Hacker Builds $1,500 Cell Phone Tapping Device - Slashdot

Slashdot

Hacker Builds $1,500 Cell Phone Tapping Device 109

Posted by Soulskill on Sunday August 01, 2010 @11:19AM
from the snoop-on-the-cheap dept.

We previously discussed security researcher Chris Paget's plans to demonstrate practical cell phone interception at DefCon. Paget completed his talk yesterday, and reader suraj.sun points out coverage from Wired. Quoting: "A security researcher created a $1,500 cell phone base station kit (including a laptop and two RF antennas) that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear. Most of the price is for the laptop he used to operate the system. The device tricks the phones into disabling encryption and records call details and content before they are routed on their proper way through voice-over-IP. The low-cost, home-brewed device ... mimics more expensive devices already used by intelligence and law enforcement agencies — called IMSI catchers — that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that's stronger than legitimate towers in the area. Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice of the cell phone makers, Paget said."

This discussion has been archived. No new comments can be posted.

Hacker Builds $1,500 Cell Phone Tapping Device

Search 109 Comments Log In/Create an Account

Comments Filter:

Give it a month (Score:4, Insightful)

by sv_libertarian (1317837) writes: on Sunday August 01, 2010 @11:26AM (#33101242) Journal

The government will mandate better encryption and stronger standards so they maintain their monopoly on being able to intercept phone calls.

Share
twitter facebook linkedin
"deliberate choice" (Score:5, Insightful)

by Manip (656104) writes: on Sunday August 01, 2010 @11:27AM (#33101254)

So wait, law enforcement use a method to interception that would be compromised if that warning was displayed, and phone manufacturers fail to enable such a warning? Call my a conspiracy nut but perhaps they were asked not to include such a warning for exactly that reason. It wouldn't be the first time the government has asked private industry to make it easier to snoop.

Share
twitter facebook linkedin
Which SIM card to buy (Score:1, Insightful)

by Anonymous Coward writes: on Sunday August 01, 2010 @11:29AM (#33101260)

So which manufacturers/service providers leave the encryption warning intact?

Share
twitter facebook linkedin
If it is the SIM card disabling the warning?? (Score:4, Insightful)

by Sigurd_Fafnersbane (674740) writes: on Sunday August 01, 2010 @11:31AM (#33101274)

Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice on the cell phone makers, Paget said."
I am not sure I understand the above text. If it is the SIM card disabling the setting, why is this then labeled a deliberate choice by the cell phone makers?
Also I have seen at least on numerous Nokia mobile phones that an icon in the display notify you at least in some instances when encryption is disabled. (This happen quite frequently in e.g. China).

Share
twitter facebook linkedin
Re:If it is the SIM card disabling the warning?? (Score:5, Insightful)

by maxwell demon (590494) writes: on Sunday August 01, 2010 @11:36AM (#33101298) Journal

I am not sure I understand the above text. If it is the SIM card disabling the setting, why is this then labeled a deliberate choice by the cell phone makers?
Why can SIM cards disable the warning? Well, clearly because the cell phone allows the SIM card to disable the warning.

Parent Share
twitter facebook linkedin
Re:Disabled warning (Score:5, Insightful)

by erroneus (253617) writes: on Sunday August 01, 2010 @11:44AM (#33101334) Homepage

They would rather violate the license as they would inevitably be protected by the government(s) that demanded things be set as they are.
A better question would be how can we turn that feature back on?

Parent Share
twitter facebook linkedin
Re:Disabled warning (Score:1, Insightful)

by Anonymous Coward writes: on Sunday August 01, 2010 @11:59AM (#33101386)

Then your phone isn't GSM.

Parent Share
twitter facebook linkedin
Re:Disabled warning (Score:4, Insightful)

by Anonymous Coward writes: on Sunday August 01, 2010 @12:19PM (#33101492)

Sheesh! Why sue? That's not the answer to everything unless you're looking for a way to make some cash, or living in a litigation-crazy country like the USA.
How about a user-driven pressure group to force a change - after all, if someone does manage to screw big bucks out of this:
1) It'll make some lawyers even more rich.
2) The phone companies will just pass the cost onto the customers somehow
Suing the ass off companies just because they don't do things the way you like is just plain crazy.

Parent Share
twitter facebook linkedin
Re:how would one reenable this warning setting (Score:4, Insightful)

by kidgenius (704962) writes: on Sunday August 01, 2010 @12:20PM (#33101506)

Here's the easiest way....have this guy not only publish his results, but his methods too. Put the plans up for free download so anyone can follow his plans and build such a device. When hundreds (or thousands) of these devices start popping up and people are getting spied on by their fellow citizens, there will be an outrage! (silly emphasis). After that, the manufacturers may start including the warnings. Note: using one of these devices probably already violates various cyber-laws, so that threat wouldn't deter many if it's hard to be caught.

Parent Share
twitter facebook linkedin
Re:Haha (Score:3, Insightful)

by Anonymous Coward writes: on Sunday August 01, 2010 @04:09PM (#33103170)

I can't even explain how common this thing is, and how many geeks are playing with it.
Try using a car analogy.
Why this guy felt like he had to take a credit for it is beyond me.
As clearly linked, Paget is demonstrating . This is the community equivalent of science journal peer review -- it's separating the facts from the FUD. This is Investigative Reporting, the third leg that Democracy stands on.
That is creditable, quite unlike "I can't even explain how common this thing is, and how many geeks are playing with it", which is as credible as any other sniggering teenager remark that's designed to say "I'm so cool and in the know, and you're so not."

Parent Share
twitter facebook linkedin
Re:A work-around! (Score:3, Insightful)

by bill_mcgonigle (4333) * writes: on Monday August 02, 2010 @10:35AM (#33110052) Homepage Journal

I am concerned about the future if I ever decide to get an internet-capable phone. I don't want police spying on me without a warning that the encryption had been turned off.
Assume they are - do you encryption at the application layer, or at least with a VPN you control.

Parent Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

564 commentsBlackBerry CEO: Tablet Market Is Dying
381 commentsMost Companies Will Require You To Bring Your Own Mobile Device By 2017
381 commentsMicrosoft YouTube App Strips Ads; Adds Download
350 commentsFCC Issues Forfeiture Notices to Two Business for Jamming Cellular Frequencies
329 commentsThe Days of Cheap, Subsidized Phones May Be Numbered

I only know what I read in the papers. -- Will Rogers