Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cell Phone Interception At Def Con

Posted by Soulskill on from the can-i-hear-you-now dept.

ChrisPaget writes "I'm planning a pretty significant demonstration of GSM insecurity at Defcon next week, where I'll intercept and record cellular calls made by my attendees, live on-stage, no user-input required. As you can imagine, intercepting cellphones is a Very Big Deal in the eyes of the law; this blog post is an attempt to reassure everyone that their privacy is being taken seriously despite the nature of the demo. I'm not just making it up either — the EFF have helped significantly with the details."

18 of 95 comments (clear)

  1. Verizon by Anarki2004 · · Score: 3, Funny

    Does this mean Verizon will start advertising that they are CDMA?

    --
    The teachers will crack any minute, purple monkey dishwasher.
    1. Re:Verizon by Shakrai · · Score: 2, Insightful

      AT&T and T-Mobile will both be CDMA once they complete the transition to UMTS.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Verizon by sznupi · · Score: 3, Informative

      Generally it's all a clusterfuck of confusion stemming from one group choosing, for its marketing, a name of basic radio method they use...and not only them; also the group most commonly seen as "GSM association", just not in its oldest standard.

      If anything, "CDMA" (in whatever form) is going out; LTE & FDMA is revving up. And considering that various "3G" technologies don't really have a universal uptake, with majority of people on 2G TDMA networks - I wouldn't be too surprised if they jump directly to LTE, at some point in the future, more often than not.

      --
      One that hath name thou can not otter
  2. Will there be any GSM calls with "no user-input"? by sznupi · · Score: 3, Interesting

    Is jamming UMTS network also planned? (yes, lots of folks still don't have handsets with UMTS; but at Defcon...)

    --
    One that hath name thou can not otter
  3. Feds in audience by AnonymousClown · · Score: 5, Funny
    Reading the second link, I had this image of them capturing a Fed in the audience phoning in a report.

    Isn't this the show that the "Spot the Fed" game?

    --
    RIP America

    July 4, 1776 - September 11, 2001

    1. Re:Feds in audience by _Sprocket_ · · Score: 5, Funny

      [Nokia ringtone]

      "HELLO?! WHAT?! YEAH! I'M AT DEFCON. Yeah. Some guy is giving some demo now. No, it's rubbish. What? No. Nobody know's I'm a Fed. Right. OK. Got to go."

      (Imagine that in all caps 'cause the /. filter doesn't like loud literary voice)

  4. Just be careful by Sycraft-fu · · Score: 3, Informative

    It is illegal to intercept cellphone communications. Doesn't matter if it is a "security demonstration" what you call it is not relevant. You probably need waivers from everyone you plan on intercepting.

    Get a lawyer who know that area of law, and not from the EFF. I like their ideals and all, but their track record is as idealists and they don't seem to do so good in terms of actual law, especially in the court.

    Not saying don't give your talk, GSM security is serious and the phone companies need to get with it and fix that shit. However make sure you aren't breaking the law.

    1. Re:Just be careful by Itninja · · Score: 2, Interesting

      Are you sure just intercepting is illegal? I have had police scanners in the past that would pick up cell phone (and nearby cordless phone) conversations all time. My understanding at the time was the law was violated only if I recorded and/or distributed the information. This was years ago, so the laws may have changed....or maybe it was illegal all along and I am a huge criminal.

      --
      I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    2. Re:Just be careful by dcw3 · · Score: 2, Informative

      The Federal Communications Commission (www.fcc.gov) ruled that as of April 1994 no radio scanners may be manufactured or imported into the U.S. that can pick up frequencies used by cellular telephones, or that can be readily altered to receive such frequencies. (47 CFR Part 15.37(f)) The law rarely deters the determined eavesdropper, however.

      Another federal law, the Counterfeit Access Device Law, was amended to make it illegal to use a radio scanner "knowingly and with the intent to defraud" to eavesdrop on wire or electronic communication. (18 USC 1029) Penalties for the intentional interception of cordless and cellular telephone calls range from fines to imprisonment depending on the circumstances. (18 USC 2511, 2701)

      --
      Just another day in Paradise
    3. Re:Just be careful by TomXP411 · · Score: 3, Informative

      You're almost right. You can intercept non-encrypted, non-cellular communications.

      Actually, the FCC has specific laws in place regarding phone calls on cellular networks. You cannot, under any circumstances, listen in to a cell phone conversation without permission. That is why all radio scanners sold in the United States are required to block the AMPS cellular phone frequencies.

      Aside from cell phones, it's legal to intercept any open transmission you can receive, as long as it's not encrypted. I would assume you need permission of one or both parties to decrypt encrypted communications.

      From what I can tell, the OP is going to be using a femtocell modified base station that will basically act as a cellular tower. For the duration of the presentation, anyone within range of the base station will have their calls routed through his base station, rather than their regular cellular carrier. The legality of this is dubious, but it is a security seminar and presentation. It would be far safer (but less dramatic) if they staged the call, rather than actually pulling up the conversations of random people at the convention.

    4. Re:Just be careful by SETIGuy · · Score: 3, Insightful

      It's not just potentially illegal because you're "wiretapping" but it's actually illegal to own a radio receiver capable of receiving on the frequencies used by cell phones.

      Damn! I carry a radio transceiver capable of transmitting and receiving on those frequencies in my pocket every day!

      --
      Support SETI@home
  5. Iphone 4 is protected against this nonsense. by Anonymous Coward · · Score: 5, Funny

    Just press lightly against the bottom left!

  6. Encryption is the future by carp3_noct3m · · Score: 5, Insightful

    In this age, where more and more people and institutions are trying to control, and intercept, the flow of information, encryption is the future. Anyone with some knowledge in the area knows that LE et al have the ability to intercept all kinds of comm, emails, phone calls, etc. Just as you should automatically assume that any email you send to anyone is compromised and therefore public knowledge, the same for phone conversations. The only way around this is to encrypt if at all possible, though the demand has to rise for things to be more pragmatic and easily accessed. It is still an interesting method, but much like the internet, phone systems were not designed with security as a main priority.

    --
    "It's ok, I'm completely secure as long as my iron is off"
    1. Re:Encryption is the future by houghi · · Score: 2, Interesting

      Encryption on a large scale will be forbidden, I am sure. The excuse will be terrorism and children. Together with the "If you have nothing to hide, show it."-excuse. Privacy? You don't need no stinkin' privacy.

      --
      Don't fight for your country, if your country does not fight for you.
    2. Re:Encryption is the future by DigitAl56K · · Score: 3, Insightful

      GSM has various encryption standards that are supposed to protect calls. But some are weak, and phones using stronger algorithms can be tricked into falling back to the weaker ones. With a fake tower you can probably turn it off completely.

      The problem with encrypting cell conversations is many-fold:
      * Can you rely on the GSM encryption?
      * Can you trust third-party implementations?
      * Even if you run an encrypted VOIP app, can you trust the handset manufacturer? (e.g. not to allow the government to steal your keys from device memory via privileged access)
      * If you can trust the manufacturer, is your device security from nearby wireless attacks? There have been exploits for bluetooth and wifi stacks.
      * Can someone clone your phone?
      * Do you know through systems like CALEA and IP monitoring what details of your conversation will be private vs which will be public and whether that suits your needs? Data mining can probably reveal a lot about who knows who and sequences of events.
      * Instead of expending the effort to break your encryption isn't it easier for someone to bug places you frequently call from?
      * Can you trust the guy on the other end of the line to have been as careful as you have? If not, everything you've done to protect yourself is useless.

      IMO if you have something you need to say to someone in secret a cell phone is a particularly bad way to go about it.

    3. Re:Encryption is the future by Shakrai · · Score: 2, Funny

      Thankfully we have a 2nd amendment right to possess encryption ;)

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
  7. Love that Patriot Act! So moist! by DominatorDan · · Score: 2, Insightful

    So, for the NSA to listen in on all cell conversations with Echelon is ok under the Patriot Act, but its not ok for the average citizen....? Gotta love Amerika!

  8. Re:Smart phone hacks? by RebootKid · · Score: 2, Interesting

    I leave the hard drive out of my laptop, boot off of read-only media. I write back to flash drives for data that needs saving. I leave my phone in airplane mode. Never had a problem, but have been called "paranoid" ;)