USS Clueless CDMA FAQ -- How easy is it to eavesdrop on CDMA cellular?

  USS Clueless

             Voyages of a restless mind

no graphics

Log archives
Best log entries
Other articles

Site Search

How easy is it to eavesdrop on CDMA cellular?

Short answer: Harder than a landline phone.

Long answer: Eavesdropping on the radio link is prohibitively difficult. Any law enforcement agency which wanted to listen to your calls wouldn't bother with that.

The cellular and PCS carriers are required to cooperate with law enforcement agencies armed with proper warrants for line taps. If they wish to listen to calls, they tap in at the service provider's central office. It's approximately comparable to what they would do to tap a landline phone.

It's possible to illicitly tap a landline by having someone climb a phone pole (or go down into a hole) and tap the wires near your home. The equivalent of this for AMPS was a simple FM radio scanner that cost a few hundred dollars. But whoever decided to try something like that for CDMA would be stumped. Even if he had all the information necessary (like your phone's ESN, which is required to be able to intercept the reverse link) the equipment needed would cost tens of thousands of dollars, well beyond the means of any private detective or creepy voyeur.

When you speak into your CDMA phone, your voice is digitized and compressed into 50 digital packets per second. These are then spread, interleaved, passed through a Viterbi forward-error-correction encoder, scrambled using the Walsh code for the channel you've been assigned, scrambled again with the short code, possibly encrypted, scrambled yet again with a modified version of the long code and then transmitted in quadrature with spread spectrum. The creepy voyeur with his FM scanner can't even pick up spread spectrum, and if he had the right receiver it would just sound like a very high frequency hiss (well beyond the range of human hearing) bearing no resemblance whatever to your voice.

The modification of the long code includes knowledge of the ESN (the unique serial number of your phone) which the phone keeps in its memory and the cell system knows. The ESN is not transmitted, and thus can't be intercepted. Rather, your phone sends its phone number to the cell system, which looks the ESN up in its database. (If you're roaming, it gets it from your home system.) Both your phone and the cell system know the ESN and modify the long code the same way. Without it, the resulting chip sequence is gibberish.

It would not only take a lot of very expensive and customized hardware to do all this, it would also take espionage. It's been truly said that if you have someone after you who can intercept your CDMA radio link and is inclined to do so, you've got a lot worse problems than just this.

Captured by MemoWeb from on 9/16/2004