eavesdropping a 3G call

Discussion in 'other security issues & news' started by waffleval, Jan 25, 2008.

Thread Status:
Not open for further replies.
  1. waffleval

    waffleval Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    2
    hi all, i am working on a final year project on 3G security.. looking in depth into the eavesdropping of a 3G call. i look at many literature reviews and some thesis..but didnt really get the exact way to eavesdrop a 3G call.

    "Once encryption is disabled, the intruder can capture signalling and user traffic" quoted from http://www.arib.or.jp/IMT-2000/V640Dec07/5_Appendix/R99/21/21133-320.pdf

    the way to disable the encryption is to look into the algorithm...but i wonder how can i capture signalling and use traffic?
     
  2. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    first step is to get a antenna capable of roughly 1900mhz - 2200mhz, to capture the transmissions.. then have fun breaking the ss7 cs stream :ninja:

    (side note, old GSM was about as hard as a walk in the park to de-crypt on the fly.)

    ss7 cs/ps is just slightly harder, not much though.

    and no, i won't shed light on this due to the fact that i am already numero uno on dark helmets hit list :blink:
     
  3. waffleval

    waffleval Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    2
    hey, thanks for your reply. but may i noe what is ss 7 cs stream?

    cos according to my research, tot i only need to find ways to disable the encryption of the F8 Confidentiality algorithm
     
  4. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    ss7 is a signalling protocol developed by at&t (i think, either that or bell.. some big american company anyway).

    it's used for PSTN and also umts networks.

    basically, you have to sub-sets into ss7, the cs and ps parts.

    cs = circuit switched, as in voice calls
    ps = packet switched, as in data traffic

    you need to first of all be able to listen in to this protocol to be able to see the other parts. all of the phone traffic is encapsulated inside ss7.
     
Loading...
Thread Status:
Not open for further replies.