. She had work on the Sunday afternoon and so did this. She noted 40 calls and handed this to the DC (who was based at Heathrow herself) and Monday afternoon they arrested a co-worker. Admittedly the police had had to go to court to get the permission but it took them less than a day to 'find' the fukker. Only downside of this was they wouldn't reveal anything about the guy to me apart from the fact I knew him.
Yes OldShep56, if you receive "nuisance" calls like that 'they' (The Networks) can trace/store them (for Legal reasons).....
but they really don't have the storage to record absolutely everything from everyone....
although Royal Mail may be more private now than e-mail for sure !
Back on GDPR this is the kind of thing we are all receiving now however of course:-
.........................................................................................................................................................................................................................................
We recognise that the privacy and security of your personal information is of the upmost importance.
This notice sets out what we do with your information and how we ensure its security. It also explains where and how we collect your personal information, as well as your rights over any personal data we hold about you.
This policy applies to you if you use our products or services in our shops, over the phone, online or if you are interacting with us on social media.
What sort of personal data do we collect?
Information that you provide to us by phone, online, email, post or social media such as your name, address, telephone number, email address, payment details such as bank accounts and methods of payment and feedback.
Your account login details, including your user name and password.
Books and products that you have ordered or services used
Information about any device you have used to access our Services (such as your device’s make and model, browser or IP address)
Consent
We will only collect and process your data with your consent. An example of this would be when you tick a box to receive emails about events.
When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
Contractual obligations
In certain situations, we need your personal data to comply with our contractual obligations. This may be to contact you in regard to an order you have placed or to post an item to your home address if that is what you have requested.
Legal obligations
There are occasions where the law requires that we may need to collect and process your data. For example where criminal activity relating to Blackwell’s occurs.
Legitimate interest
In specific situations, we may require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests
.....................................................................................................................................................................................................................................
But here's the (their) problem with that last one: Then who exactly decides what does/does not 'materially impact' on US ?
(...as, according to that statement, THEY do...!)
That's right.... according to them you don't actually consent to it but they can do with it what they will...
For instance if FaceBook took that stance it would make a complete mockery of the GDPR...
which currently seems to be wide open to (deliberate ?) misinterpretation
In OldShep's situation, the networks store the numbers of calls made to and received from, otherwise how would they be able to send out itemised bills? That same information can be given to plod if they request it with the agreement of the subscriber or if they have a warrant. There's nothing new in that and nothing that changes under GDPR.
As we (I) hold a lot of personal information there's been a lot of activity and training in preparation for GDPR. Basically, any information you give voluntarily to a company or person you have to opt in to them using it to send you further 'offers' rather than the previous regime where you had to opt out. Hence the notices like the one above from companies you've done business with telling you what they will use your information for. Most people will also have received, or will do very shortly, emails from companies like Euro Car Parts asking if you want to continue to receive information about their special offers and deals. This is the main difference, you have to opt in rather than opt out. The other main change relates to sharing data from someone else, whether intentionally or not. If I need to send an email to a number of different people rather than include everyone in the To or cc fields, they have to be in the Bcc field so one recipient doesn't immediately find out the email addresses of the other recipients. Only you can give out information to someone else and you have the right to ask that it is deleted once they have finished with it.
What it does mean is that all the dodgy companies that cold call can be asked where they got your details from and you can quite legitimately tell them that you don't wish to receive any further calls and they must delete your details from their database immediately.
With Oldshep56's problem it does not work with a 'burner'/PAYG phone of course, particularly if the 'perp' is mobile...
As previously stated It should always have been OPT IN not OPT OUT. that's how the problems/mess started.
But what's 'bugging' (!) me the most is how many different interpretations of GDPR there are so far...
You have been able to tell Cold Callers not to call for some time, but then they just sell your details on to another one !
Thus they delete your details from their Database but they just go elsewhere. I have been know to ask such callers to
tell me their exact postal address, fixed telephone numbers, Company Registration, etc etc... and that usually did it......
I doubt many cold call companies will delete details from databases if asked... What can people do if they don't? Even if someone could prove they were called several times by the same firm the firm could just deny being asked to delete details from their database. Typical cold caller staff are probably on bonus for number of calls they make and business generated, more likely just to put the phone down and go on to the next cold call than to be arsed deleting your details even if they'd only have to make one click on a delete button. Can't see databases stored offshore complying with new rules or call centres not using them. Even if a firm did delete details from a database, if the database were bought in the master database would still have your details. I don't expect to stop getting calls from people looking for Simon Miles anytime soon anyway!
Used to visit computer shows where mass copied CDrom's were sold, bought one called UKInfo a database of every none ex-directory landline number in the UK searchable by phone number, address, or do things like retrieve the phone number for every house on a postcode. Nothing like as in-depth data on people as discussed here and only the same info as in a phone book but even that could still be used by a cold call centre to automatically dial numbers in a target area.
My son set up a Raspberry Pi as a web filter at his house, i'm behind the times now when it comes to IT and don't remember if he said it had any benefits besides filtering ads?
Expectations are Lpgc that the whole GDPR issue will be decided by the huge fines that can be imposed if companies don't comply.
From all the "Stay on our distribution list" etc 'requests' we have all been getting recently there are a considerable range of different
interpretations of what will be expected of them now....
-They are now supposed to make it easy to OPT OUT now rather than assume if you don't/didn't respond you have thus OPTED IN....
and they are supposed to tell you what personal details they have on you if asked.... and I have done this with a few myself...
As for 'cold calls' my assumption for some time is if you 'press "X" to be deleted from their lists' they then just sell your number on
as 'live'.... Many calls now are just (deliberately) presented as "INTERNATIONAL" and so can't really be Caller ID blocked of course:
Needs sorting by BT, don't hold your breath !
Again as far as any 'Services' are concerned if they are 'free' then WE are "The product" (and have been for 15+ years...).....
It's a bit gloomy but such 'Social Networking' Services have been sold just like drugs... their first ones are also 'free' ?
_
One thing that narks me - When in a shop paying at the til if they ask you for any or all of postcode, phone number, name, business name, email address. Tell them you don't want to give them the info and they sometimes act like you've insulted them or as though you're the exception and must be paranoid. If I'm under a car and hear my phone beep it's annoying to get out to check it just to read that summers here so I might be interested in Halfords sale on pushbike helmets or MachineMart's 20% off patio log burners.
Machine Mart is probably the only one I've said yes to continue getting emails from, as the VAT free days are sometimes handy. That said... I still don't want a bloody log burner or stove.
Working in a B2B and B2C industry (in IT, thankfully, and even more thankfully not a bit of IT responsible for GDPR fun), it has been interesting seeing from the inside what is required of us to comply. That said, we take this kind of thing seriously, as we do with other compliancy requirements... because we've seen people and companies we work alongside get flushed down the toilet for thinking its a waste of time, and then getting caught out.
davew wrote:
As for 'cold calls' my assumption for some time is if you 'press "X" to be deleted from their lists' they then just sell your number on
as 'live'.... Many calls now are just (deliberately) presented as "INTERNATIONAL" and so can't really be Caller ID blocked of course:
Needs sorting by BT, don't hold your breath !
I got one a couple of hours ago. cold call from a company doing a consumer survey. I've had these before, it will only take a couple of minutes but their definition of a couple is wildly different to mine..... The number that came up on my phone was a UK mobile number (07481 141993 if anyone fancies setting up an autodialler to it). He asked me to confirm if my name was Richard Gilbert, then could I confirm that my phone number was the one he'd just called me on, then asked me to confirm if my postcode was PEx xxx and then asked what age range I fell into. Told him that as today is the 25th and the EU GDPR regulations have now come into force, he had no right to have, let alone use, my personal details and they should be deleted immediately. The reply I got was rather surprising, I'm very sorry to have troubled you sir, your details will be deleted and we won't call you again. We'll see if it happens.
Looks like this mystery caller has been fairly busy.... https://180info.co.uk/number/07481141993....
Wonder if he will stop now or just sell it on...?
Not done it yet but the next time I am asked for personal details I will just say no - GDPR !
Lpgc wrote:
One thing that narks me - When in a shop paying at the til if they ask you for any or all of postcode, phone number, name, business name, email address. Tell them you don't want to give them the info and they sometimes act like you've insulted them or as though you're the exception and must be paranoid. If I'm under a car and hear my phone beep it's annoying to get out to check it just to read that summers here so I might be interested in Halfords sale on pushbike helmets or MachineMart's 20% off patio log burners.
Halfords are particularly bad for it, but that'll have to change. They can only insist on the information that is necessary for carrying out the contract (ie the sale of the goods) and they have to explain why they capture the information and what they use it for. If it isn't necessary for the contract then you can just say "no". In future. If it works as intended. Under GDPR you have the absolute right to refuse processing of your personal information for marketing purposes, so if Halfords store all this stuff and market to you they could eventually end up with a pretty stiff fine.
Gilbertd, one of the main changes under GDPR is the right to deletion of your personal information so you were bang on :)
One of the cold calling energy companies has an opener "Hi can I speak with Emma please?" If you say that there is no Emma away they go....
I kept them on the phone while driving one day for over an hour. Great fun hahahahha
Then did a redirect to an answer phone hahaha. I recognise the number blocks so every time they call I add that number to the reject / redirect list.