Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Builds $1,500 Cell Phone Tapping Device

Posted by Soulskill on from the snoop-on-the-cheap dept.

We previously discussed security researcher Chris Paget's plans to demonstrate practical cell phone interception at DefCon. Paget completed his talk yesterday, and reader suraj.sun points out coverage from Wired. Quoting: "A security researcher created a $1,500 cell phone base station kit (including a laptop and two RF antennas) that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear. Most of the price is for the laptop he used to operate the system. The device tricks the phones into disabling encryption and records call details and content before they are routed on their proper way through voice-over-IP. The low-cost, home-brewed device ... mimics more expensive devices already used by intelligence and law enforcement agencies — called IMSI catchers — that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that's stronger than legitimate towers in the area. Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice of the cell phone makers, Paget said."

1 of 109 comments (clear)

  1. No outrage will happen by rsborg · · Score: 0, Troll

    When hundreds (or thousands) of these devices start popping up and people are getting spied on by their fellow citizens, there will be an outrage! (silly emphasis).

    Fact is, the GSM security notification was circumvented so the government(s) could snoop in on your conversations. Re-enabling security notifications would render many operational spy-jobs and much equipment (at the lowest levels) useless. For this reason alone, I'm pretty sure that there will be no outrage and no media circus. Instead the issue will be quietly ignored and (some) folks who run this kit will be sent to Guantanamo. All at the expense of our real security... think twice about sending CC details over a cell phone.

    --
    Make sure everyone's vote counts: Verified Voting