SprintPCS security?

Archived from groups: alt.cellular.sprintpcs (More info?)

Greetings all,

I'm a recent convert from (Verizon|Cingular|T-Mobile|Nextel|Back To
T-Mobile) to SprintPCS.

I'm mildly concerned about the possibility of eavesdropping of calls
over the air. I seem to recall (when I was using Verizon, about three or
four years ago) that there was some sort of in-call encryption option
that could encrypt one's conversations to reduce eavesdropping. I don't
seem to recall that Verizon ever supported it in my area, but it was an
option on the phone.

Does Sprint offer any sort of privacy-enhancing service such as this, or
is one limited to the frequency-hopping benefits of CDMA?

I have no reason to suspect that anyone would be monitoring my calls,
but in today's society it is wise to be prudent.

Cheers!

--
Pete Stephenson
HeyPete.com
4 answers Last reply
More about sprintpcs security
  1. Archived from groups: alt.cellular.sprintpcs (More info?)

    Since your phone emissions look like broadband noise it's difficult for
    anyone
    to tell which, among the different phone conversations occuring to the
    cell sector,
    is your conversation. It's just a bunch of broadband noise all jumbled
    up together.

    It'd be much more feasible for someone to put a tiny "bug" on your
    phone,
    or to bribe someone who has access to the landline side of the SPCS
    infrastructure
    to tap your call.
  2. Archived from groups: alt.cellular.sprintpcs (More info?)

    On Sun, 05 Dec 2004 23:44:53 -0800, Pete Stephenson wrote:

    > Greetings all,
    >
    > I'm a recent convert from (Verizon|Cingular|T-Mobile|Nextel|Back To
    > T-Mobile) to SprintPCS.
    >
    > I'm mildly concerned about the possibility of eavesdropping of calls
    > over the air. I seem to recall (when I was using Verizon, about three or
    > four years ago) that there was some sort of in-call encryption option
    > that could encrypt one's conversations to reduce eavesdropping. I don't
    > seem to recall that Verizon ever supported it in my area, but it was an
    > option on the phone.
    >
    > Does Sprint offer any sort of privacy-enhancing service such as this, or
    > is one limited to the frequency-hopping benefits of CDMA?
    >
    > I have no reason to suspect that anyone would be monitoring my calls,
    > but in today's society it is wise to be prudent.
    >
    > Cheers!

    Calls in cdma are not encrypted but the design of cdma makes it near
    impossible to eavesdrop on. The voice channels between the tower and the
    phone are keyed with three things which are a code, your esn, and the
    current time. For someone to recreate the call they would have to sniff
    all cdma traffic on the paging channel to figure out the code given to
    your phone and then maybe figure out the difference, exactly, between the
    phone's internal clock and the tower's clock which initializes the phone's
    clock at power on, following this then figure out what the phone's esn is
    which never gets sent out over the air. To do all this requires some very
    expensive/flexible radio equipment and then requires you to brute
    force a 11digit number. There are some possibilities of attacks on the
    cdma protocol, or ways to switch the phone to analog mode remotely
    but such options require you to transmit with enough power to override the
    tower and again very complex radio equipment.

    So if someone wants to eavesdrop on your call and the data is so valuable
    or incriminating for them to try. Then it would be quicker(and cheaper) to
    physically break into the tower/repeating station or directly tap the
    lines at your cdma provider.
  3. Archived from groups: alt.cellular.sprintpcs (More info?)

    Pete Stephenson wrote:

    > Does Sprint offer any sort of privacy-enhancing service such as this, or
    > is one limited to the frequency-hopping benefits of CDMA?

    Actually, Sprint is using probably one of the more secure interfaces,
    even though there's no overt encryption layer beyond the CDMA air
    interface itself.

    One important thing to note is that the flavor of CDMA being implemented
    by Sprint isn't frequency hopping. Instead, portions of the speech in
    the conversation are broken up into discrete chunks and simultaneously
    broadcast or a wide spectrum across the carrier's frequency band. If you
    hit across one portion, it's not enough to decipher what is being said,
    and likewise, if you jam one portion of the conversation, the vast
    majority of the conversation will still be intelligible to the parties
    who legitimately should be hearing it (you and whoever you're speaking
    to). What portions are broadcast where (known as the "code mask") change
    from one call to the next and are based on psuedorandom keys which are
    never broadcast over the air.

    Steven Den Beste's CDMA FAQ ( http://tinyurl.com/4yhg8 ) explains it better:

    "When you speak into your CDMA phone, your voice is digitized and
    compressed into 50 digital packets per second. These are then spread,
    interleaved, passed through a Viterbi forward-error-correction encoder,
    scrambled using the Walsh code for the channel you've been assigned,
    scrambled again with the short code, possibly encrypted, scrambled yet
    again with a modified version of the long code and then transmitted in
    quadrature with spread spectrum. The creepy voyeur with his FM scanner
    can't even pick up spread spectrum, and if he had the right receiver it
    would just sound like a very high frequency hiss (well beyond the range
    of human hearing) bearing no resemblance whatever to your voice."


    So, to eavesdrop successfully on a call, you would need to know:

    1. The phones' ESN, MDN and MSID combinations.

    2. The authentication key being used (also a pseudorandom number that
    changes from call to call)

    3. The shadow mask values (Walsh code, long code and Short code)

    4. You would have to correctly guess at what modulo of #3 and #4 the
    phone is currently using or will use next.

    If you don't have all of these elements, then all you hear is white
    noise, if that.

    And if you want to hazard a guess at the iterations of walsh, short and
    long code in use at the time the call is initiated, it's the worst
    lottery ever: the Walsh code can be any of 64^64 values (the actual
    number is 116 digits long), the short code can be any of 32,768 values
    and repeats every 26 1/3 milliseconds, and the long code (are you ready
    for this?) is comprised of 1,099,511,627,776 values and repeats once
    every 41.4 *days*.

    And all of that is BEFORE any overt encryption is added to the mix.
    Needless to say, Sprint has yet to find a reason to justify the use of
    any additional encryption layers.

    > I have no reason to suspect that anyone would be monitoring my calls,
    > but in today's society it is wise to be prudent.

    To again paraphrase Steve: If there is someone out there with the desire
    and means to successfully eavesdrop on your CDMA calls over the air,
    then you have way more important things to worry about than just this. :)

    --
    E-mail fudged to thwart spammers.
    Transpose the c's and a's in my e-mail address to reply.
  4. Archived from groups: alt.cellular.sprintpcs (More info?)

    In article <Pp%sd.2505$73.1936@fe62.usenetserver.com>,
    Isaiah Beard <sacredpoet@sacredpoet.com> wrote:

    > And all of that is BEFORE any overt encryption is added to the mix.
    > Needless to say, Sprint has yet to find a reason to justify the use
    > of any additional encryption layers.

    Ah, excellent. Muchos thanks.

    It's been quite some time since I've been on a CDMA network and I was a
    bit rusty. I did recall that my old Verizon Nokia had that option, but
    it was never possible to actually enable it.

    I was wondering (possibly hoping) that such a feature were enabled by
    default now. Indeed, it would seem to be unnecessary.

    > To again paraphrase Steve: If there is someone out there with the
    > desire and means to successfully eavesdrop on your CDMA calls over
    > the air, then you have way more important things to worry about than
    > just this. :)

    Quite so. That would be a good time to start running, no? ;)

    --
    Pete Stephenson
    HeyPete.com
Ask a new question

Read More

Sprint PCS Security Verizon Internet Service Providers