Cell Phone Eavesdropping Tools in Shanghai

The other day a friend told me that there was some kind of cell phone wiretapping device being used on her friend. The guy was sure he was being eavesdropped on, because immediately after discussing sensitive information on a special deal with a supplier, a competitor immediately called the same supplier offering a better deal with almost the same terms. The supplier called him back, wanting to know what was going on, and how the other company could have known about the deal.

I quickly forgot this story… industrial espionage is not something that I think about much. But a week or so later, I received this spam message via SMS:

> 专业制作移动,联通卡,做出来的卡能窃听对方所有通话及收发短信,测试满意付款。电话150xxxxxxxx林经理


> Professionally manufactured China Mobile, China Unicom cards which let you listen in on someone’s every call, as well as send and receive their text messages. Test first, pay if satisfied. Phone: 150xxxxxxxx Mr. Lin.

So I guess these 窃听 (eavesdropping) things are becoming fairly common now. There seem to be a few similar devices on Taobao too.


John Pasden

John is a Shanghai-based linguist and entrepreneur, founder of AllSet Learning.


  1. Think those things would work over here as well? Wonder what the range on them is?

  2. this is outrageous ! what happened to privacy !

  3. So this is specifically related to cloning someone’s SIM card ID? Do you think this could become widespread enough to rethink the SIM card system as it currently stands in China?

  4. @Tim: Depends on where you are, I guess. I have no idea what technology is used in China, but this was very easy to do on 1G (analog) cells. In fact my cousin’s theatre company once ran into trouble when their wireless mike system started picking up local cell phone conversations. On 3G systems (including Verizon’s CDMA) this should be impossible due to the use of encryption, unless of course you can gain access to the keys.

  5. 呢哦 破热了么 几丝特 与死 啊 口的 吐 它啊可!!!

    No Problem just use a code to talk.


  6. This is more than a little disturbing. I wouldn’t put it passed some unscrupulous employers to use this on their staff.

  7. H0h0h0. I used to do this all the time, back in the day. http://www.designeq.com/deq/PRO-43Mod.html Of course, the ol’ PRO-43 couldn’t select one particular caller, it just scanned all cell fone frequencies in the immediate area. You could make the area smaller by taking off the antenna.

    Some of my other phone loser buddies had rigs that could actually interrupt calls. It wouldn’t last long, as the cell tower would detect that there were two on the same frequency and drop the call, but you could make a quick transmission and get away with it. Screaming insults in the middle of a business conversation never got old. Tons of fun for 23-year-olds with too much technology and not enough ambition.

    I used to sit and listen for hours to my scanner. Lovers having fights, people trying to get bailed out of jail, someone being notified of the death of a relative, and so on. There was also tons of crap: people wanting to know which brand of tortillas to buy, utter vapidity from supposedly intellectual people, women begging abusive husbands to take them back, and much more. The quality and quantity of coversations fluctuated with the time of day, and I found dinnertime usually the richest territory to mine. 2am bar closing time was always entertaining, too.

    Of course, this all went away with digital cellular communications. And this particular device looks like more of a bug that you physically plant in the victim’s phone than a wireless intercept capability.

  8. PS that’s H0h0h0 with zeroes, not the letter O. Some filter munged my text.

  9. Reasonably easy to do on GSM now – its happening in Europe too.

    Basically listen to the network, clone the IMEI (which is transmitted), plus the SimCard ID, and you can listen to the calls made by the other party.

    These are OTA (over the air) attacks.

    CDMA has been vulnerable to that for a lot longer.

    Interesting true factoid.

    Back in the early 90’s when Shanghai used analog phones (remember the 959xxxx numbers all you other Shanghai old-timers), there was a spate of cloning going on at the airport.

    People would receive huge bills for calls they’d never made. This went on for a few months, until the chief of police’s phone got cloned, and suddenly that all stopped rather quickly.

    Ah the good old days. Mind you analog phones back then cost rather a lot of money – the sim card+phone cost my friend nearly 80,000RMB (10kUSD in at the old +-8.2 rate) back then!

    My first GSM mobile+sim card here cost just over 8000RMB, with the simcard alone a few thousand rmb. Now they’re free…

  10. Can we get to the important part now…?

    How can we use this to study Chinese? Listening to other peoples conversations all day everyday might not be that bad of an idea.

  11. Creepy I think.

    But can you listen to more than one number with the advertised professional China Mobile/Unicom Sim card?

  12. You would need to reprogram it for different numbers.

    There are also a number of older nokia phones which can be put into promiscuous mode in order to listen to the network.

    Sim cards come in a few versions older ones completely broken
    v2 also can be broken using hashes afaik. I havent checked the current state of affairs recently though, google some of the gsm hacking forums in eastern block countries should reveal more up to date info.

Leave a Reply