Modern cellular networks are built to serve millions upon millions of users, all while maintaining strict encryption across all communications. But earlier cellular networks were by no means so secure, as [Nostalgia for Simplicity] demonstrates in a recent video.
The video begins with an anecdote — our narrator remembers a family member who could listen in on other’s conversations on the analog AMPS phone network. This was easily achieved simply by entering a code that would put an Ericsson handset into a test mode, in which it could be switched to tune in any desired AMPS channel. Since the communications were transmitted in a purely analog manner, with no encryption of any sort, any conversation on such a network was basically entirely open for anyone to hear. The video shows a recreation of this method, using a software-defined radio to spin up a low-power, very local AMPS network. A phone call is carried out between two handsets, with a third handset able to listen in just by using the special test mode.
If you’re particularly keen to build your own first-generation AMPS phone network, just know that it’s not really allowed due to rules around spectrum allocations. Still, it’s entirely possible as we’ve covered before. It doesn’t even take much hardware in our modern SDR era.
I had that exact Ericsson 1228d in blue shown in the header in high school and yes, it was that easy, whenever I got bored i just tuned into other people’s conversations. As you had to try a different channel each time and each part of the conversation was on a different channel the eavesdropping was one way only.
The analog landline of the 20th century had no security, either.
In my home country, in the 90s, the T-Online Classic online service (aka BTX, Datex-J) had no encryption, either.
That wasn’t added until about the 2000s, I think.
(The service remained in use until late 2000s, mainly for online banking without requiring the unsafe internet.)
So at the time, tapping the line was possible,
a hacker in the cellar of the building could read the raw data with a modem and a terminal program.
A hacker could write down the data, re-establish the connection to the online service
and re-send the altered information of, say, a bank formular.
The only security was the obfuscation of the login data via using different
baud rate/polarity during log-on.
And the user wouldn’t even been suspicious in most cases,
because modem disconnects due to bad line quality happened sometimes.
There’s a video of a news reports.
https://www.youtube.com/watch?v=Sr62RbKPy6U
German B-Netz (1972-1994) was unencrypted. 27.000 users (peak & max. limit) on a silver plate.
I don’t remember B-Net anymore,
it was before my time, but I recall that the C-Netz was still in use.
One C-Netz auto telephone, Siemens C5, was known for being modded for amateur radio use.
It could be used as 70cm band two-way radio.
http://www.oebl.de/C-Netz/Geraete/Siemens/C5/C5.html
The D-Netz (GSM) was the rising star from 1992 onwards or so.
I remember how the Motorola MicroTAC was commonly seen, as well as the old Hagenuk phones.
One had Tetris, I remember. Model MT-1200 or so. We had an MT-900..
I can imagine how the conversation went, “How do you stop people from tapping the line?” – “But you can’t do that.” – “Yes, but how do you stop people doing that?” – “You can’t do that. It’s illegal!” – “Yes, but what if somebody….” – “NO! It’s illegal! You can’t do that!”.
I’ve had this conversation with Germans before.
It’s clear no German ever tapped a line, they are physically unable to
As a German, I have to say that’s pretty accurate. 🤣
Not sure if I should laugh or cry, though. 🥲
Fair play for being a good sport :-)
NMT phones. If you parked close to the mast then you could pick up various calls on your car radio.
When the first Generation cell phones were becoming very popular I was debugging a relitively secure spread spectrum TxRx connection that was losing sync. This was taking place at about 915 megahertz. On the spectrum analyzer I could see lots of signals pop-up communicate for a minute to 10 minutes, then go away.
I moved the pointer, dropped in on one of those signals, and heard somebody giving their banking information, all access numbers, everything.
And credit card numbers. That was an eye opener. How could we have done that? It was just so easy to pick up.
I spread the word, but not everybody believed me. They said it would be too stupid to do anything that non-secure and not inform your customers.
And if you ever want to design a spread spectrum system that can latch on and synchronize to your spread spectrum sequence make sure the transmitter and the receiver are using the same type of logic chips at the same voltage when generating the analog voltage that drives the transmitter and receiver frequency tuning. The experts that designed that system totally missed that basic requirement. And they went out of business a little bit later.
The 90’s were great. I had a friend that used to purchase the BT/Cellnet Philips C12 from Boots for 50 quid. Shove a 12C508 PIC inside, then sell them for 100 quid. helped fund a year of university. Those old phones stored credit on the phone, so using a PIC to copy and erase the EEPROM prior to making a call allowed the phone to stay topped up when it dumped the EEPROM back in on boot.
I seem to remember being able to occasionally tune in to some audio communications with my VCR by adjusting some sort of thumb wheel potentiometers- I don’t know WHAT they were, but they were interesting, back in the day!
I simply used a radio scanner to tune into the old analog cell channels. Lots of steamy calls and illicit relationships going on. Same with cordless phones, also analog in the early days. Why? Just being able to was a no empty which I soon got bored of!
I remember tuning my 2m/440MHz radio to receive in the 900MHz cell phone band. Plain as day, but only one side at a time.
” any conversation on such a network was basically entirely open for anyone to hear ” That’s not accurate.
I was a repair tech back in that day, and though partly true, any phone could be put into test mode, and you could listen on a channel but you could NOT hear the conversation. One channel was for one party, and another channel for for the other party. So basically you could only hear one half of 2 people talking.
So using two phones in testmode you can listen in stereo to the conversation. Person-A in your left ear and person-B in the right, that’s even better, cool.
FREE KEVIN!
In the 90’s I copied the ESN EEPROM (9346) and had 5 3W Nokia/Technophone cells on one service (none ever on at the same time). Service from LA Cellular was US$20/month for 20 minutes. Hacked my scanner to listen to others. Had a couple of OKI 900’s and played with the 5X ESN F/W.
I went the route of unblocking the analog cellular bands on my Radio Shack handheld scanner via a well known fix involving a single resistor. Great fun while it lasted.