All the hoopla about security in wireless networks is focused, in most cases, on the capture of upfront, signaling information.
When those codes are acquired, the phone can be cloned. It’s an illegal activity that costs carriers a great deal of money.
But what has not been a part of current discussions is the privacy of an over-the-air conversation.
The majority of cellular subscribers today use analog phones. That means two things in terms of security, according to Transcrypt International Inc., a Lincoln, Neb.-based company that specializes in encryption security.
Scanners can pick up codes over the air that allow them to clone the phone. This is a nuisance to the customer and a horrendous expense to carriers.
Inexpensive scanners can easily pick up analog conversations. It’s not an expense to carriers, but is a problem for users that engage in sensitive conversations.
Because carriers lose money to cloning, they have invested a great deal to fight the activity, primarily by adding authentication and other anti-cloning schemes to their networks.
But voice privacy isn’t a financial issue for carriers.
“This is no different than any other market,” said Joel Young, vice president of engineering at Transcrypt. “Needs are answered based on demand.”
And demand for encrypted voice is coming from special groups at this time. Transcrypt builds a module that plugs into a cellular phone speaker or mike. It uses proprietary algorithms and scrambles the conversation. It only encrypts over-the-air conversation, not the upfront signaling. That problem is being addressed by carriers, Transcrypt said.
The module can be retrofitted into a user’s favorite phone. Transcrypt also buys several phone models from Motorola Inc., fits them with the encryption module and sells them as the CryptoPhone.
Members of Congress use the CryptoPhone along with the White House staff. Other CryptoPhone users include attorneys, doctors, bankers and anyone else having sensitive conversations.
Carriers must install a de-encryption device at the switch. Or the de-encryption device can connect to a Private Branch Exchange, if private calls are often made to that destination.
When digital systems become prevalent, criminals can be expected to come up with the appropriate cloning equipment. No question breaking into those networks will be harder, especially Code Division Multiple Access with its coded, scrambling process, Young said. And breaking digital will require more complex, expensive equipment but on the criminal side, if demand is high enough, the cost will come down, he said.
Security breaches via technology are just a part of the problem, said Winston Smith, technical director at Entel Technologies Inc. of Arlington, Va.
Hackers also try to crack the people behind the network to get in.
“Criminals and hackers know how to get at people, to sweet talk and exploit people inside the cellular operator. They may pretend to be a computer technician from out of town looking for a password, or act like a customer that has lost account information,” Smith said.
Entel works with carriers to devise internal security solutions, as well as computer software solutions that block access if the person is unauthorized.
“The criminals may just hire someone inside the company to walk around looking at notes by the computer, looking for passwords. Breaches of internal security controls are what lead to financial losses from fraud and sabotage,” he said.
In mid-March, a cryptography company in Minnesota released a report on the Internet claiming it had broken part of the cryptographic algorithms for digital cellular. Smith said he noticed the report included kudos to an anonymous source that had provided internal specifications.
