T 5.99 Analysis of call data relating to the use of mobile phones

With mobile communications, the signals transmitted on the radio link are not physically shielded against unauthorised passive monitoring and recording. Thus an aggressor could perpetrate an attack without the access problem which occurs on line-connected communications. A second problem which generally occurs with most radio communication services arises from the fact that for technical reasons the mobile communication partners have to be located in order to be contactable. Again, if these partners establish a connection themselves, they also give away information about their location through the act of establishing a connection. This location information could be used by the network or service provider - and also by third parties - to build up movement profiles.

If an aggressor is familiar with particular filter characteristics over a mobile phone, he could (although it would be technically effort-intensive) identify individual phone calls by means of these characteristics. These or other attacks require that the customer number (IMSI), mobile transceiver number (IMEI) and subscriber call number (MSISDN) are known.

An insider who, for example, had access to the corporate or private telephone directories in a company would be able to identify the MSISDN call number.