Mobile Communication Vulnerabilities and Some Solutions

The below is from a Steemit post of mine, about six monts ago. I think it describes mobile communication vulnerabilities and some of their solutions in significant detail

I’m guessing the big-dogs probably have a way to make private phone calls; so I’m wondering what kind of person I should ask about the successful methods. I mean, I could ask a PI, get to know a phone company technician and offer an honorarium (bribe) for good info, etc. I’ll bet some people still have privacy. How can I approach such people and ask the right questions?

A burner-phone is an obvious choice; but unless you want to throw these away after every phone call, I think a little more effort is required. An idea I came up with a few years ago is SIM-Swapping. Let’s say all-my-friends and I go out and buy a bunch of pre-paid SIM cards, that can be refilled with cash vouchers and then just swap them with each other? There is also software available for smartphones and there are purpose-built non-smartphones (the kinds with real buttons) that allow the user to manually or automatically set, on each reboot, the IMEI number. This may technically be illegal, in some jurisdictions, but these apps and phones exist; and since SIM cards became universally adopted, the theft of someone else’s minutes is no longer a possibility. This is now only an administrative-law issue, where it is prohibited; and the violators people who are willing to risk being prosecuted, to take-back their privacy. So, now that I have the two most common attack-vectors covered; what are the others? I’m guessing voice-recognition. I have been told openly by people who should know, that it is. So to cut the third tentacle off of this octopus, how do you defeat voice-recognition? How does voice recognition software work? What are its vulnerablilities?

After spending at least a year researching every lame technology I could find on ebay, amazon and every spy-shop I could find, I came to the conclusion that, the technology really didn’t exist, or knowledge of its existence was being strenuously suppressed. So, I decided to “punt” and came up with the following “untried” idea. What if I were to take a text-to-speech application like “Dragon-Naturally-Speaking” and write a shell-script that would take the resulting text file and reconvert it back-to-speech in real-time, deleting the original text file, in the process, using one of the pre-programmed “voices” available in the app? Would this sound real-enough to the monitoring software or human-operator to avoid triggering further scrutiny? I suspect I could get something like this running on a laptop; and it would probably be slow, at least in the alpha development phase. Now supposing I get this far, what else should I do?

There are two other attack vectors I can think of, location and contacts. All phones, smart and legacy can be located by cell-tower. Smart phones, additionally, explicitly provide location information to the network, based on GPS, unless this feature is manually turned off. So is there a way to force my phone, smart or legacy, to connect to a non-local cell tower? Of course, this will have to be within the maximum operating range of the phone itself, assuming no external signal amplification. Maybe, I can even create some kind of mixer, so that my signal gets mixed with all my friend’s signals (maybe the whole neighborhood’s) before going to the cell tower; and then groups of friends could collaborate with groups of friends, so a mixer is always near by? A confederation perhaps?

Ok, so lets say we have location licked, the last attack vector I can think of is my contact-list, the people I normally call. So, the determined hacker-spy-etc, is monitoring the phones of one-or-all of my contacts, waiting for me to call. Until my contact answers, I’ve beaten monitoring of my phone “number” by SIM-CARD swapping, monitoring of my “phone” by changing my IMEI, monitoring of my location, by turning-off GPS and by signal mixing before-the-tower, now my friend answers his phone. So, now I beat voice recognition, by changing my voice to sound like the cutest highschool cheerleader ever; and the knucklehead monitoring the call is falling-in-love with me… Now my contact and I need a way to disguise what we’re talking about, not so much to disguise the content of the call, but to disguise the identity of the caller (me). Now, we have to be Navajo-Code-Talkers, on top of everything else previously mentioned. The only other thing I can think off to add to this mix is end-to-end encryption, which probably can’t be relied on anymore because the government NOW has 2048qbit-quantum-computers from D-Wave-Systems of Canada, specifically the D2000.

https://www.dwavesys.com

Also see:

Now, let’s again suppose, that we’ve beaten all of the technical hurdles above, the final obstacle to overcome is “social-engineering.” Let’s face it MOST humans are sell-outs; and for a very “low” wage at that. Very often, the only motivations necessary are currying favor, with the authorities, or getting an advantage over a co-worker. The “Four-City-Survey” of Holocaust survivors in Germany after WWII, documented the motivations stated above as the MAIN reasons German nationals turned in their Jewish neighbors and co-workers to the Gestapo. I’ve read similar accounts of domestic servants turning-in their employers during the “Spanish Inquistion.” It’s the same in every age. My own “informal” statisics reveal that in excess of 50% of the population can be motivated this way. Actually, the percentage is much greater. This was confirmed to me, by a “professional.” The movie “Gangs-Of-New-York” had one of its characters state, "You can always hire one-half of the poor to murder the other half. This is a true statement. So the final and most important thing to do is make sure you surround yourself with good people; but this is extremely difficult to do, because truely moral people, who live in the agora, are in a very small minority. Most of the time we have to deal with “rats.”

And lastly, if you employ servants, pay them and screen them well; and always be-on-the-lookout for “tradecraft.” Get rid of these characters quickly.

1 Like

@jt7d36fd my question is … do they really need to use that quantum computer to brute force the encription ? i’m sure they have genious level people in their employ that tought of much elegant solutions …

This reminds me of the situation involving Jeff Bezos’s girlfriend’s brother. Paid off by a tabloid for $200k for data from a [presumably] insecure phone he [presumably] had physical access to, pfft.