This is 100% true. Also, the bugging software can be activated, and the bugging conducted over the mobile service provider's network without the service provider knowing it. This is a requirement of "Lawful Intercept" capability in mobile network equipment.
On top of the "secret" specs for this stuff are further layers of "double secret" specifications each equipment maker provides depending on to whom they are selling the network equipment.
This is 100% true. Also, the bugging software can be activated, and the bugging conducted over the mobile service provider's network without the service provider knowing it. This is a requirement of "Lawful Intercept" capability in mobile network equipment.
Don't believe it? Read it for yourself: cryptome.org/3gpp-li-docs.htm
How do you like your "land of the free" now?
On top of the "secret" specs for this stuff are further layers of "double secret" specifications each equipment maker provides depending on to whom they are selling the network equipment.