Hacker Builds $1,500 Cell Phone Tapping Device

← Back to Stories (view on slashdot.org)

Hacker Builds $1,500 Cell Phone Tapping Device

Posted by Soulskill on Sunday August 1, 2010 @03:19AM from the snoop-on-the-cheap dept.

We previously discussed security researcher Chris Paget's plans to demonstrate practical cell phone interception at DefCon. Paget completed his talk yesterday, and reader suraj.sun points out coverage from Wired. Quoting: "A security researcher created a $1,500 cell phone base station kit (including a laptop and two RF antennas) that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear. Most of the price is for the laptop he used to operate the system. The device tricks the phones into disabling encryption and records call details and content before they are routed on their proper way through voice-over-IP. The low-cost, home-brewed device ... mimics more expensive devices already used by intelligence and law enforcement agencies — called IMSI catchers — that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that's stronger than legitimate towers in the area. Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice of the cell phone makers, Paget said."

109 comments

Min score:

Reason:

Sort:

Disabled warning by maxwell+demon · 2010-08-01 03:25 · Score: 5, Interesting

If the GSM spec does specify the warning should be there, does that mean the manufacturers are violating their GSM license when they disable that warning? Or could they be sued for false marketing because the phone you bought does not follow the GSM spec despite being called a GSM phone?
In short: Could they be (successfully) sued for it?

--
The Tao of math: The numbers you can count are not the real numbers.
1. Re:Disabled warning by Anonymous Coward · 2010-08-01 03:44 · Score: 2, Informative
  
  No, the SIM Card disables the warning not the phone
2. Re:Disabled warning by erroneus · 2010-08-01 03:44 · Score: 4, Insightful
  
  They would rather violate the license as they would inevitably be protected by the government(s) that demanded things be set as they are.
  A better question would be how can we turn that feature back on?
3. Re:Disabled warning by commodore64_love · 2010-08-01 03:50 · Score: 3, Funny
  
  What's a SIM card? My phone doesn't appear to have one of those.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
4. Re:Disabled warning by Anonymous Coward · 2010-08-01 03:59 · Score: 1, Insightful
  
  Then your phone isn't GSM.
5. Re:Disabled warning by Anonymous Coward · 2010-08-01 04:04 · Score: 0, Offtopic
  
  In short: Could they be (successfully) sued for it?
  No. Obama will simply grant them retroactive immunity. Same protections that were afforded to carriers who snooped on calls without properly documented warrants.
6. Re:Disabled warning by Anonymous Coward · 2010-08-01 04:06 · Score: 0
  
  so... since the SIM card comes from the carrier, you should be able to sue the carrier.
7. Re:Disabled warning by Threni · 2010-08-01 04:08 · Score: 1
  
  > does that mean the manufacturers are violating their GSM license when they disable that warning?
  Maybe. Most shops and pubs in the UK breach their agreements with their acquirers when they either surcharge or impose minimum transaction amounts on debit/credit card transactions. The rules are simple - you can't do it. But I'm not aware of any shops which don't. It's a funny old world, isn't it.
8. Re:Disabled warning by kidgenius · 2010-08-01 04:10 · Score: 1
  
  Then you shouldn't worry (yet) as your phone is CDMA not GSM
9. Re:Disabled warning by uglyduckling · 2010-08-01 04:14 · Score: 1
  
  You're not aware of _any_ shops that don't impose minimum transaction amounts? You need to get out more.
10. Re:Disabled warning by Anonymous Coward · 2010-08-01 04:19 · Score: 4, Insightful
  
  Sheesh! Why sue? That's not the answer to everything unless you're looking for a way to make some cash, or living in a litigation-crazy country like the USA.
  How about a user-driven pressure group to force a change - after all, if someone does manage to screw big bucks out of this:
  1) It'll make some lawyers even more rich.
  2) The phone companies will just pass the cost onto the customers somehow
  Suing the ass off companies just because they don't do things the way you like is just plain crazy.
11. Re:Disabled warning by hitmark · 2010-08-01 04:21 · Score: 1
  
  Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed.
  
  note the bit about the SIM card. That means its AT&T or T-mobile, not apple or HTC, that is suppressing the message. I suspect its done more to avoid tech support calls wondering why the message keeps showing up all the time, as various generations of towers have differing levels of encryption implemented.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
12. Re:Disabled warning by Drgnkght · 2010-08-01 04:36 · Score: 1
  
  No, The GP meant they were not aware of any shops that do not impose such a minimum. It was a little ambiguous, but that was the intent of "The rules are simple - you can't do it. But I'm not aware of any shops which don't." In other words, every shop the GP have ever been in has had minimum transaction amounts or surcharges.
13. Re:Disabled warning by Anonymous Coward · 2010-08-01 05:04 · Score: 0
  
  Any RF engineer worth his salt can and does use a cellphone itself as a radio scanner.
  What will a consumer who spends $1500 hear?
  Ill tell you. Guys and girls cheating on spouse #1
  drug deals #2
  been there done that with old analog Amps Fm cell system
  Is hearing cheating spouses and drug deals worth it?
  I guess you could get rich or jailed for extortion, but is $1500 worth it?
14. Re:Disabled warning by Anonymous Coward · 2010-08-01 05:41 · Score: 0
  
  Yes Sir ,
  Your an Rf engineer Alright, I too have an old AMPs cellphone Bag phone , I heard Cellphone conversation on IF frequency on Radio scanner , Cheating spouses and drug deals and obvious criminal activity is the best stuff , unfortunately people do give account and bank credit card numbers out .
  No you cant buy a radio scanner !
  even if it can receive the frequency range , it cannot receive the digital cellphone audio at all. Isn't it amazing what FCC federal government can accomplish when so called government lawmakers get caught 'red handed'? Which lawmaker By the way was it who got caugh and made it illegal to receive cellphones and cordless phones ;/
15. Re:Disabled warning by Anonymous Coward · 2010-08-01 07:27 · Score: 0
  
  It is a little card that has your ID in it for companies like AT&T and T-Mobile. If you move your sim card from one phone to another it will have the same phone number. CDMA phones require an extra step to change phones because the companies keep record of the IMEI of your phone in their database and that determines what phone rings for your number.
16. Re:Disabled warning by novafluxx · 2010-08-01 07:42 · Score: 1
  
  Agreed 100%. I'm sick of people thinking litigation is the answer yo EVERYTHING. Money does not equate to the problem being solves. If anything those that sue would probably end up settling out of court in secret anyway, and the rest of us get nothing, or if its a class-action suit, those who participate would get $30 USD and the lawyers would make millions.
17. Re:Disabled warning by Anonymous Coward · 2010-08-01 07:44 · Score: 0
  
  Though I agree with your argument's spirit, the bottom line is *most* companies don't care about your wants outside of buying their products or services. They ONLY thing they care about is their bottom line. When you affect the bottom line, then you have their attention. Sad, but that has been my experience for many years.
18. Re:Disabled warning by sznupi · 2010-08-01 08:39 · Score: 1
  
  Quite a lot of GSM phones nowadays don't sit, most of the time, on what could be strictly called a GSM network, too; they use UMTS (accidentally, also utilising a form of CDMA - why this one consortium insisted on using the name of a basic radio method as their branding?).
  So, what, the setup also jamms UMTS? I don't think a 3G phone will really try to use the GSM/TDMA network, as long as UMTS is present...
  
  --
  One that hath name thou can not otter
19. Re:Disabled warning by Anonymous Coward · 2010-08-01 08:40 · Score: 0
  
  They will also hear lots of small talk, like:
  Ill be home late Honey
  get a bottle of milk before you come home
  $1500 for hardware and a requirement to hear 500 -900 hours of idle BS talk isn't worth it
20. Re:Disabled warning by sznupi · 2010-08-01 08:45 · Score: 1
  
  A relativelly small settlements, as most of them are, don't exactly have a guarantee of impacting bottom lines; especially if the costs are passed on.
  Now, if people stopped buying products or services of particular company due to user-driven pressure group...
  
  --
  One that hath name thou can not otter
21. Re:Disabled warning by thePowerOfGrayskull · 2010-08-01 10:15 · Score: 1
  
  Sheesh! Why sue? That's not the answer to everything unless you're looking for a way to make some cash, or living in a litigation-crazy country like the USA.
  You do know that it's possible -- sometimes even necessary -- to sue for remedies other than cash, don't you? These remedies include (but are not limited to) enforcing or nullifying contract or license terms. But hey, don't let the facts get in the way of your prejudices...
22. Re:Disabled warning by soundguy · 2010-08-01 10:34 · Score: 1
  
  Back in the mid-90's I could pick up analog calls with an ancient TV set tuned to around channel 80 on UHF. It was pretty dull. At the time, I had an AT&T bag phone that put out 5 watts. I really miss that phone. It weighed a ton, but the voice quality was vastly superior to digital and it worked pretty much anywhere, even a hundred miles from civilization in the middle of the desert southwest.
  
  --
  Nothing worthwhile ever happens before noon
23. Re:Disabled warning by black3d · 2010-08-01 10:36 · Score: 1
  
  No, they don't violate any license terms by disabling a warning in the GSM spec. No, they could not be succesfully sued for it. The GSM spec is not even a license, it's a set of guidelines for what a phone must be capable of to meet GSM standards. To meet this specification, the phone has to be able to detect it's connected to a tower without an encryption channel, and to display a warning to that effect. All that matters is that the phone is physically able to do this. The standards authority doesn't require it to be enabled, just able to perform the function. For law enforcement purposes, both the authority and the manufacturers understand it's better to have the functionality disabled.
  Sad that folks are always looking for someone to sue.
  
  --
  "The true measure of a person is how they act when they know they won't get caught." - DSRilk
24. Re:Disabled warning by Anonymous Coward · 2010-08-01 10:43 · Score: 0
  
  Is it really an issue Yet?
  Give the $1500.00 worth of parts to a typical consumer , tell that consumer , put these together to receive cellphones
  Aha Most cant do it
  But
  If he kits the thing with good instructions so consumers can use it , I think that will put him on Hells radar screen
  He was worried about breaking laws or being sued and didn't or was reluctant to demo it at DEFCON
  That's smart !
  This isn't
  My first thought would be :
  What might a Billion $$$ cellphone industry profiting big off of GSM do to me and my hacker friends if I threatened their income ? Or just perceive big loses? Big Billion $$$ corporations cant or wont commit crimes and get away with it right?
25. Re:Disabled warning by ncgnu08 · 2010-08-01 10:49 · Score: 1
  
  Lets not forget that GSM will be phased out for UMTS which is already being replaced by LTE...
  
  --
  Member of American Sarcasm Society - Motto: "Like we need your help!"
26. Re:Disabled warning by Anonymous Coward · 2010-08-01 12:02 · Score: 0
  
  Cellphone call What U will hear for $1500and this hackers device
  Hello Honey, I'm going to be late,OK Pick up some Milk.
  Hey don't get mad , but i just spent over $1500 to hear what you just said without using a cellphone and i can hear other wives order their husbands to get milk Too with this radio thing and a computer
  $1500 Dollar for that !
  you Jackass! were getting a divorce !
27. Re:Disabled warning by sirlark · 2010-08-01 20:31 · Score: 1
  
  So then, could the carriers who provide those sim cards be sued? Don't they also make claims about GSM compliance, at least those networks who still use GSM?
28. Re:Disabled warning by dafing · 2010-08-01 20:45 · Score: 1
  
  I still remember a friend bringing his handheld police scanner around a few years ago, it picked up "analog calls", I was TERRIFIED at first, as we heard two burly sounding men talking about "rust on a shitbox Ford", I wasnt sure if they could also hear me! I was quick to change the tuning.
  
  Police Scanners have always seemed unlawful to me, our police force know how they are being heard, and they tell each other to ring a cellphone, "ring me on oh two one....", now I suppose those cellphones will ALSO be cracked into by the radio boffins.
  
  --
  --- ...or a new slashdot signature. Dear aunt, let's set so double the killer delete select all
29. Re:Disabled warning by maxwell+demon · 2010-08-01 21:03 · Score: 1
  
  Give the $1500.00 worth of parts to a typical consumer , tell that consumer , put these together to receive cellphones
  Aha Most cant do it
  I do not care about the typical consumer. I care about the criminal who might get my phone banking credentials.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
30. Re:Disabled warning by maxwell+demon · 2010-08-01 21:11 · Score: 1
  
  Sad that folks are always looking for someone to sue.
  That's a very wrong conclusion. I do think suing should be reserved for important issues. But I also do think that silently breaking security is an important issue. Note the part about silently. It's not an issue if the phone is unencrypted and I know it. It's an issue if I can reasonably believe that it is encrypted, but in reality it isn't. If I know it's insecure, I'll not do any sensitive things on it (like phone banking).
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
31. Re:Disabled warning by Anonymous Coward · 2010-08-01 23:55 · Score: 0
  
  You missed the point , The probability of this happening to you is small
  still the crook needs to hear 899 hours of useless BS
  Its called fear marketing
  Any competent engineer doesn't need this hardware,Any cellphone is this .
  They tap the GSM detector out and manually set the receive synthesizer frequency
  Then a signal line in the phone called something like mute audio enable is set to always enable
  Now the cellphone is a radio scanner , it hears everything on that cell frequency
  te public cant hack cellphones into a Radio scanner
  any competent engineer can
  Not all cellphones lend themselves easily to modification but most do
  But why?
  to hear 800 hour iof BS/
  $1500 we done need no $1500 , they use the cellphone itself
32. Re:Disabled warning by jayme0227 · 2010-08-02 05:16 · Score: 1
  
  Not every lawsuit is about money.
  
  --
  But then I realized the cable was blue, so I only gave it one star. I hate blue.
33. Re:Disabled warning by sznupi · 2010-08-02 21:10 · Score: 1
  
  Well, TBH I don't expect GSM being phased out anytime soon; UMTS (which mostly turned out to be just an addition to GSM, not a replacement) much sooner, I guess, when practically everything for which it makes a difference will be on LTE. But GSM...that seems to be a case of "good enough", and handy when trying to provide pretty much total coverage.
  
  --
  One that hath name thou can not otter
Give it a month by sv_libertarian · 2010-08-01 03:26 · Score: 3, Insightful

The government will mandate better encryption and stronger standards so they maintain their monopoly on being able to intercept phone calls.
1. Re:Give it a month by bsDaemon · 2010-08-01 03:39 · Score: 3, Interesting
  
  Then there will be another 3 years of court cases and lobbying to make the government pay the cell carriers to upgrade their equipment, although much of the issue is on the phones not properly realizing they're on a bogus tower and not providing the required notification. So everyone will have to upgrade phones if they're on a GSM network.
  Of course, we'll be on iPhone 7 by the time AT&T finally concedes to the upgrade, and iPhone 10 by the time its done, and as they're the only GSM carrier of consequence in the US, user upgrades likely won't be an issue 'cause everyone will be clamoring for it while remaining blissfully ignorant of this situation.
  But the reality of the situation is probably closer to the fact that the government will just let this whole thing slide under the assumption that the easier it is to do, the cheaper they'll be able to obtain 3rd-party products to conduct intercepts for investigations.
2. Re:Give it a month by poetmatt · 2010-08-01 03:51 · Score: 4, Interesting
  
  actually, what about the prospect of intercepting our own phone calls?
  As noted if you can do this on a laptop and then voip a call, couldn't people do this at home as a pseudo-femtocell?
3. Re:Give it a month by TooMuchToDo · 2010-08-01 04:57 · Score: 1
  
  Yes, but it's entirely likely you'd be violating FCC regulations running an unlicensed station, as well as running it at power levels you're not licensed for.
4. Re:Give it a month by TooMuchToDo · 2010-08-01 05:34 · Score: 1
  
  My apologies. My post left out the part that the FCC actually aggressively goes after folks who do this on an ongoing basis.
5. Re:Give it a month by Rob+the+Bold · 2010-08-01 05:59 · Score: 3, Informative
  
  Your post seems to convey that people attempting to essentially illegally "wiretap" a cellphone for presumably malicious purposes are going to give half a care about FCC regulations...
  I'd say something about "fail" but I think it goes without saying at this point.
  Presumably, if you're interested in a "pseudo-femtocell" as poetmat mentions in the post to which the GP is replying, you're not doing it for malicious purposes so much as providing cell service somewhere that doesn't get proper coverage from the outside network. In certain buildings, certain terrain, neighborhoods with insufficient towers, that sort of thing. The sort of thing that "legitimate" femtocells are used for.
  I think you have "failed" to consider that this is the application that TooMuchToDo was referring to, not wiretapping or even necessarily doing anything malicious.
  
  --
  I am not a crackpot.
6. Re:Give it a month by Anonymous Coward · 2010-08-01 06:10 · Score: 0
  
  Yes, but it's entirely likely you'd be violating FCC regulations running an unlicensed station, as well as running it at power levels you're not licensed for.
  I have no idea what the FCC regulations are regarding licensing femtocells except I'm sure you're right that they'd want you to have a license.
  As to power, however: if you're operating a femtocell for the benefit of yourself and perhaps neighbors and colleagues because there isn't adequate network coverage, then the transmit power you are using wouldn't have to be that great. You're in close proximity to the instruments you serve, so the 1/d^2 rule is working in your favor. So even transmitting very low power, you could overwhelm the "legitimate" signal, since it's presumably crappy anyway or you wouldn't be wasting your time and money on a personal femtocell.
7. Re:Give it a month by dave562 · 2010-08-01 07:27 · Score: 1
  
  Citation needed. I fully believe that they would like to do so. I doubt that they have the resources and manpower to do it though. Do you have any evidence to the contrary, any articles or other documentation that proves they "aggressively" go after folks "on an ongoing basis."??
8. Re:Give it a month by TooMuchToDo · 2010-08-01 07:43 · Score: 1
  
  http://www.fcc.gov/eb/broadcast/bcenf.html
9. Re:Give it a month by poetmatt · 2010-08-01 08:40 · Score: 1
  
  again, it's not like I care about FCC regulations. In the worst case what would they do if I could even figure out how to do this, tell me to stop? It's not like I'm going to start a bitter personal battle with the government here.
  However, it'd be nice to know if it can be done as that would give people easy options other than the not even remotely adequate ones that our cellular providers have been offering.
  I mean have computer + wireless + internet connection = you should have 90% of the capability right there. So it's a question of what you need to intercept your own signal and femtocell it for probably close to no cost.
10. Re:Give it a month by maxume · 2010-08-01 14:01 · Score: 1
  
  It quickly becomes a question of whether the radio hardware costs more than a phone that will do VOIP over a Wifi connection.
  
  --
  Nerd rage is the funniest rage.
11. Re:Give it a month by Anonymous Coward · 2010-08-01 16:05 · Score: 0
  
  What about inbound calls?
12. Re:Give it a month by poetmatt · 2010-08-02 04:36 · Score: 1
  
  Sadly, there aren't many phones that do voip over wifi. RIM products are about the only ones that do, via UMA.
  I do agree though.
13. Re:Give it a month by Stray7Xi · 2010-08-02 10:44 · Score: 1
  
  As noted if you can do this on a laptop and then voip a call, couldn't people do this at home as a pseudo-femtocell?
  Yes and there's already software to do it:
  http://sourceforge.net/projects/openbootts/
"deliberate choice" by Manip · 2010-08-01 03:27 · Score: 5, Insightful

So wait, law enforcement use a method to interception that would be compromised if that warning was displayed, and phone manufacturers fail to enable such a warning? Call my a conspiracy nut but perhaps they were asked not to include such a warning for exactly that reason. It wouldn't be the first time the government has asked private industry to make it easier to snoop.
1. Re:"deliberate choice" by Anonymous Coward · 2010-08-01 04:10 · Score: 0
  
  No. The phone manufacturers deliver a product acording to the GSM Standard what includes a warning when using an unencrypted network. It's the *carriers* that disable the warning via the SIM card 'cause they fear more supportcalls when a user roams into an unencrypted network like india or china.
  (captcha: Pothole. How does slashdot know that??)
2. Re:"deliberate choice" by stonewallred · 2010-08-01 04:14 · Score: 1
  
  Uh, think the NSA got the telecoms to do more than make it easier to snoop.
3. Re:"deliberate choice" by hitmark · 2010-08-01 04:16 · Score: 4, Interesting
  
  have GSM encryption ever been about end to end encryption? My understanding is that the encryption only covers the radio signal, so that someone with a radio scanner cant just grab the call out of the air. The police can get a warrant and make a call to the telco and have them set up a tap at the base station or some other convenient place.
  i suspect the message is not there more out of convenience, as the message would be popping up all the time when going between stations of various generations. Also, we seem to be confusing handset makers (nokia, HTC, apple etc) with the telcos (AT&T, T-mobile). From the summary, its the SIM, not the phone, that says if the message should show or not. That means its the telcos that suppress the message, not the handsets. given the number of involved parties in the mobile phone business, it helps to place the blame where it belongs.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
4. Re:"deliberate choice" by Sique · 2010-08-01 04:26 · Score: 1
  
  It's not just about law enforcement. India for example forbids encrypted phone calls completely. If the warning was turned on, phones in India would complain about non encrypted connections with every reconnect to an antenna.
  
  --
  .sig: Sique *sigh*
5. Re:"deliberate choice" by Auckerman · 2010-08-01 04:42 · Score: 3, Funny
  
  Call my a conspiracy nut
  Not a problem, I'll get his number from the CIA.
  
  --
  
  Burn Hollywood Burn
6. Re:"deliberate choice" by Anonymous Coward · 2010-08-01 05:52 · Score: 0
  
  So wait, law enforcement use a method to interception that would be compromised if that warning was displayed, and phone manufacturers fail to enable such a warning? Call my a conspiracy nut
  No, you are a conspiracy nut. The government doesn't need to do this elaborate sort of thing.
  The government gets the phone company to record the phone call instead. Much easier, no fuss, no muss, and completely undetectable by the phone user.
7. Re:"deliberate choice" by Anonymous Coward · 2010-08-01 07:07 · Score: 0
  
  Call my a conspiracy nut
  
  Tried, but noone was answering the phone at the nsa...
8. Re:"deliberate choice" by Anonymous Coward · 2010-08-01 14:52 · Score: 0
  
  Law enforcement agencies do NOT use this method for interception. Never had and never will. They simply contact the carriers Law Enforcement liaison unit, provide the necessary paperwork (warrant or similar depending on jurisdiction) and the intercept is provided by the carrier from the "backend" via the in-build interception mechanisms in every mobile/fixed network deployed worldwide.
9. Re:"deliberate choice" by oiron · 2010-08-01 21:15 · Score: 1
  
  That's end-to-end encryption. Encryption on the radio is still allowed, and probably regularly used. They tap into the signal at the operator's switchboard, not over ether.
Which SIM card to buy by Anonymous Coward · 2010-08-01 03:29 · Score: 1, Insightful

So which manufacturers/service providers leave the encryption warning intact?
Some interesting and troubling points by UnknowingFool · 2010-08-01 03:30 · Score: 4, Informative

The device works only on 2G GSM. While Chris Paget did not demonstrate it, he noted that he could also set up the device to block 3G signals and thus force all calls through 2G.

--
Well, there's spam egg sausage and spam, that's not got much spam in it.
1. Re:Some interesting and troubling points by Anonymous Coward · 2010-08-01 03:59 · Score: 0
  
  Once again, I'm glad I'm on CDMA with Verizon Wireless.
2. Re:Some interesting and troubling points by citizenr · 2010-08-01 05:05 · Score: 3, Informative
  
  GSM blocker is only $30 on dealextreme
  http://www.dealextreme.com/details.dx/sku.28714
  if you only screw 3G antenna it will block 2110~2170MHz leaving 930~960MHZ alone
  
  --
  Who logs in to gdm? Not I, said the duck.
If it is the SIM card disabling the warning?? by Sigurd_Fafnersbane · 2010-08-01 03:31 · Score: 3, Insightful

Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice on the cell phone makers, Paget said."
I am not sure I understand the above text. If it is the SIM card disabling the setting, why is this then labeled a deliberate choice by the cell phone makers?
Also I have seen at least on numerous Nokia mobile phones that an icon in the display notify you at least in some instances when encryption is disabled. (This happen quite frequently in e.g. China).
1. Re:If it is the SIM card disabling the warning?? by maxwell+demon · 2010-08-01 03:36 · Score: 5, Insightful
  
  I am not sure I understand the above text. If it is the SIM card disabling the setting, why is this then labeled a deliberate choice by the cell phone makers?
  Why can SIM cards disable the warning? Well, clearly because the cell phone allows the SIM card to disable the warning.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
2. Re:If it is the SIM card disabling the warning?? by Sigurd_Fafnersbane · 2010-08-01 03:47 · Score: 1
  
  If that is the case, it must be specified how a SIM card request this blocking from the phone. Otherwise this is not likely to work between different manufacturers of phones and SIM cards. If there is a specified way of doing this it must be within the GSM protocol to do so.
  Alternatively this is a behavior specified by certain network operators who buy phones and SIM cards in bulk and mandate an in-official spec extension from both the SIM card and the phone manufacturer.
  In the latter case I think the problem is with the operator. You cannot blame Nokia, Motorola, Samsung, Apple etc., from making business with AT&T, Vodafone, Hutchinson and the like. If an extra feature is a requirement for selling to these operators in the first place what are you to do? The customer is always right and in the subsidized markets the customer is the operator and not the punter using the phone.
3. Re:If it is the SIM card disabling the warning?? by Hal_Porter · 2010-08-01 04:06 · Score: 1
  
  I had an old Sony Ericsson K600i with a European SIM on a couple of trips to China and it would always warn about encryption being disabled.
  There's no need for a the intelligence service of the US or an EU country to do this - they can just tell the telco to do a lawful interception even on an encrypted line because lawful interceptions happen inside the network after the call has been decrypted.
  Whether they disable the warning on Chinese SIMs I've no idea. I actually think most of the Chinese system is based on self censorship - so if people get the warning it's a non too subtle reminder that the government is listening.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
4. Re:If it is the SIM card disabling the warning?? by Hal_Porter · 2010-08-01 04:25 · Score: 1
  
  It's probably part of the GSM and 3G specifications to allow for unencrypted networks.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
5. Re:If it is the SIM card disabling the warning?? by hitmark · 2010-08-01 04:26 · Score: 1
  
  operators in some parts of the world loves to mess with phone firmwares. Thats one reason why symbian phones never made it big in USA, as nokia didnt like them doing so.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
That easy? by synoniem · 2010-08-01 03:39 · Score: 1

I find it quite astonishing that it is that easy to intercept GSM calls. And that phonemakers disable this warning is even more astonishing!
Ou of interest... by muckracer · 2010-08-01 03:48 · Score: 1

So what are the currently available options for true end-to-end encryption between cell phones anyway?
1. Re:Ou of interest... by fuzzyfuzzyfungus · 2010-08-01 04:19 · Score: 1
  
  Nothing, to the best of my knowledge, has been standardized(the encryption used to protect the inherently-vulnerable-to-nearby-eavesdropping wireless signals may be better or worse; but the carrier is treated as trusted).
  
  On the plus side, now that quite powerful phones with general-purpose computer capabilities and fast data connections are available, there isn't anything stopping you from applying any of the technologies used by computers to protect data traveling over the public internet to your phone. You just won't be able to do so with anybody who hasn't set up something compatible.
2. Re:Ou of interest... by hitmark · 2010-08-01 04:28 · Score: 1
  
  sip software with 128-bit or stronger public key encryption that only uses the mobile network as a data carrier?
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
3. Re:Ou of interest... by Paracelcus · 2010-08-01 06:53 · Score: 1
  
  I already posted this further up, just Google Phonecrypt
  
  --
  I killed da wabbit -Elmer Fudd
4. Re:Ou of interest... by stonewallred · 2010-08-01 07:31 · Score: 1
  
  Don't say anything you don't want recorded by the police. Don't have phone turned on or even have battery installed if you don't want location noted by police. Communicate strictly by F2F meetings held in a cone of silence.
5. Re:Ou of interest... by PPH · 2010-08-01 11:46 · Score: 1
  
  there isn't anything stopping you from applying any of the technologies used by computers to protect data traveling over the public internet to your phone.
  Steve Jobs saying, "That app isn't authorized."
  
  --
  Have gnu, will travel.
6. Re:Ou of interest... by fuzzyfuzzyfungus · 2010-08-01 11:58 · Score: 1
  
  I'm operating on the understanding that any iPhone you haven't jailbroken isn't actually your phone, it's just a leased device that you managed to pick up all the financial responsibility for...
7. Re:Ou of interest... by PPH · 2010-08-01 12:05 · Score: 1
  
  And its not really yours even if you jailbreak it. In spite of a recent court ruling allowing users to jailbreak their equipment, there's nothing stopping the vendor or service provider from pushing out updates to re-take the phones.
  
  --
  Have gnu, will travel.
how would one reenable this warning setting by electrogeist · 2010-08-01 03:50 · Score: 1

on iphone and android?
1. Re:how would one reenable this warning setting by kidgenius · 2010-08-01 04:20 · Score: 3, Insightful
  
  Here's the easiest way....have this guy not only publish his results, but his methods too. Put the plans up for free download so anyone can follow his plans and build such a device. When hundreds (or thousands) of these devices start popping up and people are getting spied on by their fellow citizens, there will be an outrage! (silly emphasis). After that, the manufacturers may start including the warnings. Note: using one of these devices probably already violates various cyber-laws, so that threat wouldn't deter many if it's hard to be caught.
2. Re:how would one reenable this warning setting by Vellmont · 2010-08-01 04:38 · Score: 1
  
  When hundreds (or thousands) of these devices start popping up and people are getting spied on by their fellow citizens, there will be an outrage! (silly emphasis)
  
  Heh. Like say the "outrage" of 20 years ago during the analogue era of cell phone when anyone with a scanner could listen in on cell phone calls? This was widely reported at the time. The response? Ban scanner makers from selling devices capable of receive on cell phone frequencies.
  This kind of thing has been going on since wireless phones have been invented. 30 years ago it was listening in on cordless phones. People outrage lasts about until the next commercial and then they forget about it.
  
  --
  AccountKiller
Root cause by cliffjumper222 · 2010-08-01 04:06 · Score: 3, Informative

The root cause of this weakness is that whereas the 2G network can authenticate the handset (both the SIM and the ME), the handset cannot authenticate the network. It's assumed the 2G network is trustworthy, which in this case, it isn't. There's a stack load of problems with 2G (GSM) security including unilateral authentication, which leads to network impersonation; weak encryption (short keys and broken algorithms); lack of end-to-end or virtually end-to-end encryption; weak confidentiality; no data integrity algorithms; lack of visibility to the user that encryption is on, etc. A lot of these are fixed in 3G. See http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300.pdf and http://www.arib.or.jp/IMT-2000/ARIB-spec/ARIB/21133-310.PDF. In this second PDF, section A.4 Hijacking of services describes this attack.
1. Re:Root cause by hitmark · 2010-08-01 04:32 · Score: 1
  
  well, the GSM standard is nearly 20 years old now. Thats a lot of time in the tech world.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
More likely the government? by Low+Ranked+Craig · 2010-08-01 04:07 · Score: 1

this is a deliberate choice on the cell phone makers, Paget said.
After having been told to do so by the carriers who were told to do so by the intelligence collecting agencies of various governments via their respective communications ministries no doubt.

--
I still cannot find the droids I am looking for...
1. Re:More likely the government? by PPH · 2010-08-01 11:42 · Score: 1
  
  After having been told to do so by the carriers who were told to do so by the intelligence collecting agencies of various governments via their respective communications ministries no doubt.
  But it sounds so much nicer to say 'volunteer' after we remove the electrodes from your testicles (or drag your companies tax returns through every conceivable tax audit if you are inside the USA, where we don't do the testicle thing).
  
  --
  Have gnu, will travel.
Verizon by Digital+Pizza · 2010-08-01 04:08 · Score: 1

It'd be funny if Verizon used this as an advertising slam against the iPhone and ATT (though of course they won't). I wonder if something like this could be done against CDMA?

--
We apologize for the inconvenience.
1. Re:Verizon by hitmark · 2010-08-01 04:35 · Score: 1
  
  it would surprise me if not. Tho being a lesser used system, its a less interesting target.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Hak5 by doronbc · 2010-08-01 04:09 · Score: 3, Informative

He actually gave a talk about this on Hak5. It seemed it could be accomplished using an USRP and OpenBootTS
1. Re:Hak5 by Steauengeglase · 2010-08-01 17:07 · Score: 1
  
  It worries me that the USRP gets so much press. I'm sure it is good for ETTUS in the short term, but eventually the FCC is going to do some shit kicking when the masses realize that not only does such a thing exists, but that anyone can purchase it for $700. Lord help HAM radio operators and other RF hobbyist if 60 Minutes does a piece on it. They already have a hard enough time being viewed as whack jobs, adding "potential domestic terrorist" won't help.
Haha by X.25 · 2010-08-01 05:09 · Score: 3, Interesting

I can't even explain how common this thing is, and how many geeks are playing with it.
He didn't actually *build* the hardware, he purchased it - some smart people actually build these things, and hobbyists play with it.
Why this guy felt like he had to take a credit for it is beyond me.
1. Re:Haha by MacGyver2210 · 2010-08-01 06:01 · Score: 1
  
  That's like saying "Oh cell phones are old news, this guy shouldn't take credit for hacking them".
  Yes, radio transceivers are old news. No, not many other people use them in this way, and on these frequencies, and for this purpose, which is why this talk even made it to DefCon. Also, not many people understand the GSM spec well enough to circumvent(turn off) the encryption or to force use of the weaker 2G network.
  If, as you claim, geeks are constantly doing this:
  1. There would be a lot more geeks in Jail
  2. This wouldn't have been worthy of a DefCon presentation
  Quit being a wannabe hater and go learn what it actually does.
  
  --
  If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
2. Re:Haha by Anonymous Coward · 2010-08-01 08:09 · Score: 3, Insightful
  
  I can't even explain how common this thing is, and how many geeks are playing with it.
  Try using a car analogy.
  
  Why this guy felt like he had to take a credit for it is beyond me.
  As clearly linked, Paget is demonstrating . This is the community equivalent of science journal peer review -- it's separating the facts from the FUD. This is Investigative Reporting, the third leg that Democracy stands on.
  That is creditable, quite unlike "I can't even explain how common this thing is, and how many geeks are playing with it", which is as credible as any other sniggering teenager remark that's designed to say "I'm so cool and in the know, and you're so not."
GSM doesn't look so easy here by rduke15 · 2010-08-01 05:13 · Score: 1

These guys may be able to intercept cell calls, but I can't even send an SMS message with Wammu on my Ubuntu machine.
The built-in Sony Ercicsson F3507g modem works for Mobile Broadband through Network Manager, but Wammu cannot use it to send an SMS.
And it doesn't work with my external phone either. On the rare occasions when Wammu can find the phone, it says it sent the SMS, but in fact it didn't.
So I sure admire these guys who can intercept calls with a laptop, while I need an XP virtual machine so that I can reliably send SMSes using "MyPhoneExplorer"...
1. Re:GSM doesn't look so easy here by Y-Crate · 2010-08-01 06:00 · Score: 1
  
  You know what's going to happen, right? One day some setting will be changed somewhere in your provider's network, and the avalanche of SMS messages floating around in a buffer somewhere are going to finally reach their intended recipients. Very, very, very late. ;)
Slashdotters are fixated on "privacy"... by John+Hasler · 2010-08-01 06:23 · Score: 1

...but if I had a GSM phone (I have no cellphone at all, actually) I'd be a lot more interested in using this to set up my own cell and route my calls over the Net.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
No outrage will happen by rsborg · 2010-08-01 06:42 · Score: 0, Troll

When hundreds (or thousands) of these devices start popping up and people are getting spied on by their fellow citizens, there will be an outrage! (silly emphasis).
Fact is, the GSM security notification was circumvented so the government(s) could snoop in on your conversations. Re-enabling security notifications would render many operational spy-jobs and much equipment (at the lowest levels) useless. For this reason alone, I'm pretty sure that there will be no outrage and no media circus. Instead the issue will be quietly ignored and (some) folks who run this kit will be sent to Guantanamo. All at the expense of our real security... think twice about sending CC details over a cell phone.

--
Make sure everyone's vote counts: Verified Voting
1. Re:No outrage will happen by TheLink · 2010-08-01 07:07 · Score: 1
  
  The government could already snoop in on your GSM conversations.
  1) If there's encryption enabled, it ends at the tower. After that they can listen in.
  2) GSM encryption was intentionally designed to be weak enough to crack:
  http://en.wikipedia.org/wiki/A5/1
  http://groups.google.com/group/uk.telecom/msg/ba76615fef32ba32
  The lack of these security notifications just makes snooping even easier than it already is.
  --
  
  Too many replies beneath your current threshold
A work-around! by Paracelcus · 2010-08-01 06:49 · Score: 1

http://www.phonecrypt.com/

--
I killed da wabbit -Elmer Fudd
1. Re:A work-around! by TheLink · 2010-08-01 06:55 · Score: 1
  
  I use a phone to communicate with other people. Not to talk to myself and an imaginary friend that uses phonecrypt.
  --
  
  Too many replies beneath your current threshold
2. Re:A work-around! by commodore64_love · 2010-08-01 09:21 · Score: 1
  
  +1 insightful
  I barely use my phone at all (which is why it only costs me $5 a month), but I am concerned about the future if I ever decide to get an internet-capable phone. I don't want police spying on me without a warning that the encryption had been turned off.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
3. Re:A work-around! by Kozz · 2010-08-01 09:43 · Score: 1
  
  I use a phone to communicate with other people. Not to talk to myself and an imaginary friend that uses phonecrypt.
  And you've also just summed up why people don't use PGP/GPG, for better or worse.
  
  --
  I only post comments when someone on the internet is wrong.
4. Re:A work-around! by TheLink · 2010-08-01 15:01 · Score: 1
  
  Yeah it'll be nice if more people used crypto.
  
  Ubuntu is helping in some ways- they've made it easy for normal users to have their home directory encrypted (so all that talk about Ubuntu not contributing enough is bullshit).
  
  Even more than 10 years ago I think many email programs actually had support for S/MIME. But that design required CAs and $$$ (yes there could be free CAs or people could set one up themselves, but good luck with getting the public to do that).
  
  Whereas if the architecture was more like ssh, lots of people would be using encryption. e.g. if you send a message you have an option to "send encrypted" and it would include a public key in the message if it's the first time the email program is sending to any of the recipients.
  
  But of course there would be fewer opportunities for various parties to collect a yearly "tax" on, and I'm sure various governments wouldn't want such widespread use of crypto.
  --
  
  Too many replies beneath your current threshold
5. Re:A work-around! by bill_mcgonigle · 2010-08-02 02:35 · Score: 2, Insightful
  
  I am concerned about the future if I ever decide to get an internet-capable phone. I don't want police spying on me without a warning that the encryption had been turned off.
  Assume they are - do you encryption at the application layer, or at least with a VPN you control.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
You are just 100% plain sick. by Anonymous Coward · 2010-08-01 14:37 · Score: 0

If a company is working on my dollar, then they'll do as I expect. Phone systems on the Cell Service were always open and non-encrypted no different than a WiFi HUB that cascaded it's WAN to another WiFi Hub encapsulated somewhere else using a MicroWave'd link. They are the same frequencies used by Amateur Radio HAM operators where they too could call someone up. The fee only went to the service of a Cell Service between it's bridges to other networks who had subscribing clients. Then they got greedy to the local internation operators (HAM's) and forced the encryption of the entire network but use proprietary means of selling Cell Phones that would be much more useful if the people could remove encryption to use as 2-way like they used too. The truth is a Cell Phone is nothing more than a tranceiver with a PDA computer that was crippled by the carrier's agenda. So many of these devices are thrown away and wasted and littered into the environment just because of someone's jealousy to do as a HAM radio operator (individual) but without the liability because they are a for-profit company with a regulated corporation.
Can you imagine if everyone had open use of their Cell Phone, and every one was it's own peer'd access point in a Bittorrent-style of repeated redundant network of shared routes? Who needs Cell Phone Towers when properly-written software on those PDA's could geographicall navigate communications just by pressence alone?
GSM Cell Phone Interception by Anonymous Coward · 2010-08-04 03:18 · Score: 0

There are lawsuits in the U.S. District Court for Northern District of Illinois right now. A law firm is accused of using IMSI catcher to grab someone's cell phone calls during an EEOC investigation.
The cases go to trial later this year. FBI has been informed.