Many people feel like their smartphones may feel like indispensable lifelines, connecting everyone everywhere in real-time, but can you trust it? I never did. As reliant as we are on these devices for everything from banking to personal communication, the GSM network, along with its successors from the 3G that emerged almost 20 years ago already, now 4 and 5G carries with it a number of critical flaws that hackers or (especially) governments can easily exploit using tools. Tools which I confirm being readily available on the dark web. We always knew about the flaws of GSM being left in place to facilitate eavesdropping. Now it’s not about just listening but using a phone to deceive or intercept information, and it’s easier than anyone thinks.
Here are some definitions. Regardless if it’s some Nokia or Ericsson brick or the newest Samsung Galaxy S30, mobile phone’s identity on the network are two crucial pieces of data: the IMSI and the IMEI.
>IMSI: (International Mobile Subscriber Identity)
This unique identifier ties a subscriber to your SIM card and mobile network, see this as the phone's IP, or a code allowing the network to recognize and authenticate the user. However, an attacker with the right tools can spoof an IMSI, essentially tricking the network into thinking they are someone else. This opens up the possibility of interception, call hijacking, or even location tracking.
>IMEI: (International Mobile Equipment Identity)
Similarly, the IMEI is a unique code that identifies your physical device. A bit like a MAC address. Just as with IMSI, software available on the dark web allows an attacker to spoof an IMEI, making it possible to assume the identity of another device, evade blacklists, or bypass security features designed to lock lost or stolen phones.
The creepy fact is that spoofing either of these identifiers isn’t theoretical; it’s shockingly easy if you manage to get the right software, although requires know-how since it’s mainly based on command line. It’s trivial to alter these identifiers and launch attacks on mobile networks. Hackers are out there exploiting these flaws, and most people don’t even realize how exposed they are.
SMS and roaming vulnerabilities with TPDUs
While many people assume that SMS is a secure form of communication, it’s actually a relic from a time when security was an afterthought. I mean I'm trying to resurrect an old pager for fun and sending ASCII codes via radio to it. The GSM standard is a bit like pagers, relies on something called Transfer Protocol Data Units (TPDU), which handle the sending and receiving of SMS messages and more. These messages pass through a series of vulnerable network components, each one a potential point of attack.
The handshake process, where the network authenticates a roaming phone, is particularly vulnerable. Hackers can intercept these signals during the handshake and manipulate them, giving them access to your phone. Once they have control over the TPDU, attackers can not only read SMS messages but also modify or send spoofed messages as if they were the legitimate user.
What’s worse is that this flaw isn’t limited to domestic attacks. When you roam, you’re more exposed because your phone relies on SS7 to communicate with foreign networks. This outdated protocol is widely known for its insecurities, allowing attackers to intercept calls, read messages, and even track a device’s location across the globe. For hackers who know how to exploit this, roaming opens up a world of potential targets.
Let’s imagine a theoretical scenario: Voice spoofing. As if the vulnerabilities in GSM and SMS systems weren’t enough, we’re now facing a new kind of threat: synthetic or altered voice attacks. Imagine a scenario where a hacker has spoofed your phone number using one of the techniques mentioned above. They then use some AI voice synthesis software to impersonate your voice or the voice of someone you know.
For example, a hacker could call your family or coworker, and using some AI-generated voice based on some samples, say something like: “Hey, it’s me. I’m in trouble and I need you to send me money. My phone is broken, so I can’t text. I'll pay you twice, you trust me bro” This type of scam is already becoming a reality with fake SMS which dumb people fall for. In fact, a friend of mine recently received a fake message that said, “Hi mom, my phone is broken, I need money.” It’s only a matter of time before these attacks become widespread. These attacks are common from Nigeria, Gabon, Mali etc. since it’s a common scam, now with the same number and a voice, I assure you 100 % of the people will fall for it if it's done right enoug.
With the ability to clone voices, fake phone numbers, and hijack SMS messages, you see where I'm going. It was not an issue a while ago but with machine learning being more and more accessible and these exploits at the fingertips of manipulative beings, it is about to happen, if not, already been used. Your phone is becoming a tool for sophisticated attackers to manipulate and deceive, and the terrifying part is that most people are completely unaware.
It’s hard to call these devices “smart.” Sure, smartphones are jack of all trades, GPS, media, gaming all that crap, but when it comes to security, they remain the same as dumb phones unless you use some enterprise's VPN or some VOIP services and messaging, a bit like those on Blackberry's BES, now there's similar solutions, even Whatsapp or Telegram. But no standard.
They operate on networks built decades ago with virtually no thought for the types of threats we can get today. Despite the introduction of newer technologies like 5G, which also have vulnerabilities since it’s essentially IP over radio, the underlying architecture remains flawed. Basically the frequencies and spectrum changed to have more bandwidth but the secu remains the same. You can have like, a banking ‘app’ that is secured as fuck yet rely on the SMS verification.
Today we can grab some cheap talkies/radios which can use digital voice encryption with AES256 or even RSA out of the box, to cope with the exploits on Motorola/Icom/Kenwoods which came out a while ago, it's cringe to see overpriced phones do not come with better security features.
Solution? End-to-end encrypted VoIP services like Telegram, Matrix, Signal or even fucking WhatsApp which are pleb crap really but ironically offer vastly superior secu and privacy, but they are not yet the default mode of communication. There is no plan for a successor of the classic GSM cellular protocol for phone comm, like we're doomed to rely on outdated infrastructure, the SS7 network and GSM/TDMA/CDMA infrastructure and handshakes which keep its roots from the early 90's that leave us open to attack.
Sure you have a PIN, a password, fingerprint lock and even face recognition, what’s the point if it’s not properly secured behind? The device can be secured, sure, but when it’s in the air it WILL be vulnerable. Those are false senses of security, even if stolen you may want your phone to be a brick rather than used or accessed. People keep their entire lives on their phone, and it is getting worse as everytime you need a service, like insurance, banks, etc, some administration incites the users to install an app of some kind on their shit.
I’d just conclude again with smartphone might just be the least smart invention. It’s time we stop assuming our phones are secure just because they are expensive or branded with the latest technology. The reality is much darker: your phone is one of the most vulnerable things you own, not just the plethora of google services datamining the users, or the open mic, or location services collecting data for analytics, and I assure you none of the manufacturers will do a thing to anticipate the security of the existing phone network.
Everything should be redone from the base of the topology to the user layer. Even keeping the current equipment, antennas, phones. That's not a hardware issue, but the way the network is made that's the real issue. I trust more the IP and WiFi handshake than the GSM and its numerous iterations.
What would be the idea then? Fight with the ITU, raising awareness on something but usually it will be taken after shit happens. Start a private operator that provides trust in the network. Data only, then eventually VOIP. the SIM card should hold a key and establish a handshake with certs. then you have a lease when you connect to a tower. Let's just go with the blockchain, so every packet transmitted is secure, no GSM or UMTS layers, once the physical is made, even say a company or some military or bank protocol can communicate with anything, not necessarily IP. Maybre IP with gateway then you do what you want, but that's the base of secure comms we should expect.
>>3463If you trust gigacorp Inc, Apple offers E2EE for iMessage
The rest seem to be some degree of honeypot or borderline unusable
>>3464You mustn't expect any privacy using an Apple terminal but ok, even crypticirc had secured chats for decades.
Thanks for this post, I really enjoy the more technical you get into.
What kind of equipment is needed to spoof a GSM or CDMA key?
I've hyped matrix quite a bit, as there really isn't anything better and offers the maximum amount of freedom because its just a protocol not attached to giganiggers like IBM, Verizon, Microsoft, or Apple.
>>3466essentially, an electric computer on linux, and software.
https://securityaffairs.com/47179/hacking/hacking-ss7-protocol.htmlother stuff to read about a ss7 attack
https://www.firstpoint-mg.com/blog/ss7-attack-guide/cause yes, 4g and 5g uses Diameter protocol, but also still embeds legacy/ retrocompatibility to SS7 protocol. hence the idea of having a complete rethink of mobile telecoms.
also recently there's been a vid, even if I think linus is a fag.
https://youtube.com/watch?v=wVyu7NB7W6Y