Hello! I am glad to introduce you to new material in my blog about mobile security! Do you know how the phone is put on wiretapping? Can any unauthorized person use this service if he wants to access your personal information? How can I protect my confidential data? In the article, I will try to answer in detail all the related questions, and this material will end with an up-to-date video on the same topic, recorded especially for you!

Technically, putting your phone on a wiretap is a daunting task. I have carefully studied this topic, so I can draw some conclusions. At first, physical devices to intercept conversations, we immediately sweep aside. Cellular signals are sent with complex encryption, making it difficult to eavesdrop on your conversation. If the special services require it, then everything is much simpler, since the work is carried out directly with the mobile operator. But no outsider will be able to get access there!

I decided to look on the internet if there are special programs, which will help to put on wiretapping any phone. I reviewed a lot of applications for an Android smartphone, but there was no really working software there. But there are a lot of scam and trick programs, which are better not to be installed at all! You can even accidentally pick up viruses! But this was not the end of my search.

The next interesting idea was to find a service that allows you to copy information remotely. Creation backup- a useful service that would be useful in case you lose your mobile phone, or if something happens to your memory. Even a simple breakdown can lead to the collapse of important data, especially if you are using your phone for business communication. It will not work directly to wiretap the phone through such a program, but a copy of information, including correspondence on social networks and recordings of conversations, will be sent to Personal Area located on a separate server.

In Android, a mobile phone will need to install a special program, see my video on setting up after the article. I liked the ability to send data not over 3G traffic, but over Wi-Fi. With regard to compatible software, a very large number of clients are supported for social networks, as well as a variety of messengers! I have no complaints about work, I use it myself regularly.

As a result, I thought that an attacker may not need any special programs to install wiretaps on the phone, because everything can be done much easier! Imagine yourself that someone will install an application on your smartphone like the one described above! But which one is not important! Antiviruses will not detect and block it, since this service utility is only useful, in capable hands. Sending information remotely is not considered a violation for operating system because it can be used to store important data.

So try not to leave mobile phone in the office without supervision, and also do not transfer the phone to unfamiliar people! And, of course, update your antiviruses regularly, do not visit dubious resources. If the service, which I told you about, interested you, then be sure to watch the video after this article. But do not install such programs on other people's mobile phones! Nobody would like that!

The modern world is full of people's mistrust of each other. Often, many couples in love quarrel with each other about any suspicions of treason, misunderstandings and many other reasons. Often, such situations lead to serious quarrels, and sometimes to parting. Truly loving couples cannot just give up and go to extreme measures, sometimes even illegal.

Listening to your partner's cell phone is a prime example.

The Internet industry does not stand in one place, technologies are developing every day, so listening to the phone today will not be difficult for a teenager, even if he does not have large sums money and special skills in using the phone and special programs.

Listening to the phone in modern times is actively popular with a huge number, because by tracking the conversation of the people you need, you can learn a lot useful information, and most importantly - honest. Soon you will be able to sort out all the misunderstandings, misunderstandings that previously led to inevitable quarrels.

It has long been no secret that they can listen to your conversation at any time, and cellular operators are doing it quite legally and officially. This is done so that in case of difficult situations, law enforcement agencies have the opportunity to listen to the conversation committed by the suspect. And as they say: "The Internet has an eternal memory." If desired, the operators are able to find a recording of your conversation, which is more than a week old. But it's worth knowing that no one will listen to you for no reason. This procedure requires permission, the law today is on the side of ordinary civilians. No one will listen to your conversation without good reason.

It has already been said that wiretapping can only be superficial, and your colleagues, relatives and other people in your environment have the ability to wiretap, so protecting yourself from eavesdropping on your conversations comes to the fore, but this topic will be discussed in detail later.

Closer to the subject - how to write phone conversation the person you need? First of all, you need to decide on the ways and possibilities.

There are only a few ways to listen to and record the conversation of your "victim"

1. The most common - with the help of a cellular operator, this topic has already been sufficiently disclosed.
2. The second method is expensive and effective, but unfortunately illegal. It is about wiretapping the phone using the base station spoofing.
3. The third method is explained by the interception and decryption of a 64-bit encryption key.
4. And the fourth - the easiest way is to introduce special software into the phone that is capable of recording a telephone conversation.

Now in more detail. If everything is clear with the first method, then a lot can still be said about the second, so - listening to the phone by replacing the base station.

This method is a passive method of listening to the telephone. To use this method, you need to have a lot of money. Here keyword- "big". On the black market, prices for such equipment start at around several hundred thousand euros. With such an installation, you will be able to listen to the phones of people around you within a radius of 500 meters. Today, this equipment is well studied, all instructions, operating principles and other information related to the operation of a "spy" device can be found on the Internet.

The manufacturers of this listening system are convincing that conversations can be tapped in real time, that is, having bought this device, you will not have to wonder how to record the telephone conversation of your "victim". The system listens to a telephone conversation not using a mobile phone, but using a SIM card, that is, the owner of such equipment has full access to the database of your cellular operator. But there are times when it is impossible to get access to the database. But here, too, there is a way out. The equipment is able to similarly monitor the conversation of the person you are listening to and give you his conversation, but with a small delay. This is due to the fact that the system needs to decrypt the code... The system is completely mobile and can listen while driving.

There is also active intervention. For active intervention, special mobile complexes are used. A similar complex is a pair of phones and laptops, which are slightly modified. The price for them is lower, but also bites enough - a couple of hundred thousand dollars. In rare cases, the price reaches 100-200 thousand dollars. The weak point of this equipment is that only highly qualified specialists can work on it. Principle of operation this device lies in the fact that it is able to intercept the signal sent by the "victim" to the operator, that is, with the help of this device you can become an intermediary. From the moment of "capture" the specialists are able to do everything that the operator can do with the captured call.

It is impossible to determine that you are listening to someone with this equipment.

When it comes to intercepting a conversation with cell phone then do this procedure will not be a problem, because often the receiver operates at a frequency of 800 or 1900 MHz. A significant problem is discovered when listening to the conversation. Only noise will be available to you, there will be no intelligible speech. This is explained by the 64-bit encryption key. But the Internet is already replete with various tactics of bypassing this encryption or the possibility of decryption, respectively, this incident should not arise. Based on the information on the Internet regarding listening with a 64-bit encryption system, you can assemble a complete listening device.

And finally, the final listening method with which you can learn how to record a telephone conversation.

Here we will talk about installing a special spyware software to your victim's phone. There are a lot of various applications related to this topic on the Internet today, so it will be very easy to download the applications.

The software you need is installed on the victim's phone at the moment when she does not notice it, that is, the phone you need should remain invisible for 10-15 minutes. During a call, special programs are able to activate the third line. You will be this third line, that is, the conversation will be fully broadcast to your number. The only drawback of these programs is a number of shortcomings under specific model phone that you will have to fix yourself. But this is the simplest and most important thing - a free method of listening. You can listen this way to almost any person who has close contact with you.

Don't want to become a "victim"? Below are the basic rules that can warn you against this threat..

1. Don't give opportunities in the first place automatic systems download various software to your phone, where you can also detect malware.
2. You should not trust everyone in a row and give the phone to the wrong hands.
3. Pay close attention to extraneous interference and noise during a conversation.
4. Install an antivirus.
5. Discuss serious topics not by phone, but in person.

If you are determined to start listening to someone's phone, then you should think about it again, because you can end up behind bars this way. Be vigilant and don't give people a reason to listen to you. No one will do this for no good reason.

Video about how to listen to the phone

The most obvious way is official wiretapping by the state.

In many parts of the world, telephone companies are required to provide access to wiretapping lines for the competent authorities. For example, in Russia, in practice, this is done technically through SORM - a system of technical means for ensuring the functions of operational-search measures.

Each operator is obliged to install an integrated SORM module on his PBX.

If a telecom operator has not installed equipment on its PBX for wiretapping the phones of all users, its license in Russia will be canceled. Similar programs total wiretapping operates in Kazakhstan, Ukraine, the USA, Great Britain (Interception Modernization Program, Tempora) and other countries.

The venality of government officials and intelligence officers is well known to all. If they have access to the system in "god mode", then for a fee you can get it too. As in all government systems, in the Russian SORM - a big mess and typical Russian carelessness. Most of the technicians are actually very poorly qualified, which allows unauthorized access to the system without being noticed by the intelligence services themselves.

Telecom operators do not control when and which subscribers are listening on SORM lines. The operator does not check in any way if there is a court sanction for wiretapping a particular user.

“You take a certain criminal case about the investigation of an organized criminal group, which lists 10 numbers. You need to listen to a person who has nothing to do with this investigation. You just finish off this number and say that you have operative information that this is the number of one of the leaders of the criminal group, "they say knowledgeable people from the site "Agentura.ru".

Thus, through SORM, you can listen to anyone on a "legal" basis. Here's a secure connection.

2. Wiretapping through the operator

Operators cellular communication in general, without any problems, they look at the list of calls and the history of movements of the mobile phone, which is registered in various base stations according to its physical location. To receive call records, as in the case of special services, the operator needs to connect to the SORM system.

It makes little sense for Russian law enforcement agencies to install Trojans, unless they need the ability to activate the smartphone's microphone and record, even if the user is not talking on a mobile phone. In other cases, SORM copes well with wiretapping. Therefore, the Russian special services are not very active in introducing Trojans. But for unofficial use, it is a favorite hacking tool.

Wives spy on their husbands, businessmen study the activities of competitors. In Russia, Trojan software is widely used for wiretapping by private clients.

The Trojan is installed on a smartphone different ways: via fake software update, across email a fake app, an Android vulnerability, or popular software like iTunes.

New vulnerabilities in programs are found literally every day, and then very slowly they are closed. For example, the FinFisher Trojan was installed through a vulnerability in iTunes that Apple did not close from 2008 to 2011. Through this hole, any software on behalf of Apple could be installed on the victim's computer.

Perhaps such a Trojan is already installed on your smartphone. Don't you think that your smartphone battery has been discharging a little faster than expected lately?

6. Application update

Instead of installing a special spyware Trojan, an attacker can act even more intelligently: choose an application that you yourself voluntarily install on your smartphone, and then give him full authority to access phone calls, recording conversations and transferring data to a remote server.

For example, it can be a popular game that is distributed through "left" directories mobile applications... At first glance, this is an ordinary game, but with the function of wiretapping and recording conversations. Very comfortably. The user with his own hands allows the program to go online, where it sends files with recorded conversations.

Alternatively, malicious application functionality can be added as an update.

7. Fake base station

The fake base station has a stronger signal than the real BS. Due to this, it intercepts the traffic of subscribers and allows you to manipulate data on the phone. It is known that fake base stations are widely used by law enforcement agencies abroad.

In the United States, a fake BS model called StingRay is popular.

And not only law enforcement agencies use such devices. For example, merchants in China often use fake BSs to send mass spam to mobile phones within a radius of hundreds of meters. In general, in China, the production of "fake honeycombs" is put on stream, so in local stores it is not a problem to find a similar device, assembled literally on the knee.

8. Hacking a femtocell

Recently, some companies have been using femtocells - low-power miniature cellular stations that intercept traffic from mobile phones that are in range. Such a femtocell allows you to record calls from all employees of the company before redirecting calls to the base station. cellular operators.

Accordingly, to wiretap a subscriber, you need to install your own femtocell or hack the operator's original femtocell.

9. Mobile complex for remote wiretapping

V this case the radio antenna is installed not far from the subscriber (works at a distance of up to 500 meters). A directional antenna connected to a computer intercepts all the phone signals, and at the end of the work it is simply taken away.

Unlike a fake femtocell or a Trojan, an attacker does not need to worry about penetrating the site and installing the femtocell, and then removing it (or removing the Trojan without leaving any traces of hacking).

The capabilities of modern PCs are enough to record a GSM signal on a large number frequencies, and then break the encryption using rainbow tables (here is a description of the technique from the renowned expert in this field Karsten Noll).

If you voluntarily carry a universal bug with you, you automatically collect an extensive dossier on yourself. The only question is who will need this dossier. But if necessary, he can get it without much difficulty.

Ecology of cognition. How can one wiretap conversations on mobile phones, is it possible to defend against such attacks and how can a subscriber determine that his phone is being tapped? In light of the latest spy scandals, these issues are again on the agenda. AIN.UA asked Ukrainian mobile operators tell you what to do in such cases.

How can one wiretap conversations on mobile phones, is it possible to defend against such attacks and how can a subscriber determine that his phone is being tapped? In light of the latter spy scandals these issues are again on the agenda. AIN.UA asked Ukrainian mobile operators to tell what to do in such cases.

Surprisingly, many market participants were unable to answer such questions - we received a full answer only from MTS Ukraine. Life :) did not respond to the request at all, but Kyivstar said that the operator is not an expert in such matters, therefore they advised to seek comments from representatives of state services. In addition to MTS responses, we used information about wiretapping from open sources.

How carriers protect their networks

GSM technology was initially developed and implemented taking into account the requirements of state authorities for the level of security. To maintain this security, most countries in the world prohibit the use and sale of powerful encryptors, scramblers, crypto equipment, as well as highly secure public communication technologies. The telecom operators themselves protect their radio channels by encryption, using quite complex algorithms for this. The choice of the cryptoalgorithm is carried out at the stage of establishing a connection between the subscriber and the base station. As for the likelihood of a subscriber's information leakage from the operators' equipment, MTS claims that it is reduced to zero due to the complexity and controllability of access to facilities and equipment.

How can you "listen" to phones

There are two methods of listening to subscribers - active and passive. Passive listening to the subscriber will require the use of expensive equipment and specially trained personnel. Now on the "gray" market, you can buy complexes with which you can listen to subscribers within a radius of 500 meters, their cost starts from several hundred thousand euros. They look like the picture on the right. On the Internet, you can easily find a description of such systems and how they work.

Manufacturers of such equipment claim that the system allows tracking GSM conversations in real time, based on access to the facility's SIM card or the mobile operator's database. If there is no such access, then conversations can be listened to with a delay, depending on the level of encryption used by the operator. The system can also be part of a mobile complex for tracking and listening to moving objects.

The second method of eavesdropping is active on-air interference with control and authentication protocols using special mobile complexes. Such equipment, despite its apparent simplicity (in fact, it is a pair of modified phones and a computer), can cost from several tens to hundreds of thousands of dollars. Working with such complexes requires highly qualified service personnel in the field of communications.

The principle of operation of such an attack is as follows: the mobile complex, due to its closer location to the subscriber (up to 500 m), "intercepts" signals to establish a connection and transfer data, replacing the nearest base station. In fact, the complex becomes an "intermediary" between the subscriber and the base station with all the ensuing security problems.

Having “caught” a subscriber in this way, this mobile complex can perform any function to control the subscriber's connection, including linking it to any number the attackers need, setting a “weak” encryption algorithm or completely canceling encryption for this communication session, and much more.

An example of such listening is the events of the beginning of this year in the center of Kiev. During the mass protests against the Yanukovych regime, the crowd seized a car with SBU officers, from which they "listened" to the radio frequencies and telephones of the protesters. What such equipment looks like is clearly visible in the picture.

There is also a third opportunity for listening to conversations and intercepting traffic mobile subscriber... To do this, you need to install virus software on the victim's smartphone. When installing malicious software, attackers can "independently" choose or cancel the encryption algorithm altogether, unauthorized transfer (or destroy) confidential information subscriber and much more.

How to determine if a phone is being tapped

As AIN.UA was told in "MTS Ukraine", to directly determine whether wiretapping in this moment telephone is impossible, but it is possible to obtain indirect confirmation of some probability of this. Many models of old push-button telephones they even displayed a special icon (closed or open lock), which demonstrated whether conversation encryption was being used at the moment or not.

This function is not provided in modern phones. However, there are special applications for smartphones that can inform the user about the configuration of the settings of the current communication session, including whether his speech is transmitted openly or using an encryption algorithm. Here is some of them:

EAGLE Security

A powerful program to protect phones from eavesdropping. It allows you to prevent connection to a fake base station by checking the base station signatures and IDs. In addition, it monitors the location of stations, and if some base station moves around the city, or periodically disappears from its place, it is marked as suspicious and the program notifies the user about it. With the help of the program, you can also get a complete list of applications that have access to the phone's microphone and video camera, as well as prevent unwanted software from accessing the camera.

Darshak

The program helps to track any suspicious activity cellular network, including SMS, which are sent without the user's knowledge. The program also evaluates the security of the network in real time, shows which algorithms are used to encrypt the conversation, and much more.

Android IMSI-Catcher Detector

One more software package, which allows you to protect your smartphone from connecting to false base stations. True, it has a small drawback - the application is not available in Google play and you will have to tinker a little with its installation.

CatcherCatcher

CatcherCatcher, like Android IMSI-Catcher Detector, allows you to distinguish a real base station from a false one.

In addition, MTS recommends using applications for security, including for encrypting conversations. For example, Orbot or Orweb are among the anonymous web browsers. There are also applications for encrypting phone conversations, photos, and many secure messengers. published

Join us at

Many of the methods below are legitimate. But not all.

As a rule, if you are not doing anything illegal or are not under suspicion, then you will not be tapped. But this does not negate the chance of wiretapping by business competitors, criminals and other ill-wishers.

Just know all this information and sleep well.

SORM

The system of operational-search measures is an official, state, total wiretapping. In the Russian Federation, all telecom operators are required to install SORM on their PBXs and provide law enforcement agencies with access to user conversations and correspondence.

If the operator does not have SORM, he will not be issued a license. If he disables SORM, the license will be canceled. By the way, the same system operates not only in neighboring Kazakhstan and Ukraine, but also in the USA, Great Britain and many other countries.

The installation of SORM is determined by the Law "On Communications", by order of the Ministry of Communications No. 2339 dated August 9, 2000, order of the Ministry information technologies and communications of the Russian Federation of January 16, 2008 N 6 "On the approval of the Requirements for telecommunication networks for operational search activities", as well as a dozen other regulatory documents.

SORM includes:

• Hardware and software part, which is installed by the telecom operator;
• A remote control point that is hosted by law enforcement agencies;
• Data transmission channels, the operation of which is provided by the provider to establish communication with the remote control point.

SORM is usually divided into three generations:

Operators of the Russian Federation mainly use SORM 2. But in practice, 70% of companies have the system either does not work at all, or works with violations.

First of all, it is expensive to install SORM (and the operator must do this for his own money according to an individual plan approved by the local FSB department). It is easier for most operators to pay a fine of about 30 thousand rubles in accordance with Part 3 of Article 14.1 of the Administrative Offenses Code of the Russian Federation.

In addition, the operator's SORM may conflict with the FSB complexes. And because of this, it is technically impossible to record user traffic.

Operators do not control how the secret services use SORM. Accordingly, they cannot prohibit listening to your specific number.

However, for wiretapping, the special services formally need a court decision. In 2016, courts of general jurisdiction issued 893.1 thousand such permits to law enforcement agencies. In 2017, their number decreased, but not significantly.

However, it doesn't cost law enforcement officers anything to include someone's number in a wiretap kit as potentially suspicious. And cite an operational need.

In addition, the SORM security level is often low. So, there remains an opportunity for unauthorized connection - unnoticed by the operator, subscriber and special services.

The operators themselves can also view the history of calls, messages, smartphone movements across base stations.

Signal network SS7 (SS-7)

SS7, OKS-7, or signaling system # 7 is a set of signaling protocols that are used to configure PSTN and PLMN telephone exchanges around the world. Protocols use digital and analog channels to transmit control information.

Vulnerabilities in SS7 are found regularly. This allows hackers to connect to the operator's network and eavesdrop on your phone. Generally speaking, SS7 practically did not have security systems built in - it was initially believed that it was protected by default.

Typically, hackers infiltrate the SS7 network and send a Send Routing Info For SM (SRI4SM) service message over its channels. As a parameter of the message, it specifies the wiretap number. In reply home network subscriber sends the IMSI (International Subscriber Identity) and the address of the MSC, which in currently serves the subscriber.

After that, the hacker sends another message - Insert Subscriber Data (ISD). This allows him to penetrate the database and upload his address there instead of the subscriber's billing address.

When a subscriber makes a call, the switch refers to the hacker's address. As a result, a conference call is made with the participation of a third party (an attacker) who can listen and record everything.

You can connect to SS7 anywhere. So Russian number may well break from India, China, but at least from distant hot Africa. By the way, SS7 allows you to use USSD requests to intercept SMS or transfer the balance.

In general, SS7 is the "mother of all holes" and the most vulnerable spot mobile system... It is now used not only for wiretapping, but also for bypassing two-factor authentication. In other words, to access your bank accounts and other secured profiles.

Trojan Applications

This is just the simplest and most common way. It is much easier to install the application while the "half" is in the shower, or use social engineering methods to force you to follow the link, than to negotiate with the operatives and the FSB.

Applications allow you not only to record conversations on your mobile or read SMS. They can activate the microphone and camera to covertly listen and film everything that happens around.

The most popular Trojan of this kind is FinFisher. In 2008-2011, it was installed on the iPhone through a hole in iTunes, which for some reason Apple did not close. Brian Krebbs wrote about the vulnerability back in 2008, but everyone pretended it wasn't there.

In 2011, the Egyptian government used FinFisher during the Arab Spring. Moreover, it acquired official version for 287 thousand euros. Shortly thereafter, WikiLeaks showed on video how FinFisher, FinSpy and other Gamma Group developments collect user data. And only after that Apple was forced to close the hole.

How can you be persuaded to install a spy for wiretapping? This can be an update of a popular game from the "left" catalog, an application with discounts, a fake for a system update.

By the way, law enforcement agencies also use spy apps - for example, when they cannot go the official way and obtain court permission. Trojans for 0day vulnerabilities in Android and iOS are a multimillion-dollar market, products based on it are in demand in many countries of the world.

Remote wiretapping

There are three options here - a mobile complex, a femtocell, or a fake base station. All of them are not cheap, so an ordinary user will not be listened to like that. But still, we will tell you how it works.

The mobile complex is installed at a distance of up to 300-500 m from the listening smartphone. A directional antenna intercepts all signals, the computer stores and decodes them using rainbow tables or other technologies. When the wiretapping is over, the complex simply leaves.

The fake base station (IMSI interceptor) has a stronger signal than the real one. The smartphone sees that such a station will give best quality connection, and automatically connects to it. The station intercepts all data. The size of the station is slightly larger than a laptop. It costs from $ 600 (handicraft) to $ 1500-2000 (industrial versions).

By the way, fake stations are often used to send spam. In China, such devices are assembled by craftsmen and sold to companies that want to attract buyers. Often, counterfeit BSs are used in areas of hostilities to misinform the military or the population.

Femtocell is a smaller device. It is not as powerful as a full-fledged communication station, but it performs the same functions. Femtocells are usually installed by companies to listen to the traffic of their employees and partners. The data is intercepted before it is sent to the base stations of cellular operators. But the same femtocell can be installed for spot wiretapping.