Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cell Phone Interception At Def Con

Posted by Soulskill on from the can-i-hear-you-now dept.

ChrisPaget writes "I'm planning a pretty significant demonstration of GSM insecurity at Defcon next week, where I'll intercept and record cellular calls made by my attendees, live on-stage, no user-input required. As you can imagine, intercepting cellphones is a Very Big Deal in the eyes of the law; this blog post is an attempt to reassure everyone that their privacy is being taken seriously despite the nature of the demo. I'm not just making it up either — the EFF have helped significantly with the details."

3 of 95 comments (clear)

  1. Just be careful by Sycraft-fu · · Score: 3, Informative

    It is illegal to intercept cellphone communications. Doesn't matter if it is a "security demonstration" what you call it is not relevant. You probably need waivers from everyone you plan on intercepting.

    Get a lawyer who know that area of law, and not from the EFF. I like their ideals and all, but their track record is as idealists and they don't seem to do so good in terms of actual law, especially in the court.

    Not saying don't give your talk, GSM security is serious and the phone companies need to get with it and fix that shit. However make sure you aren't breaking the law.

    1. Re:Just be careful by TomXP411 · · Score: 3, Informative

      You're almost right. You can intercept non-encrypted, non-cellular communications.

      Actually, the FCC has specific laws in place regarding phone calls on cellular networks. You cannot, under any circumstances, listen in to a cell phone conversation without permission. That is why all radio scanners sold in the United States are required to block the AMPS cellular phone frequencies.

      Aside from cell phones, it's legal to intercept any open transmission you can receive, as long as it's not encrypted. I would assume you need permission of one or both parties to decrypt encrypted communications.

      From what I can tell, the OP is going to be using a femtocell modified base station that will basically act as a cellular tower. For the duration of the presentation, anyone within range of the base station will have their calls routed through his base station, rather than their regular cellular carrier. The legality of this is dubious, but it is a security seminar and presentation. It would be far safer (but less dramatic) if they staged the call, rather than actually pulling up the conversations of random people at the convention.

  2. Re:Verizon by sznupi · · Score: 3, Informative

    Generally it's all a clusterfuck of confusion stemming from one group choosing, for its marketing, a name of basic radio method they use...and not only them; also the group most commonly seen as "GSM association", just not in its oldest standard.

    If anything, "CDMA" (in whatever form) is going out; LTE & FDMA is revving up. And considering that various "3G" technologies don't really have a universal uptake, with majority of people on 2G TDMA networks - I wouldn't be too surprised if they jump directly to LTE, at some point in the future, more often than not.

    --
    One that hath name thou can not otter