Who Is Listening?

We hear a lot about the privacy and security of cellular conversations.  Most of the focus is, knowingly or otherwise, on the vulnerabilities inherently present over the air-waves.  Most laymen, unfamiliar with the availability and usage of encryption techniques, look at the problem very superficially.  I often hear, “The conversation is transmitted over the airwaves.  All you need is a receiver and, bingo, you can eavesdrop on anybody you want!”  As you know, a wireless professional’s life is not that simple.  That said, let me add that the focus of this piece is not on the air interface, how sophisticated an eavesdropper would have to be (or not be) to listen in on a conversation, but on a recent fiasco experienced in Greece by Vodafone.

The matter has received some international press coverage, including the US, but obviously not nearly as much as in Greece.  While the investigation as to what happened, who did what, why, how, etc., is ongoing, some have dubbed this matter the ‘Greek Watergate’. The role of the government in this episode is less than clear.  What is clear is that the Greek government was notified by Vodafone of the breach in March 2005 but did not disclose the issue until recently.  While the political issues are plentiful and intriguing enough, our focus is more on the technical issues as the system that was breached was the GSM system, the most widely used mobile communications system in the world.

Apparently what happened is pretty straightforward.  Someone implanted some code into the MSC that would get triggered every time a call was made to or from a set of mobiles.  Interestingly enough the set included the mobiles of prominent politicians and other leaders, including the Prime Minister himself.  Having been triggered, it apparently “routed” the call to one of a handful of mobiles where a recording device recorded the conversation.  Who “patched” the MSC, why, how, and with whose knowledge and permission are matters that remain very murky.  Add to the mix the death of a Vodafone employee right around the time the breach was disclosed to the government in March 2005 (not a typo; yes, almost a year ago)—a death that at the time was ruled a suicide and is now under review—and the problem becomes that much more difficult.

At a technical level, though, one must ask some simple questions.  While GSM as well as subsequent systems, such as UMTS and cdma2000, have pretty strong encryption schemes in place, they only protect one at the air interface.  In some sense, the air interface was perceived as being the most vulnerable “link” of the end-to-end conversation, but what happens ‘inside the network’?  How was it even possible to implant some listening software into the MSC’s software without a bunch of alarms going off?  If it happened once in Greece, is it reasonable to be concerned that it happened elsewhere or even that it’s happening as we speak?

What are the standards bodies and the vendors doing to prevent similar breaches in the future, within GSM but beyond it as well:  UMTS, cdma2000, WiMAX, etc.?  Your thoughts, whether on the politics or technology, are welcome!