A year of spying

This article was authored by Don Sambandaraksa, and was originally posted on telecomasia.net.

Last year was but a taste of the abuse of power that the spy agencies of the Axis of Espionage has unleashed upon the people of the world. From PRISM and interception of Facebook, Google, Yahoo to TEMPORA tapping of worldwide fiber optic cables to the collection of telephone metadata.

Away from Snowden we had Germany’s Der Spiegel helping show how BlackBerry encryption had been cracked and how the NSA had intercepted German Chancellor Angela Merkel’s smartphone.

By the time the new year was upon us, revelations of the NSA developing quantum computers to break encryption and reports of them spying on members of the US congress hardly came as a surprise.

More recently the snapchat database leak was there to prove the logical fallacy of trusting a central authority with privacy, and also the fact that commercial companies on the interwebs only respond to shock and awe rather than polite messages pointing out their flaws (LINE IM security).

One website I came across in December was gsmmap.org. It is an interactive map of GSM network security in various countries throughout the world by Security Research Labs. The site relies on crowdsourced data and users of compatible phones (older Samsungs, most Nexuses) can install an app to collect live network data and contribute to the dataset.

SR Labs shot to fame back in 2007 at the Chaos Computer Club meeting where Karsten Nohl demonstrated how easy it was to locate a GSM phone to a certain cell site and intercept a GSM call and decypher the scrambled message.

The A5/1 encryption, designed back in 1987, has been proven ineffective given the progress in computing power. In his demonstration, Nohl was able to locate, intercept and – with just a laptop, a rainbow table of keys, and some simple phones – decypher a voice call he made on a live, commercial network. No exotic FPGA decryption hardware was even needed.

Since then SR Labs has been issuing country reports rating the networks in many countries around the globe in three aspects – protection from interception, impersonation and tracking.

In Asia, only two countries have been rated in the report, Myanmar and Thailand.

The Myanmar report, issued in December 2012, was unsurprisingly given a red rating, with minimal points in all aspects. The authors said that users were not protected from interception, that impersonation was possible with simple tools and all the networks allow for user tracking.

The Thailand report was issued more recently in February 2013. Interception and impersonation were given low points by all three networks, but of the mediocre bunch, only AIS stood above the crowd with protection against tracking of its users.

All networks used the compromised A5/1 except AIS’ 1800 network which occasionally (2% of the time) used no encryption at all.

I asked the semi-anonymous Bangkok-based information security consultant The Grugq what he made of the report.

Interception and impersonation was not of interest as the technical measures offered no real protection from state spying of the rich or those in politics (which, in Thailand, is often one and the same).

His main interest was the tracking aspect. Tracking can work either by tapping into MSC information in SMS delivery, which is accurate to a city level. In this scenario, only AIS masked the MSC to prevent tracking.

Another is through access to the HLR.

“The primary value here, I believe, is the protection of the HLR data against third party queries,” he said.

“This is something that is a bit obscure, even for infosec professionals. Many SMS service providers offer HLR queries as a service, allowing anyone with a credit card to discover the general physical location of any mobile phone number. That AIS has taken steps to protect against this practice is the only positive note in the whole Thailand report.

“Personally, I would be seriously considering switching to AIS as they appear to be the least bad of some very poor options.”

Looking further west, most of Western Europe is green with good protection on all three measurements. The exceptions are the UK and Sweden, both of which have overall scores that come in lower than Thailand. The lack of security and the fact that UK is home to CGHQ and Tempora makes one wonder about flurry of news reports in the summer that questioned national security in light of Huawei systems being used in the UK’s telecommunications infrastructure.

If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!

Categories: Other Posts · Security