Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cell Phone Interception At Def Con

Posted by Soulskill on from the can-i-hear-you-now dept.

ChrisPaget writes "I'm planning a pretty significant demonstration of GSM insecurity at Defcon next week, where I'll intercept and record cellular calls made by my attendees, live on-stage, no user-input required. As you can imagine, intercepting cellphones is a Very Big Deal in the eyes of the law; this blog post is an attempt to reassure everyone that their privacy is being taken seriously despite the nature of the demo. I'm not just making it up either — the EFF have helped significantly with the details."

11 of 95 comments (clear)

  1. Verizon by Anarki2004 · · Score: 3, Funny

    Does this mean Verizon will start advertising that they are CDMA?

    --
    The teachers will crack any minute, purple monkey dishwasher.
    1. Re:Verizon by sznupi · · Score: 3, Informative

      Generally it's all a clusterfuck of confusion stemming from one group choosing, for its marketing, a name of basic radio method they use...and not only them; also the group most commonly seen as "GSM association", just not in its oldest standard.

      If anything, "CDMA" (in whatever form) is going out; LTE & FDMA is revving up. And considering that various "3G" technologies don't really have a universal uptake, with majority of people on 2G TDMA networks - I wouldn't be too surprised if they jump directly to LTE, at some point in the future, more often than not.

      --
      One that hath name thou can not otter
  2. Will there be any GSM calls with "no user-input"? by sznupi · · Score: 3, Interesting

    Is jamming UMTS network also planned? (yes, lots of folks still don't have handsets with UMTS; but at Defcon...)

    --
    One that hath name thou can not otter
  3. Feds in audience by AnonymousClown · · Score: 5, Funny
    Reading the second link, I had this image of them capturing a Fed in the audience phoning in a report.

    Isn't this the show that the "Spot the Fed" game?

    --
    RIP America

    July 4, 1776 - September 11, 2001

    1. Re:Feds in audience by _Sprocket_ · · Score: 5, Funny

      [Nokia ringtone]

      "HELLO?! WHAT?! YEAH! I'M AT DEFCON. Yeah. Some guy is giving some demo now. No, it's rubbish. What? No. Nobody know's I'm a Fed. Right. OK. Got to go."

      (Imagine that in all caps 'cause the /. filter doesn't like loud literary voice)

  4. Just be careful by Sycraft-fu · · Score: 3, Informative

    It is illegal to intercept cellphone communications. Doesn't matter if it is a "security demonstration" what you call it is not relevant. You probably need waivers from everyone you plan on intercepting.

    Get a lawyer who know that area of law, and not from the EFF. I like their ideals and all, but their track record is as idealists and they don't seem to do so good in terms of actual law, especially in the court.

    Not saying don't give your talk, GSM security is serious and the phone companies need to get with it and fix that shit. However make sure you aren't breaking the law.

    1. Re:Just be careful by TomXP411 · · Score: 3, Informative

      You're almost right. You can intercept non-encrypted, non-cellular communications.

      Actually, the FCC has specific laws in place regarding phone calls on cellular networks. You cannot, under any circumstances, listen in to a cell phone conversation without permission. That is why all radio scanners sold in the United States are required to block the AMPS cellular phone frequencies.

      Aside from cell phones, it's legal to intercept any open transmission you can receive, as long as it's not encrypted. I would assume you need permission of one or both parties to decrypt encrypted communications.

      From what I can tell, the OP is going to be using a femtocell modified base station that will basically act as a cellular tower. For the duration of the presentation, anyone within range of the base station will have their calls routed through his base station, rather than their regular cellular carrier. The legality of this is dubious, but it is a security seminar and presentation. It would be far safer (but less dramatic) if they staged the call, rather than actually pulling up the conversations of random people at the convention.

    2. Re:Just be careful by SETIGuy · · Score: 3, Insightful

      It's not just potentially illegal because you're "wiretapping" but it's actually illegal to own a radio receiver capable of receiving on the frequencies used by cell phones.

      Damn! I carry a radio transceiver capable of transmitting and receiving on those frequencies in my pocket every day!

      --
      Support SETI@home
  5. Iphone 4 is protected against this nonsense. by Anonymous Coward · · Score: 5, Funny

    Just press lightly against the bottom left!

  6. Encryption is the future by carp3_noct3m · · Score: 5, Insightful

    In this age, where more and more people and institutions are trying to control, and intercept, the flow of information, encryption is the future. Anyone with some knowledge in the area knows that LE et al have the ability to intercept all kinds of comm, emails, phone calls, etc. Just as you should automatically assume that any email you send to anyone is compromised and therefore public knowledge, the same for phone conversations. The only way around this is to encrypt if at all possible, though the demand has to rise for things to be more pragmatic and easily accessed. It is still an interesting method, but much like the internet, phone systems were not designed with security as a main priority.

    --
    "It's ok, I'm completely secure as long as my iron is off"
    1. Re:Encryption is the future by DigitAl56K · · Score: 3, Insightful

      GSM has various encryption standards that are supposed to protect calls. But some are weak, and phones using stronger algorithms can be tricked into falling back to the weaker ones. With a fake tower you can probably turn it off completely.

      The problem with encrypting cell conversations is many-fold:
      * Can you rely on the GSM encryption?
      * Can you trust third-party implementations?
      * Even if you run an encrypted VOIP app, can you trust the handset manufacturer? (e.g. not to allow the government to steal your keys from device memory via privileged access)
      * If you can trust the manufacturer, is your device security from nearby wireless attacks? There have been exploits for bluetooth and wifi stacks.
      * Can someone clone your phone?
      * Do you know through systems like CALEA and IP monitoring what details of your conversation will be private vs which will be public and whether that suits your needs? Data mining can probably reveal a lot about who knows who and sequences of events.
      * Instead of expending the effort to break your encryption isn't it easier for someone to bug places you frequently call from?
      * Can you trust the guy on the other end of the line to have been as careful as you have? If not, everything you've done to protect yourself is useless.

      IMO if you have something you need to say to someone in secret a cell phone is a particularly bad way to go about it.