This article was authored by Don Sambandaraksa, and was originally posted on telecomasia.net.
Denial reigns among the cellcos in today’s post-Snowden world. While the likes of Google, Yahoo and US cloud in general has been struggling to come up with answers to surveillance, scrutiny of our cellcos has been lacking, but grassroots efforts are emerging and the metadata gathered is painting a clearer picture of different societies' attitudes towards security and privacy with somewhat surprising results.
This is a problem given how easy it is to eavesdrop on a 2G call (a trick used by the spies is to knock phones off 3G back to 2G) and arguably the move to more secure 3G and LTE networks necessitated the great Gemalto SIM heist.
One of my favourite apps in this post-Snowden world is Security Research Labs’ Snoopsnitch with not only tests your network but also contributes data to a crowdsourced map on gsmmap.org. It low-level debugging features on certain Qualcomm-based Android phones to analyse the network for vulnerabilities in interception, in impersonation / tracking and also for fake cell towers (Stingrays).
In a nutshell, many networks still use the ancient and compromised A5/1 cypher that can be decrypted with just a notebook instead of using an updated A5/3 cypher. Then there is SS7 phone hacking which can be used to track, locate or impersonate phones using low-level network commands that are often legitimately, commercially exposed to third parties by SMS mass-marketers, among others. The list is of course much more extensive but these are just some of the vulnerabilities that Snoopsnitch scans for.
One might hypothesize that cellcos are persuaded by governments to run these obsolete encryption methods to make it easier for spooks.
Snoopsnitch’s main UI has two components - the passive continuous scan for SS7 attacks and fake base stations and the results of an active scan probing network security during a call. The active scan has the absolute results and a comparison against a baseline from crowdsourced information by other users.
Thailand is pretty bad (with the exception of AIS) but that is hardly newsworthy and the results of my test were in-line with published data.
But it was the results in Singapore last year that got my attention.
Regardless of what the actual scan results are in absolute terms, my SingTel account scored very different from the baseline SingTel data gathered by the app. In fact it scored rock bottom.
So what caused this discrepancy? Either the test result was anomalous or the baseline data was.
The first would suggest that Singapore networks selectively turn down encryption for certain individuals such as journalists and other potential trouble-makers; the latter would suggest that the powers that be in Singapore actively contribute and upload falsified, sanitised data to Snoopsnitch to make the country look better than it is.
If my data point is typical, Singapore would probably join Myanmar, Cambodia and South Korea (in that descending order) near the bottom of the league. At least Myanmar and Cambodia do not pretend to be free and South Korea is technically still at war.
Or perhaps the network was just having a bad day and someone decided to turn down encryption on the day I ran the test which is more likely to be the case.
Looking further afield a small island off Western Europe is the most interesting when it comes to Snoopsnitch metadata.
One feature of the in-app map is that it shows the location and number of data points returned to encourage people to submit data in areas where it is lacking. Germany, where SR Labs is based, is dotted with data points from all over the country. Obviously the Germans have a fear of snooping and react by submitting crowdsourced data and complaining about it in hacker conferences to keep the telcos on their toes.
But that small island off the coast of Europe has very, very few data points despite The Guardian newspaper and GCHQ there being at the centre of the surveillance storm.
The UK along with Spain have the worst network security in all of Western Europe according to SR labs’ criteria, two blobs of average yellow in a continent of good green.
Overlaying the actual results of Snoopsnitch over a map of data points submitted, a clear trend becomes apparent. There seems to be an inverse correlation between network security and network trust - Countries with bad networks are questioned less and trusted more by their citizens.
From a sociological point of view, this suggests that the establishment has won the brainwashing war. The networks there are weak and nobody cares or even thinks of questioning the status quo.
Welcome to nineteen eighty-four.