Batboard

Mods: If this needs to be moved, please do so.

I have been asked if it is possible to monitor nextel phone calls and direct connect calls.

I believe that it is in fact possible, but how would a person filter out calls from a specific person or groups of people?

I am not knowledgable enough with service monitors to know if this is possible or not.

any detailed info would be helpful...

via PM of course.

I have no wish to monitor anyones calls, i simply want to know how its done so that i can try to protect against it if at all possible.

Thanks!

Doing this would be theoreticallly possible but I suspect a bit difficult in reality.

Nextel is basically a trunked radio system that uses a particular form of digital encoding of voice. Basically, you'd do the following:

Knowing the SysID and control channels of a site that would be within range of one of the parties in question, program a radio to the control channel, run discriminator audio out to a data slicer and run the data output to the serial port of a PC running one of the packages out there that decodes OSWs. This will show an OSW granting an "individual call" or "private call" channel grant request and the frequency of the voice channel assigned to the party you are close to. You then tune a second radio (either manually or automatically) to that voice channel, and so long as your party remains on that site, you're hearing the voice. The problem is that the voice would be iDen digitized, and off the top of my head I haven't a clue as to how you would decode it into analog voice.

There would be some other practical problems. For one, you'd have to know in advance when the call would be coming through, or else sit in front of the screen and watch the OSWs scroll by; it will take about 20 minutes before your eyes fall out.

You'd also have to know the UnitIDs of the units in question, in order to recognize that this call (out of the hundreds flashing by) is the one of interest.

On a non-simulcast system, only the two sites on which the parties to the I-call are affiliated would process the OSW, which means that you'd also have to know in advance where at least one of the parties was going to be when the call was placed. Also, that person would have to be stationary, to avoid a site-to-site handoff.

In a SmartNet system, the I-call voice is broadcast over the voice channel output freq, even though it is only intended for the two participants. I have no idea whether iDen follows the same protocol; it may be that the talking side could be heard only over the input freq, in which case you'd have to be close enough to the party to hear his very low power transmission. The return part of the call would definitely come over the output.

In short, this is a fine theoretical exercise, but the probability of a targeted interception of a Nextel I-call is, I would bet, very small.

Theoreticals aside...

Yes, iDen can be monitored, it just depends how sexy you want to get. Technically you could reverse-engineer a phone's firmware (since they're flash-based, shouldn't be hard to load your own code) and make it a receiver (sorta like the Oki 900s in the AMPS days). Also, you can use a high-end widget like an R2660, which will successfully recover iDen audio. Those run about $65K, list.

Downsides? You're going to have to be close... since it's a cellular system, the output side of the system isn't going to talk far (don't forget the antennas are downtilted). Plus, the above methods are either a. difficult to implement, b. expensive, or c. both.

In practical use, I wouldn't worry too much about interception, but I'd treat it the same way I treat any wireless device. If you're concerned about interception, you should be looking into P25 + DES-OFB/AES-256...

I thought that the signals were multiplexed at 3:1 or 6:1 meaning up to 3 (or 6) subscribers could be communicating on the same channel at the same time? You know, like TDMA or CDMA? I forget which format iDEN is.

Yes, iDen is 6:1 TDMA using the VSELP codec.

tvsjr wrote:Yes, iDen is 6:1 TDMA using the VSELP codec.

The newer units (from mid 2004) use the AMBE codec.

Jim.