Cell Phone Interception At Def Con 95
ChrisPaget writes "I'm planning a pretty significant demonstration of GSM insecurity at Defcon next week, where I'll intercept and record cellular calls made by my attendees, live on-stage, no user-input required. As you can imagine, intercepting cellphones is a Very Big Deal in the eyes of the law; this blog post is an attempt to reassure everyone that their privacy is being taken seriously despite the nature of the demo. I'm not just making it up either — the EFF have helped significantly with the details."
Just be careful (Score:4, Informative)
It is illegal to intercept cellphone communications. Doesn't matter if it is a "security demonstration" what you call it is not relevant. You probably need waivers from everyone you plan on intercepting.
Get a lawyer who know that area of law, and not from the EFF. I like their ideals and all, but their track record is as idealists and they don't seem to do so good in terms of actual law, especially in the court.
Not saying don't give your talk, GSM security is serious and the phone companies need to get with it and fix that shit. However make sure you aren't breaking the law.
Re:Verizon (Score:4, Informative)
Generally it's all a clusterfuck of confusion stemming from one group choosing, for its marketing, a name of basic radio method they use...and not only them; also the group most commonly seen as "GSM association", just not in its oldest standard.
If anything, "CDMA" (in whatever form) is going out; LTE & FDMA is revving up. And considering that various "3G" technologies don't really have a universal uptake, with majority of people on 2G TDMA networks - I wouldn't be too surprised if they jump directly to LTE, at some point in the future, more often than not.
Re:Just be careful (Score:3, Informative)
The Federal Communications Commission (www.fcc.gov) ruled that as of April 1994 no radio scanners may be manufactured or imported into the U.S. that can pick up frequencies used by cellular telephones, or that can be readily altered to receive such frequencies. (47 CFR Part 15.37(f)) The law rarely deters the determined eavesdropper, however.
Another federal law, the Counterfeit Access Device Law, was amended to make it illegal to use a radio scanner "knowingly and with the intent to defraud" to eavesdrop on wire or electronic communication. (18 USC 1029) Penalties for the intentional interception of cordless and cellular telephone calls range from fines to imprisonment depending on the circumstances. (18 USC 2511, 2701)
Re:Just be careful (Score:4, Informative)
You're almost right. You can intercept non-encrypted, non-cellular communications.
Actually, the FCC has specific laws in place regarding phone calls on cellular networks. You cannot, under any circumstances, listen in to a cell phone conversation without permission. That is why all radio scanners sold in the United States are required to block the AMPS cellular phone frequencies.
Aside from cell phones, it's legal to intercept any open transmission you can receive, as long as it's not encrypted. I would assume you need permission of one or both parties to decrypt encrypted communications.
From what I can tell, the OP is going to be using a femtocell modified base station that will basically act as a cellular tower. For the duration of the presentation, anyone within range of the base station will have their calls routed through his base station, rather than their regular cellular carrier. The legality of this is dubious, but it is a security seminar and presentation. It would be far safer (but less dramatic) if they staged the call, rather than actually pulling up the conversations of random people at the convention.