Jokersvirus
08-06-2010, 10:03 AM
Seems a research found a way to make 2g phones think it was contacting a cell tower and by which you can listen to calls.
GSM encryption was broken, with code published last year. Going still further at this year's DefCon conference, a researcher showed off a $1,500 device that can intercept cell phones calls by tricking phones into thinking it is a cell phone tower, and routing calls through it.
Chris Paget's demonstration on Saturday, shown below, was meant to illustrate how easy it could be for criminals to do the same thing. "GSM is broken; it's just plain broken," he said.
To be clear, his demonstration was against GSM, also known as 2G. Although most people label any handset that uses a SIM card as a GSM handset, those that use 3G (such as the iPhone) are safe from Paget's device.
However, Paget's equipment first "jams" 3G connections. That would cause phones to search automatically for a 2G GSM signal and connect to his device instead, as the higher signal strength in the immediate vicinity of the device would overwhelm that of normal cell phone towers.
Paget’s demo drew the attention of the Federal Communications Commission (FCC). Authorities contacted him prior to his talk, asking if he would be violating federal wiretapping laws.
After consulting legal experts at the Electronic Frontier Foundation (EFF), Paget conducted the live demo anyway. He warned those and the event and posted notices as well, indicating that his demo would involve intercepting calls on the GSM network in the area, as a form of proactive legal protection.
Additionally, Paget used part of the GSM radio spectrum that is reserved for HAM radio in the United States, but GSM phones in Europe. Paget is licensed as a HAM radio operator, and believes that loophole protected him as well, from any possible charges. "I'm operating as a licensed HAM radio transmitter, but your handset thinks I'm a European cell tower," he said.
With regard to his conversation with the FCC, Paget said, "It wasn't a particularly productive conversation. It seemed more like scare tactics to me."
Of course, authorities have had access to this type of equipment for some time. This is the first time such a cheap version has been demoed, Paget said.
There are caveats. For one, his trick only works on outgoing calls, and displays incorrect caller ID information as well, on the handset of those called. However, he claimed it would be relatively simple for criminals to upgrade the technology to include the actual numbers, as well as modify the device to intercept incoming calls.
Naturally, the equipment isn't pocketable, either.
The GSM Association, an industry group, besides listing a series of limitations to Paget's demo (such as not being able to target a specific caller) issued the following statement:
"The overall advice for GSM calls and fixed-line calls is the same: neither has ever offered a guarantee of secure communications. The great majority of users will make calls with no reason to fear that anyone might be listening. However, users with especially high security requirements should consider adding extra, end-to-end security features over the top of both their fixed line calls and their mobile calls."
Neither T-Mobile nor AT&T, which use GSM technology in their networks, has commented as yet. Both Sprint and Verizon use CDMA technology, and are thus unaffected by Paget's device.
Hacker demos $1,500 device that intercepts cell phone calls (http://www.examiner.com/x-39728-Tech-Buzz-Examiner~y2010m8d1-1500-device-that-intercepts-cell-phone-calls-demoed-at-DefCon)
There is a video on the website
GSM encryption was broken, with code published last year. Going still further at this year's DefCon conference, a researcher showed off a $1,500 device that can intercept cell phones calls by tricking phones into thinking it is a cell phone tower, and routing calls through it.
Chris Paget's demonstration on Saturday, shown below, was meant to illustrate how easy it could be for criminals to do the same thing. "GSM is broken; it's just plain broken," he said.
To be clear, his demonstration was against GSM, also known as 2G. Although most people label any handset that uses a SIM card as a GSM handset, those that use 3G (such as the iPhone) are safe from Paget's device.
However, Paget's equipment first "jams" 3G connections. That would cause phones to search automatically for a 2G GSM signal and connect to his device instead, as the higher signal strength in the immediate vicinity of the device would overwhelm that of normal cell phone towers.
Paget’s demo drew the attention of the Federal Communications Commission (FCC). Authorities contacted him prior to his talk, asking if he would be violating federal wiretapping laws.
After consulting legal experts at the Electronic Frontier Foundation (EFF), Paget conducted the live demo anyway. He warned those and the event and posted notices as well, indicating that his demo would involve intercepting calls on the GSM network in the area, as a form of proactive legal protection.
Additionally, Paget used part of the GSM radio spectrum that is reserved for HAM radio in the United States, but GSM phones in Europe. Paget is licensed as a HAM radio operator, and believes that loophole protected him as well, from any possible charges. "I'm operating as a licensed HAM radio transmitter, but your handset thinks I'm a European cell tower," he said.
With regard to his conversation with the FCC, Paget said, "It wasn't a particularly productive conversation. It seemed more like scare tactics to me."
Of course, authorities have had access to this type of equipment for some time. This is the first time such a cheap version has been demoed, Paget said.
There are caveats. For one, his trick only works on outgoing calls, and displays incorrect caller ID information as well, on the handset of those called. However, he claimed it would be relatively simple for criminals to upgrade the technology to include the actual numbers, as well as modify the device to intercept incoming calls.
Naturally, the equipment isn't pocketable, either.
The GSM Association, an industry group, besides listing a series of limitations to Paget's demo (such as not being able to target a specific caller) issued the following statement:
"The overall advice for GSM calls and fixed-line calls is the same: neither has ever offered a guarantee of secure communications. The great majority of users will make calls with no reason to fear that anyone might be listening. However, users with especially high security requirements should consider adding extra, end-to-end security features over the top of both their fixed line calls and their mobile calls."
Neither T-Mobile nor AT&T, which use GSM technology in their networks, has commented as yet. Both Sprint and Verizon use CDMA technology, and are thus unaffected by Paget's device.
Hacker demos $1,500 device that intercepts cell phone calls (http://www.examiner.com/x-39728-Tech-Buzz-Examiner~y2010m8d1-1500-device-that-intercepts-cell-phone-calls-demoed-at-DefCon)
There is a video on the website