Cell phone phreaking

**gore** · January 11th, 2006, 09:25 PM

I'm famous where I live for this type of thing. There was a thread a while back about how "Hackers in Michigan were breaking into the wireless head sets" of fast food places saying you're to fat to have a whopper. Again, those are so easy to get into it's not even funny.

**tyger_claw** · January 11th, 2006, 10:30 PM

The frequencies for phones varie between type of service (GSM, CDMA, TDMA) and where you are physically located (850, 900, 1800, & 1900mhz):
http://www.thetravelinsider.info/roa...bandphones.htm

Each provider does have his own set of frequency channels to use, and secures them with their technology and the technology available for their feed:
http://www.gsmworld.com/using/algorithms/index.shtml

What has to be done is you have to crack the encryption on the signal and take in the feed. It's not as simple as picking up a radio scanner or portable phone on an older 900mhz frequency (now all phones are 2.4ghz) like it used to be with analog cell phones.

The only way someone can eavesdrop is by having a device that intercepts the signal, have something (like a pc and and decryptor) breaking the encryption and decoding the message to plainvoice (or data if it's a data packet).
http://www.theregister.co.uk/2003/09...rack_gsm_code/

References:
http://www.gsmworld.com/index.shtml
http://www.iec.org/online/tutorials/tdma/
http://www.webopedia.com/TERM/T/TDMA.html
http://www.arcx.com/sites/CDMAvsTDMA.htm

....

As for stealing the ESN. It's like MAC Spoofing on a WiFi connection. The signal crashes when two are using it. If you use another ESN number, the only purpose would be to use someone else's account to make calls or intercept calls (since the network will only choose one phone and send the call there)

....

As for the talking in some fastfood places headsets or fastfood intercoms, they are using old transmitters working on the 900mhz band. Most places have now switched to the 2.4ghz headsets which have auto switch channels in case of communication collisions

**tyger_claw** · January 11th, 2006, 10:30 PM

The frequencies for phones varie between type of service (GSM, CDMA, TDMA) and where you are physically located (850, 900, 1800, & 1900mhz):
http://www.thetravelinsider.info/roa...bandphones.htm

Each provider does have his own set of frequency channels to use, and secures them with their technology and the technology available for their feed:
http://www.gsmworld.com/using/algorithms/index.shtml

What has to be done is you have to crack the encryption on the signal and take in the feed. It's not as simple as picking up a radio scanner or portable phone on an older 900mhz frequency (now all phones are 2.4ghz) like it used to be with analog cell phones.

The only way someone can eavesdrop is by having a device that intercepts the signal, have something (like a pc and and decryptor) breaking the encryption and decoding the message to plainvoice (or data if it's a data packet).
http://www.theregister.co.uk/2003/09...rack_gsm_code/

References:
http://www.gsmworld.com/index.shtml
http://www.iec.org/online/tutorials/tdma/
http://www.webopedia.com/TERM/T/TDMA.html
http://www.arcx.com/sites/CDMAvsTDMA.htm

....

As for stealing the ESN. It's like MAC Spoofing on a WiFi connection. The signal crashes when two are using it. If you use another ESN number, the only purpose would be to use someone else's account to make calls or intercept calls (since the network will only choose one phone and send the call there)

....

As for the talking in some fastfood places headsets or fastfood intercoms, they are using old transmitters working on the 900mhz band. Most places have now switched to the 2.4ghz headsets which have auto switch channels in case of communication collisions

***RoadClosed*** · January 11th, 2006, 10:31 PM

Cell phones today cannot be listened too. At least one you bought in the last 2 years since they don't sell analog insecure phones anymore. So at least the digital ones CANNOT be listened too. If someone says they can, they are full of **** and NSA and the FBI would like to talk to you because they can't untile it is decoded right before entering the PSTN, so even land lines connecting the towers are encrypted. Someone can duplicate your ESN in some circumstances but they also need your SIM card so what if they do, it's right on your phone sticker anyway.

Coordless phones you can listen too. With analog cell systems that was not the case, in fact those phones used the same technology that coordless wall-mart phones use. And any old radio shack POS scanner could pick them up. People do not buy the encrypted phones because they cost too much. I doubt you can pick up coordless phones on a tv unless they are really old. VHF and UHF tv recievers don't tune that high. ESPECIALLY 2.4 ghz. Impossible. Not to mention the modulation techniques are different. But back in the day they were VHF. But today no way a tv cannot tune that high.

Cell phones today are little computers with fast processors and a lot of power. If you want security buy Nextel their encryption cannot be broken, the system is scrubbed every 24 hours and there is only a small area where it can be intercepted. About 2 feet of digital PSK before it's put on the SS7 telephone network.

When I am bored I jam the local drive through at Wendys and talk over their coordless headsets. They are just walki talkies like FMRS. It's like saying you beak into FMRS when you all share the same limited set of frequencies. At least to beak into something you would have to force their radios to unsquelch if they are coded to listen to certain tone combinations.

My opinions...

Kevin Mitnick was caught by cell phone triangulation wasn't he

Don't think so.

***RoadClosed*** · January 11th, 2006, 10:31 PM

Cell phones today cannot be listened too. At least one you bought in the last 2 years since they don't sell analog insecure phones anymore. So at least the digital ones CANNOT be listened too. If someone says they can, they are full of **** and NSA and the FBI would like to talk to you because they can't untile it is decoded right before entering the PSTN, so even land lines connecting the towers are encrypted. Someone can duplicate your ESN in some circumstances but they also need your SIM card so what if they do, it's right on your phone sticker anyway.

Coordless phones you can listen too. With analog cell systems that was not the case, in fact those phones used the same technology that coordless wall-mart phones use. And any old radio shack POS scanner could pick them up. People do not buy the encrypted phones because they cost too much. I doubt you can pick up coordless phones on a tv unless they are really old. VHF and UHF tv recievers don't tune that high. ESPECIALLY 2.4 ghz. Impossible. Not to mention the modulation techniques are different. But back in the day they were VHF. But today no way a tv cannot tune that high.

Cell phones today are little computers with fast processors and a lot of power. If you want security buy Nextel their encryption cannot be broken, the system is scrubbed every 24 hours and there is only a small area where it can be intercepted. About 2 feet of digital PSK before it's put on the SS7 telephone network.

When I am bored I jam the local drive through at Wendys and talk over their coordless headsets. They are just walki talkies like FMRS. It's like saying you beak into FMRS when you all share the same limited set of frequencies. At least to beak into something you would have to force their radios to unsquelch if they are coded to listen to certain tone combinations.

My opinions...

Kevin Mitnick was caught by cell phone triangulation wasn't he

Don't think so.

***The Duck*** · January 12th, 2006, 10:56 PM

If my memory serves me correctly, I beleive there was a way to intercept bluetooth frequencies or something... I remember reading that bluetooth is very insecure... Can anyone confirm this?

***The Duck*** · January 12th, 2006, 10:56 PM

If my memory serves me correctly, I beleive there was a way to intercept bluetooth frequencies or something... I remember reading that bluetooth is very insecure... Can anyone confirm this?

**Deeboe** · January 12th, 2006, 11:10 PM

Originally posted here by The Duck
If my memory serves me correctly, I beleive there was a way to intercept bluetooth frequencies or something... I remember reading that bluetooth is very insecure... Can anyone confirm this?

It is possible. A quick search on Google gave a few examples on how to do it. (I found some pretty scary stuff out there that I will not post. Don't want the dang Skiddies to see them)

Dang Skiddies!

-Deeboe

**Deeboe** · January 12th, 2006, 11:10 PM

Originally posted here by The Duck
If my memory serves me correctly, I beleive there was a way to intercept bluetooth frequencies or something... I remember reading that bluetooth is very insecure... Can anyone confirm this?

It is possible. A quick search on Google gave a few examples on how to do it. (I found some pretty scary stuff out there that I will not post. Don't want the dang Skiddies to see them)

Dang Skiddies!

-Deeboe

***Agent_Steal*** · January 13th, 2006, 07:21 AM

If my memory serves me correctly, I beleive there was a way to intercept bluetooth frequencies or something... I remember reading that bluetooth is very insecure... Can anyone confirm this?

Hi there The Duck to answer your question just do a google search for the following :

[1] Bluejacking
[2] Bluesnarfing
[3] Bluebugging

Serious flaws in bluetooth security lead to disclosure of personal data

some interesting stuff indeed ....

Thread: Cell phone phreaking

Thread Tools

Display

Posting Permissions