How Cell Phone Companies Work

The technology to intercept cellphone data does exist. Major mobile carriers provide customers with their own base stations known as femtocells, which allow their customers to extend their network where the carrier’s towers may not get a signal. Cellphone towers are usually very large in size and very powerful; they are used to route calls and text through the network to their destination. The main difference between cellphone towers and femtocells is that femtocells are much smaller and have a significantly lower power output. The main purpose of a femtocell is to provide a signal to locations where there is little or no signal strength. Think of a femtocell as an extension cord but for cellphone signal. They could be set up in the middle of a forest where there is little or no cell signal; or a femtocell could be set up in a building that causes interference with cell phone signal. Now, people have the ability to set up their own femtocell-esque devices to mimic cell phone towers and potentially intercept voice, Short Message Service (SMS) messages, and Multimedia Messaging Service (MMS) messages.

For our project We will be looking into different software which will allow the LCDI to create one of these femtocells and attempt to analyze how it works. So far we have been researching how these base stations work and we have been trying to find different software/hardware that would be the best to help us create and understand this technology. An open source software created by Range Networks called, OpenBTS, allows users on a Linux distribution to allow mobile devices to communicate much like mobile network carriers. Hardware is of course necessary too. Range Networks also offers a development kit that comes preconfigured to run OpenBTS, Asterisk(http://www.asterisk.org/), Ubuntu 10.04, subscriber registry, and SMS server at a cost of $4995. Another option would be to buy a software programmable radio with all of the necessary components and configure that to work with OpenBTS; Ettus Research offers such devices. The third option is to buy all of the components necessary to make a software programmable radio and solder them together yourself. Some of these components include: a USRP (Universal Software Radio Peripheral, a high-performance transceiver that operates in the 1900 MHz band) and a 52 MHz clock generator. For ease and cost sake, one of the Ettus Research devices may be the best route to got, costing approximately $1140 to set up. The hardware coupled with the OpenBTS software will allow you to make your own private mobile network, but this is only able to mimic GSM (Global System for Mobile Communication) and 2G; this does not affect networks running on CDMA (Code Division Multiple Access), 3G, and/or 4G because they use a different network design (CDMA uses one channel with a unique code for each device on the network, GSM has a corresponding network tower that serves all of the mobile devices in the coverage area). Cell phones that use these wireless cellphone technologies would not likely connect to these mimicked cellphone towers.

We have been watching YouTube videos that demonstrate that these base stations actually work and how they work: http://www.youtube.com/watch?v=pTb1_v8M6iA and http://www.youtube.com/watch?v=DU8hg4FTm0g. Only out bound calls can be made, meaning you are essentially cut off from the major cell phone networks. These outbound calls are only contained within the OpenBTS network and cannot to any cellphones that are not also connected to the OpenBTS network. If properly configured, cell phones exclusively on the OpenBTS network can make calls to each other but the point of this experiment is to show how cellphone companies control your calls and what information they have. In order to proceed further we must acquire and setup the equipment and software.

-Nick Murray

More Research Projects
The Leahy Center Inventory Project
Social Media Footprint Awareness
My Experience on The VPN Comparison Team