Mobile phone Surveillance: Who’s listening to your calls?

Wednesday, March 23, 2016

In the current digital world, espionage is much more common than we think. Revelations from Edward Snowden that the NSA hacked SIMs to spy on mobile conversations prove that physical proximity is no longer necessary for surveillance.

It is for this reason that mobile gadgets make ideal tools for surveillance. This is due to the many devices that tend to include microphones, cameras, GPS, WIFI or storage capacity. Hackers are easily able to keep watch on their victims by simply infecting a mobile phone or interfering with wireless communications - often without cutting-edge technology.

So while the benefits of increased online and mobile working are widely accepted - and these include ubiquitous access to information, flexibility and improved productivity - are companies aware of the risks and more importantly prepared to step up and manage them?

The thing about mobile surveillance is that it is usually a targeted attack, with the objectives of the surveillance preselected. Top executives and politicians for instance are often targeted because they manage strategic plans that have great economic impact. Attacks of this kind tend to include social engineering strategies and are very often associated with advanced persistent threats. The simple truth is that a mobile ecosystem requires a permeable security perimeter through which legitimate communications can flow. However, criminal organisations can make use of these channels to steal information or boycott the corporate infrastructure. The implementation of enterprise mobile strategies involves a higher degree of vulnerability, which can and should be efficiently managed. Let’s look at some of the techniques used in cellphone surveillance:

How is voice communication intercepted? There are a number of methods in which voice communication could be intercepted. These include:
  • Interception of public mobile networks: 2G networks are not a secure communication channel. Hackers can make use of inhibition devices (such as Jammer) to force a downgrade from 3G or 4G networks to 2G, in order to listen through specialised devices.

  • Man in the middle: ARP (Address Resolution Protocol) spoofing can allow an attacker to intercept data frames on a network, modify or stop all traffic. It is also possible to intercept the communications by means of rogue hotspots or antennas. SSLStrip can then force a victim's device into communicating with an adversary, replacing HTTPS protocols by plain-text over HTTP.

  • Risks in the Public Switched Telephone Network (PSTN): Communications are unencrypted – as in the case of voice and SMS text – while they go through the core operator infrastructure. Other risks are uncontrolled call forwarding and spoofing.

  • Malware installed on the device: Malware can intercept packages between the call application and the operating system, or even capture the voice directly accessing the microphone software controllers. What features should a secure call system fulfil? A secure call system works by making voice digitised, encrypted and transmitted in data packets through the mobile data network. The product should combine telephone and messaging protection, powered by security mechanisms and advanced point-to-point encryption technologies compatible with IP communication.

So what can companies and individuals to to secure calls? There are three main ways.
  • Secure the smartphone: There are two modalities of secure smartphones. Firstly, a device built from the ground up with specific hardware and a secured OS. Second, modality deals with popular devices that includes a pre-installed secured OS. In both cases secured OS’s consist of high-end mobile threat protection components, containerisation, encrypted storage, remote management and authentication system. These are usually the most expensive solutions and less flexible.

  • Secure add-ons: Physical components such as smartphone cases or SD memories, which address the voice encryption by means of an encryption processor included in the add-on itself. It wouldn’t matter if the device itself became infected since the information goes through the component encrypted.

  • Secure call apps: These apps allow users to make end-to-end encrypted phone calls from the most popular mobile OS’s. The user experience is similar to the pre-installed non-secure call application. Contacts and messages are encrypted and stored by the app itself.

What does an optimal solution look like? In a general corporate setting, hardware solutions can be difficult to deploy as they require a different smartphone model, a second smartphone or some kind of attached hardware. This may discourage users from making calls and may generate a fake sense of security in the security department. As a result, hardware solutions are not especially suitable for a general business. These solutions may be helpful for a limited group of senior managers or for the most security demanding environments such as the military, government, or companies that need the upmost protection level.

Edward Snowden brought to light the need to protect company communications, and to update security to the digital age - against malware, network attacks, exploits or any other type of attack that could impact businesses significantly. Secure call applications combined with an advanced threat protection are by far cheaper and more user friendly than a secure smartphone and can be managed through a mobile device management. Eliminating surveillance doesn’t have to be complex, and businesses need to bake security prevention into their company policy from the off.

*It may be of your interest:

Francisco Oteiza

Sinfonier Community and beyond!

Friday, March 18, 2016

When we show Sinfonier and I mention its benefits, people always do the simple same question: So, we can do anything with it? The simple answer is yes, if you know the sources you want to monitor, what you are looking for and if the necessary APIs are in place to use the existing modules offered by Sinfonier or to create the new modules you require.

This time, instead of showing a security example, I would like to propose in this technical community to monitor the sentiment in Twitter about and event that happened in December 1916 in Verdun in WWI where about 700.000 French and German soldiers died during a ten months battle.

To achieve this task I have followed the next steps:
  • ACCESS DATA: Twitter. I have created an account in this social media network which delivers real-time stream of semi-structured data (loosely formatted characters inside a field but with little structure within it). The information is delivered in a JSON format which is what I will need to process. For example, word to search in the tweets: Verdun.

  • PREPARE AND CLEANSE DATA: Filter. I just want to keep those tweets written in a specific language, in this case English. In the field “lang” belonging to each tweet, I search for those tweets written in “en”.

  • APPLY ADVANCED ANALYTICS: Now I add to my topology the module named “AlyClassApi” which sends the text, in English and mentioning the word Verdun, to a sentiment analysis cloud service called Aylien (after creating a free user account – 2000 queries per day) which will classify the text in the tweet according to some predefined categories.
  • As this module delivers a JSON array, I need to use the module called “EmitItemList” which will create simple JSONs for those elements present in the array (in this case the array is called categories).
  • Having simple JSONs, I use a second filter module in order keep those tweets that I presume they are mentioning the battle of Verdun, so I search for the categories having the words history, war and culture. The results are then analysed by a second Aylien sentiment module that simply categorises the filtered texts as “positive or negative” (another category that is not considered is the category called “neutral”).

  • OUTPUT RESULTS: The final tweets are sent to two MongoDBs (after creating a free user account) where I can finally read those tweets which have gone through all the steps. The final topology looks like the following diagram:

The logical results show that the battle of Verdun still suggests a negative sentiment and mainly those which have been categorised as positive, are those people who like to know about what happened during that time in the WWI.

If this example does not suit your needs, you can also try to find out if that brand you like, it is perceived positively or negatively (for example, those local popular chocolate drinks such as ColaCao in Spain, Poulain in France or Vanhouten in the Netherlands).
Or maybe to gain insights rapidly about what tourists think about your town/city recently visited, by simply changing the word to search in Twitter, using the word of your town/city and in the second filter to filter by tourism, culture and entertainment. This may assist some town/city councils to evaluate their activities promoting tourism.

Sebastian García de Saint-Léger

[New report] Demographic Analysis of Google Play

Thursday, March 17, 2016

Download the new report shows that Tacyt had dissected a total of 3,365,527 applications from the Google Play Store, of which only 2,438,864 remained available for download on the market.

The study conducted by ElevenPaths’ Analyst Team aims to study the population of developers and applications in the Google Play Store in early February 2016, to determine its size, structure, evolution and general characteristics from a quantitative point of view.

Tacyt has been used as a source of information. Tacyt is an innovative cyberintelligence tool that monitors, stores, analyses, correlates and classifies millions of mobile apps thanks to its big data technology, adding thousands of new applications every day.

Some details of the report:
  • According to the email address used by the developer in the Google Play Store (developerEmail), Tacyt has information on 678,328 different developers. About 44% of email addresses present in the Google Play Store belong to the "” domain.
  • Google requires developers to sign all their applications prior to being published in the Google Play Store. This certificate is used to identify the author of the application. The total number of different certificates found by Tacyt has been 805,731. Even though the vast majority of certificates found are associated with a single email address, there are exceptions. Even one certificate related to more tan ten thousand different email addresses has been found.
  • Sharing the same certificate among several developers is not a recommended best practice from a security standpoint, since it could compromise the apps’ update process or the information they handle. Of the 805,731 certificates (certificateFingerprint) known by Tacyt, 761,389 are associated with a single developer email address (developerEmail). The rest is used by two or more different developer email addresses to sign their applications.
  • Even though the use of digital certificates for the signing of software should identify the individual or entity behind the software in an unambiguous manner, this report shows through the use of numbers that Google Play facilitates the abuse of this concept and this might lead to situations where suchidentification becomes compromised.

» Download now the full report “Demographic Analysis of Google Play″

*You may also be interested on:

Further information