T 5.96 Tampering with mobile phones

The installation of additional electronic circuitry, as described in T 5.95 Bugging of indoor conversations over mobile phones, is a typical hardware manipulation. In order that such tampering can be carried out, the device to be manipulated must be in the possession of the adversary for a certain period of time.

Another way of using mobile phones for bugging purposes is to tamper with the control software (firmware) installed on the device. This kind of tampering is a lot more difficult to detect than tampering with the hardware.

A concealed, undocumented bugging function could already be programmed (either deliberately or by accident) into the control software during development of the device.

However, it is also conceivable that the control software could be modified subsequently by a third party, for example when the device is out of the user's (short-term) control during repair or due to other reasons (loss or theft). Such manipulation requires in-depth specialist expertise which is normally available to few persons other than the firmware developers. It is virtually impossible for an outsider to demonstrate that such manipulation has taken place.

Mobile phones are becoming more flexible through extension of the mobile phone menu functions using SIM Toolkit and a new generation of SIM cards which support this functionality. Such a mobile phone can be programmed with new functions by the service provider over the cellular network. Thus, for example, the card provider can tailor the menu structure to meet the requirements of a particular customer.

However, this capability carries with it the threat that firmware could be tampered with, as the functionality that is needed to reconfigure a phone into a bugging device could already be contained as standard in the firmware. The probability that functions which will convert the mobile phone into a bugging transmitter can be called up from "outside" increases. It could also be possible for these functions to be enabled and disabled at will.