NSA spying: What's the best phone encryption & IMEI random numbergenerator?

Discussion in 'Wireless Internet' started by Misha, Sep 7, 2013.

  1. Misha

    Misha Guest

    With all the NSA mass data collection on us going on, is there a
    way for we Americans to encrypt our phone calls and to randomly
    change our IMEI numbers with each phone call?

    It's not illegal, I already know that, at least not in the USA
    - NOTE: In Britain, I think it's illegal to change your IMEI but
    not in the USA. In France, I think it's illegal to use encryption,
    but not in the USA.

    So, this is only a USA question:

    Q: Is it possible for us to encrypt our (smartphone Android)
    phone calls (I have a Galaxy SIII with 4.1.2) and to randomly
    change our IMEI numbers?

    NOTE: No individual can hide from a state-sponsored adversary should
    that adversary AIM for them; however, I'm not worried about them
    aiming specifically at me as much as my duty as an American citizen
    to protect what little privacy we have left (which is what this
    country stands for).
     
    Misha, Sep 7, 2013
    #1
    1. Advertisements

  2. I should know better than to answer such a question.
    <
    I haven't tried it, nor do I plan to. The problem is that your cell
    phone account is tied to the IMEI/ESN number. You can change it, but
    in order to make a phone call, you'll need to inform your service
    provider. That pairs the new IMEI with your previous phone number,
    which is easily traceable. Unless you're dealing in stolen phones,
    juggling IMEI/ESN numbers on your own phone is a waste of time.
    It may not be illegal (I don't know for sure), but it will certainly
    bring down the wrath of the cellular provider if you get caught. I
    almost had that problem. I've been buying and selling used cell
    phones for many years. In order to test the phones, I just change the
    IMEI/ESN number on the VZW web page or just do the *228 thing. After
    testing the phone, I would put the account back to my original phone.
    One day, I did about 15 phones in succession when I got an SMS message
    to call VZW. I was transferred to security, who wanted to know what
    the [expletive] I was doing. I played dumb and he eventually went
    away.
    Not randomly. You need to make sure it's still the number for the
    same type of phone. You don't want to accidentally register a phone
    that doesn't have data or you may find yourself without data service.
    Also, with 7 billion phones and who knows how many devices out there,
    there's a fair chance you're going to either hit a phone in use or a
    stolen phone. You might want to check the IMEI/ESN first.
    That's right. Errr... Far Right.
    So much for the science fiction. Now, let's do it the right way...

    I don't think you're going to be able to do much inside the phone. You
    could probably write an Android SIP client with built in encryption
    and use the phone data only. That can get expensive but is probably
    secure.
    <http://www.cellcrypt.com>
    <http://cryptophoneaustralia.com/background/cryptophone-technology/>
    <http://en.wikipedia.org/wiki/Crypto_phone>

    A slightly more sane method is to use a handset with built in audio
    encryption. That scrambles just the audio, and will work over
    land-line, VoIP, Skype, as well as cellular. You can probably roll
    your own with a PIC that has an A/D and D/A inside.
    <http://blog.modernmechanix.com/wiretap-proof-telephone/>
    Well, maybe something smaller:
    <http://www.pimall.com/nais/cellphonevoicekeeper.html>

    Good luck and please don't ask me for bail money.
     
    Jeff Liebermann, Sep 8, 2013
    #2
    1. Advertisements

  3. Misha

    miso Guest

    Voice codecs are (gasp) designed to work with voice. When you try to put
    anything other than voice through them, all bets are off. So playing
    with the analog audio doesn't work well over a codec.

    Analog encryption methods don't work so well even on a POTS or NFM link.
    Schemes like frequency inversion for example. Some words shoot right
    through inversion since your ear/brain locks on the cadence. Rolling
    code inversion is a bit better, but really, you need to go digital for
    encryption.

    I've been looking at what the feds buy for their secure SIP. You can
    trawl fbo.gov and look for yourself. Here is one example: But it seems to me you are going to need to manage certs. It would be
    tough to call anyone at random and be encrypted.

    If you have been to the NSA museum, they have an old analog encryption
    system that consisted of LPs and fancy turntables. Presumably each site
    had the same LP. I don't know how they phased locked the system, but it
    was a Bell Labs project, so they could have synced through the telco
    system on another line.

    Basically if your "locals" are identical, you can mod/demod anything
    with a mixer. People have done this using broadcast signals as the
    modulation source, i.e. the audio from broadcast, not the RF itself. Of
    course you both have to be able to receive the same radio or TV station.

    The Mumbai attack was coordinated with Blackberry BBM. Secure enough to
    confuse India. Incidentally BBM should be cross platform shortly. The
    apps for non-Blackberry devices have been submitted to the app stores.
     
    miso, Sep 9, 2013
    #3
  4. Misha

    Dale Guest

    The IMEI is meaningless to the cell phone provider.

    It's like a NIC address. Just a bunch of numbers to id a device, but
    any other set of numbers work as well.

    Changing the IMEI will scramble the metadata for someone like you
    or me, but I doubt the added obscurity will confuse the NSA by much.

    Then again, they never caught Tsarnav due to a spelling quirk in
    their do-not-fly lists, so, it might be worth the try.
     
    Dale, Sep 9, 2013
    #4
  5. Misha

    Misha Guest

    Hey there Jeff,
    I know you're famous on a.i.w, so I respect your response.

    I never understood WHY people say that the IMEI number matters to the
    telco. I put different SIM cards in my phone all the time, and thereby
    use either T-Mobile or AT&T and I haven't explicitly registered the
    cell phone with either company.

    So, how exactly is an IMEI "tied" to the phone company? I never understood
    that.

    The SIM card *is* tied to the company - but in my experience, it works
    in any (unlocked) phone of any IMEI.

    So, that's why I never understood when people say you can't change
    your IMEI. You "effectively" change your IMEI every time you put your
    SIM card in another phone (which happens all the time).

    Can you explain?
     
    Misha, Sep 9, 2013
    #5
  6. Misha

    Misha Guest

    Hi Jeff,

    Again, I don't understand any of these statements for the same reason
    as before - yet I highly respect your opinion. That's why I'm confused.

    The only thing the telco cares about is the SIM card.

    They don't care what phone you put it in. So, for example, if I borrowed
    your phone, and put my SIM card in it, then I'd have the same service
    as if I had that same SIM card in my cell phone.

    The IMEI number was immaterial to the phone company (yes, I know it's
    transmitted to them - but it's meaningless to them from the standpoint
    of my service). [Yes, I know about the AT&T policy of smartphones having
    to have a data plan - that's a *policy* issue that only clouds the issue
    so let's ignore that unless it actually matters, bearing in mind that
    T-Mobile doesn't have that problem so it's not a technical issue.]

    And, the argument that you have to have a "similar" IMEI number was used
    for MAC address changing also - but it's really statistically a weak
    argument. I doubt it would ever matter *what* IMEI number you used, since
    the chance of actually colliding with another duplicate IMEI is
    vanishingly small. Let's say I'd have a better chance of winning the
    lottery, so, IMEI collisions are a tiny issue that can easily be averted
    but since the chances are so slim, they're not even worth the effort.

    And, while my argument has nothing to do with stolen phones, it's my
    understanding that in the USA, there is no stolen phone list. Certainly
    I've had *my* phone stolen (well, ok, I left it on a cafe table and it
    was gone when I returned) - and the telcos did absolutely NOTHING about
    it except replace my SIM card. So I don't think, in the USA, matching
    an IMEI of a stolen phone is also something to worry about.

    The thing that confuses me is that the IMEI is nearly meaningless from
    the standpoint of the contract between the owner and his telco. I, for
    one, have a SIM card from T-Moblie, and they just shipped me that SIM
    card. That's it. I never gave them *any* IMEI, and I used that SIM card
    in multiple phones. They never cared.

    The *only* effect, it seems to me, of randomizing the IMEI, is to keep
    the NSA off base, in that their meta data will be off by a tiny amount.
    Of course, if they were DIRECTLY observing me (which I hope they're not,
    then that slight inconsistency would be meaningless); but if they're
    on a fishing expedition, if EVERYONE changed their IMEI daily, it would
    benefit us all, by adding just one more level of privacy to our daily
    intrusions.

    phones
     
    Misha, Sep 9, 2013
    #6
  7. Misha

    Misha Guest

    Just to reiterate, one of my cellular providers (T-Mobile) doesn't give
    one whit about the IMEI and doesn't make any statements in the contract
    regarding what phone I use.

    The other (AT&T) does care, if only to gouge me for a data plan (which
    I never wanted and never needed).

    But certainly it's not illegal (in the US) to change your IMEI number
    daily. So I watched that you-tube you referenced with interest.

    Unfortunately, I'm on Android, so, I need to see if it can be transposed.
     
    Misha, Sep 9, 2013
    #7
  8. Misha

    Misha Guest

    This looks like what he did on his Android phone (with an iOS theme).

    0. *#06# (reveals the old IMEI as 123456789012345 / 10)
    1. root the device
    2. install terminal emulation
    3. start terminal application
    4. su (switch to the super user)
    5. echo 'AT+EGMR=1,7,"546765676567656"' > /dev/pttycmd1
    6. reboot
    7. *#06# (reveals the new IMEI as 546765676567656 / 10)

    Seems simple enough. Thanks.
     
    Misha, Sep 9, 2013
    #8
  9. The GSM providers (AT&T and T-Mobile) use SIM cards for identifying
    the owner and the account, but not the phone. The CDMA providers
    (Sprint and Verizon) do not use SIM cards. Instead, they use the
    MEID/IMSI/IMEI/ESN numbers. When you activate a phone on Verizon,
    it's by those numbers:
    <http://www.verizonwireless.com/b2c/nso/enterDeviceId.do>
    On a smart phone, dial *#06# to display the number(s). What the IMEI
    number does for the vendor is identify the phone and it's
    capabilities.

    More later. Really busy tonite.
     
    Jeff Liebermann, Sep 9, 2013
    #9
  10. The external audio scrambler was obviously for voice only. I forgot
    to mention that it doesn't work well with data, fax, or analog modems.
    Really? Remind me to intoduce you to the local commerical fishermen,
    all of whom use voice scramblers of one form or other. It works just
    fine over VHF marine radio. Not so well over the new narrow band FM
    radios. Most popular technology seems to be rolling code inversion.
    For example:
    They do go digital. Inversion is too easy to decode. Any computer
    that can simulate a multipler, tone oscillator, and low pass filter,
    can demodulate speech inversion. If you look at the spectra on an
    analyzer, you'll see a "hole" or dip at the inversion frequency. The
    inversion frequency will hop around, but I'm told a DSP can mostly
    follow it. Extra credit for speech inverters with carrier leakage at
    the inversion frequency.
    The latest for long range is a GPSDO (GPS diciplined oscillator). As
    long as the pseudo random codes are time synced, everything sounds
    quite clear.
    RIM/Blackberry is losing customers to Apple and Android devices and is
    finally opening up their network to competative devices.

    Oops. Gotta run.
     
    Jeff Liebermann, Sep 9, 2013
    #10
  11. Misha

    miso Guest

    I can tell you for UMA, they need the IMEI. I bought an unlocked phone
    and could not UMA until T-mob had the IMEI.

    The phone call itself uses the IMSI, TMSI, and sometimes P-TMSI. I'm not
    sure it used the IMEI. The system works hard not to put on the IMEI.
    That is what the TMEI is for.

    Depending on my much you know about your phone, you can get these
    numbers. My TMSI and P-TMSI are 8 hex digits.

    Looking at my IMSI, the first 6 digits are obvious: I can read out just about any number my phone uses. I can also read the
    simcard. However, putting this stuff out on the internet..well...
     
    miso, Sep 9, 2013
    #11
  12. Misha

    miso Guest

    The Serbs used these speaker-mics during the war. Really terrible.
    Easily defeated by any intelligence agency. If Somalia had a NSA, they
    could defeat the system. Like I said, rolling code works. But that is NOT a simple inversion
    scheme. Rather, the change the code in a psuedo random manner. MXComm
    used to make those chips. [I'd have to see if they are still in business.]

    In the 80s, I was doing modem chips. We had plenty of voice band mixers
    handy and tried simple frequency inversion. Some words shoot right
    through. Cadillac for instance. You could even tell the difference
    between go and no. The CADOJ used to use these frequency inverters, but
    there are computer programs to decode them with sound cards. There are
    555 plus op amp circuits to do simple inversion decoding.

    The GPSDO is just an accurate time base. I have a Starloc. You are
    probably thinking of something else.
     
    miso, Sep 9, 2013
    #12
  13. Misha

    dold Guest

    I recall Jeff saying something like:
    Verizon/Sprint/USCelluar CDMA phones don't have SIMs.
     
    dold, Sep 9, 2013
    #13
  14. Misha

    Misha Guest

    Hi Jeff,
    Ah. I knew you knew what you were talking about, since I know you.
    So I'm glad you clarified. I never think about Verizon, since I'm
    a GSM person nowadays. So what you're saying is that, for CDMA
    telcos, they *need* the IMEI to verify the account.

    But, for GSM telco's, the IMEI is a (nearly) meaningless number
    from the standpoint (only) of identifying the account.

    The IMEI, as you noted, is certainly a predictor of the telephone
    capabilities though - but that's not the reason for my concerns so
    I won't worry about data plans and software upgrades.

    My Android phone isn't rooted (and I'm not really sure what that
    even means) so, my first order of business is to figure out how
    to ROOT the Android phone. Then I can worry about installing
    the terminal emulator. And then I can change the IMEI.

    On T-Mobile GSM, do you predict any negative repercussions from daily
    changing the IMEI number (assuming I generate a valid IMEI number)?
     
    Misha, Sep 9, 2013
    #14
  15. Misha

    Misha Guest

    I had to look up what "UMA" is:
    http://www.mobileburn.com/definition.jsp?term=UMA

    Is this summary correct?
    UMA stands for 'unlicensed mobile access', which,
    as far as I can tell, simply means the phone can
    switch from WiFi (or Bluetooth) to GSM (or CDMA)
    and back, while making phone calls.

    Since I have T-Mobile, the IMEI might matter because
    T-Mobile has to, somehow, "enable" my phone to switch
    between WiFi/Bluetooth and GSM.

    But, that's a second-order issue. I'll first see if I
    can change my IMEI number by the suggested method.

    Once I change it, I can tell if there are any unexpected
    side effects.
     
    Misha, Sep 9, 2013
    #15
  16. Misha

    Misha Guest

    I wouldn't doubt that the NSA has *every* nntp poster identified; and,
    if they cared, they can correlate each of our posts to our cellphones
    (and other identifying metadata) at the click of a button.

    Luckily, the keyword for 99.99% of us is "if they cared", as if they did,
    we'd be dead as OBL.
     
    Misha, Sep 9, 2013
    #16
  17. Misha

    Misha Guest

    Hi Jeff,
    Just curious. Why would the Santa Cruz fishermen need to scramble
    their voices?
     
    Misha, Sep 9, 2013
    #17
  18. Misha

    Misha Guest

    I'm curious what software? I used Daisy loooooooong ago. Very long ago.
    Then I got out of the business of designing chips.
     
    Misha, Sep 9, 2013
    #18
  19. Misha

    Misha Guest

    Thanks. Since I'm GSM, I wholly missed the part about CDMA needing the
    IMEI number. Reading his story of how he got in trouble with them, I
    couldn't fathom how T-Mobile would have a similar problem.

    Now I realize that, for CDMA, the IMEI might matter a lot.

    Luckily, I'm on GSM; so the IMEI is (apparently) nearly meaningless from
    the standpoint of the carrier figuring out whether or not to supply
    service to me.

    They get all that from the SIM card information, not from the IMEI.
    Which leaves me to change the IMEI at will.

    Of course, now that I realize all this, changing the IMEI might not give
    me the obscurity from the NSA that I desire, simply because the SIM card
    will just as easily uniquely identify me.

    Sigh. (as I slam my tinfoil hat down on the ground)
     
    Misha, Sep 9, 2013
    #19
  20. Misha

    miso Guest

    I used the Daisy back in the day. What was it we did? Sing, drink,
    dance? I've also run the old Calma GDS1 with the storage screen, but
    never the digitizer. Also the old Aplicon that used the gestures way
    before people talked about gestures.
     
    miso, Sep 9, 2013
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.