Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Won't Block Black Hat Eavesdropping Demo

Posted by samzenpus on from the enough-rope-to-hang-yourself dept.

snydeq writes "AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week. Hacker Chris Paget last week said that he plans to demonstrate on Saturday how to set up what's essentially a fake cell tower that allows him listen in on nearby mobile calls. But Tuesday, he wrote on his blog that he had 'heard that AT&T may be considering suing me to stop my talk.' AT&T, however, has insisted it has no plans to interfere with the talk."

10 of 126 comments (clear)

  1. Rumour? by amirulbahr · · Score: 3, Informative

    So he blogged that he heard that AT&T might sue him to stop the talk, AT&T deny the rumour, it makes headlines.

  2. Re:Glad AT&T is not being evil (this time) by DJRumpy · · Score: 2, Informative

    The right thing is to give these companies time to respond and to close potential security vulnerabilities before the information goes public. In this case, that obviously is not going to happen (by that I mean addressing vulnerabilities). I hate that they have to release this information in such a public way and wish they wouldn't, but I see the need for it all the same.

  3. Re:Glad AT&T is not being evil (this time) by ScrewMaster · · Score: 3, Informative

    Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.

    Time was when "research" and "AT&T" were damn near synonymous. But yeah, it's good that they're keeping the sharks in check.

    --
    The higher the technology, the sharper that two-edged sword.
  4. Defcon != Blackhat by baeyogin · · Score: 2, Informative

    Different conference. My understanding is that the EFF is involved, and signs are being posted around the perimeter. Either way, I won't be using a GSM enabled phone. Should be interesting.

    1. Re:Defcon != Blackhat by Anonymous Coward · · Score: 2, Informative

      No, what baeyogin was saying is that the "Black Hat" conference takes place before DEFCON. They're both in Vegas, and Black Hat is the 28th-29th, while DEFCON comes afterwards.

      There's nothing 'non-' or 'un-blackhat' about DEFCON.

  5. Re:Glad AT&T is not being evil (this time) by klingens · · Score: 4, Informative

    There already was a public talk about this GSM vulnerability last december. Back then, the group cracking the protocol didn't have the hard/software to demultiplex the connections a GSM basestation has to handle in realtime. That problem is now solved and so the hack is fully functional. The rainbowtables needed to crack the protocol were publicly created for almost all of 2009. The GSM industry had PLENTY of time to react and get their shit together, instead they stonewalled, ignored and threatened the hacking group as Mr. Piaget described back in his December 2009 talk.
    The DECT industry group for cordless phones who use a similar encryption method but weaker as GSM had their protocol examined bofore that in 2008 or so by the same people. When the hackers approached the DECT people they were basically welcomed and both, DECT group and hackers, worked together on fixing the protocol, spec and especially implementations.
    Ironically the DECT industry group and the GSM association is made of largely of the same companies...

  6. Re:Glad AT&T is not being evil (this time) by evilviper · · Score: 2, Informative

    Time was when "research" and "AT&T" were damn near synonymous.

    There was a time when Nuclear Power Plants and "Westinghouse" were nearly synonymous, yet now they're making cheap toasters that don't work.

    The "AT&T" of today only happens to use the same name as the "AT&T" of years ago. Other than that, they died out entirely, much like Polaroid. What's now calling itself AT&T is, in fact, SBC, and has all the baggage associated with that shiftless company.

    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  7. Re:Ya forget AT&T, ask the FBI by GrumblyStuff · · Score: 2, Informative

    From what I've heard of jury duty and from people I know who have had jury duty, they strongly emphasis only whether or not the law was broken and will screen for anyone thinking. Guess if they can't get a plea bargin, they go for the next easiest thing.

  8. Re:Ya forget AT&T, ask the FBI by msauve · · Score: 3, Informative

    I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.

    Nope, not as a general rule. What you're thinking of are the small FM radio band transmitters (such as used for iPod to car radio), which the FCC allows under a specific rule (47 CFR 15.239) which limits their output. No such rule is available for someone wanting to operate their own cell site. It's illegal, regardless of how low the power or how short the range. Another poster mentioned a Faraday cage; still illegal (even though you'd be unlikely to get caught).

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  9. Re:Ya forget AT&T, ask the FBI by msauve · · Score: 2, Informative
    The ones which are sold by carriers to consumers are authorized under the carrier's license, the same way the cell phones themselves are. 47 CFR 22.3:

    Authority for subscribers to operate mobile or fixed stations in the Public Mobile Services ... is included in the authorization held by the licensee providing service to them.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law