Cell Phone Interception At Def Con 95
ChrisPaget writes "I'm planning a pretty significant demonstration of GSM insecurity at Defcon next week, where I'll intercept and record cellular calls made by my attendees, live on-stage, no user-input required. As you can imagine, intercepting cellphones is a Very Big Deal in the eyes of the law; this blog post is an attempt to reassure everyone that their privacy is being taken seriously despite the nature of the demo. I'm not just making it up either — the EFF have helped significantly with the details."
Encryption is the future (Score:5, Insightful)
In this age, where more and more people and institutions are trying to control, and intercept, the flow of information, encryption is the future. Anyone with some knowledge in the area knows that LE et al have the ability to intercept all kinds of comm, emails, phone calls, etc. Just as you should automatically assume that any email you send to anyone is compromised and therefore public knowledge, the same for phone conversations. The only way around this is to encrypt if at all possible, though the demand has to rise for things to be more pragmatic and easily accessed. It is still an interesting method, but much like the internet, phone systems were not designed with security as a main priority.
Re:Verizon (Score:2, Insightful)
AT&T and T-Mobile will both be CDMA once they complete the transition to UMTS.
Love that Patriot Act! So moist! (Score:2, Insightful)
Re:Encryption is the future (Score:4, Insightful)
GSM has various encryption standards that are supposed to protect calls. But some are weak, and phones using stronger algorithms can be tricked into falling back to the weaker ones. With a fake tower you can probably turn it off completely.
The problem with encrypting cell conversations is many-fold:
* Can you rely on the GSM encryption?
* Can you trust third-party implementations?
* Even if you run an encrypted VOIP app, can you trust the handset manufacturer? (e.g. not to allow the government to steal your keys from device memory via privileged access)
* If you can trust the manufacturer, is your device security from nearby wireless attacks? There have been exploits for bluetooth and wifi stacks.
* Can someone clone your phone?
* Do you know through systems like CALEA and IP monitoring what details of your conversation will be private vs which will be public and whether that suits your needs? Data mining can probably reveal a lot about who knows who and sequences of events.
* Instead of expending the effort to break your encryption isn't it easier for someone to bug places you frequently call from?
* Can you trust the guy on the other end of the line to have been as careful as you have? If not, everything you've done to protect yourself is useless.
IMO if you have something you need to say to someone in secret a cell phone is a particularly bad way to go about it.
Re:Just be careful (Score:4, Insightful)
It's not just potentially illegal because you're "wiretapping" but it's actually illegal to own a radio receiver capable of receiving on the frequencies used by cell phones.
Damn! I carry a radio transceiver capable of transmitting and receiving on those frequencies in my pocket every day!