AT&T Won't Block Black Hat Eavesdropping Demo

← Back to Stories (view on slashdot.org)

AT&T Won't Block Black Hat Eavesdropping Demo

Posted by samzenpus on Wednesday July 28, 2010 @02:37PM from the enough-rope-to-hang-yourself dept.

snydeq writes "AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week. Hacker Chris Paget last week said that he plans to demonstrate on Saturday how to set up what's essentially a fake cell tower that allows him listen in on nearby mobile calls. But Tuesday, he wrote on his blog that he had 'heard that AT&T may be considering suing me to stop my talk.' AT&T, however, has insisted it has no plans to interfere with the talk."

7 of 126 comments (clear)

Min score:

Reason:

Sort:

AT&T Doesn't Care by OverlordQ · 2010-07-28 14:43 · Score: 4, Insightful

But what about the types of people that actually enforce the wiretapping and interception laws?

--
Your hair look like poop, Bob! - Wanker.
Ya forget AT&T, ask the FBI by Sycraft-fu · 2010-07-28 15:02 · Score: 4, Insightful

I'm still not very convinced this is legal, and you want to be sure. While they might well say "It isn't like he caused any harm, just let it slide," they also might now. The law is the law and all that. Plus maybe some company pressures them in to it. Some provider who gets mad says "Hey, you need to charge this guy, he broke wiretapping laws!"
When you are doing something all on your own equipment in a controlled environment, then sure you are good to go. So having a lab with what you need and trying it on your own stuff, that is legal. However intercepting random people in the area of your tower? Don't think that is legal, doesn't matter if you are doing it as a demonstration or not.
1. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-28 15:13 · Score: 5, Insightful
  
  "I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal."
  
  It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
2. Re:Ya forget AT&T, ask the FBI by causality · 2010-07-28 15:41 · Score: 4, Interesting
  
  "I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal." It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.
  I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.
  
  Before CD players in cars were common, you could get standalone CD players that broadcast the audio in the FM band. The car's radio/tape-player could be set to FM and turned to that frequency to pick up the audio from the CD. This was acceptable because the transmitter is in the same vehicle as the FM radio, so tiny power levels were sufficient.
  
  I admit that I am not a lawyer and don't know much about FCC regulations. I get the impression they're not an agency with a sense of humor, and one you wouldn't want to have to deal with. Still, would cell frequencies be given some special treatment that is not given to FM radio frequencies?
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
3. Re:Ya forget AT&T, ask the FBI by Vellmont · 2010-07-28 16:23 · Score: 4, Insightful
  
  "Hey, you need to charge this guy, he broke wiretapping laws!"
  
  That might be just a bit difficult to convince a jury, given that his "wiretapping" is going to be limited to a small area that likely includes just the conference room full of people their for expressly this purpose, for not particularly long. If anyone doesn't want to be "wiretapped" perhaps they can restrain themselves and not make any phone calls during that short period in that room.
  Why is it that some people are always so convinced "the law" is something like the laws of physics that's set in stone and not interpreted for a specific purpose?
  I'm guessing he'll be breaking FCC regulations. If someone wants to make some big complaint about the few minutes he'll be running his demo, well I'd help contribute to whatever pathetic fine they might try to assess. In reality this would never happen since the FCC has better things to do.
  
  --
  AccountKiller
Remeber Adobe? by PinkyGigglebrain · 2010-07-28 16:31 · Score: 4, Insightful

Anyone else remember how Adobe got the FBI to arrest and charged Sklyarov?

It doesn't matter what some mediadroid says. All it would take is one phone call from the right person at AT&T to the right person in the DOJ.

AT&T could deny any and all prior knowledge when the Feds arrest the presenter for breaking some law or another. Hell, AT&T could even call for his release afterward knowing that history would repeat itself.

Considering how big AT&T is again there really isn't anything anyone can do even if they did move openly. Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.
Re:Glad AT&T is not being evil (this time) by klingens · 2010-07-28 16:59 · Score: 4, Informative

There already was a public talk about this GSM vulnerability last december. Back then, the group cracking the protocol didn't have the hard/software to demultiplex the connections a GSM basestation has to handle in realtime. That problem is now solved and so the hack is fully functional. The rainbowtables needed to crack the protocol were publicly created for almost all of 2009. The GSM industry had PLENTY of time to react and get their shit together, instead they stonewalled, ignored and threatened the hacking group as Mr. Piaget described back in his December 2009 talk.
The DECT industry group for cordless phones who use a similar encryption method but weaker as GSM had their protocol examined bofore that in 2008 or so by the same people. When the hackers approached the DECT people they were basically welcomed and both, DECT group and hackers, worked together on fixing the protocol, spec and especially implementations.
Ironically the DECT industry group and the GSM association is made of largely of the same companies...