Defcon, the hacker conference, wrapped up yesterday, and while I spent all day knee-deep in Forumula 1 coverage word got out about a $1,500 cellphone interceptor. The device—it’s more of a mishmash of devices kinda of clunked together than a singular device—exploits weaknesses in the GSM phone standard, and could be used to intercept and record the conversations you have on your phone. Well, provided it’s a non-3G GSM phone, of course. The odds of this actually happening? Quite low indeed, but as a proof of concept it makes you wonder what other type of vulnerabilities exist in our telephony standards.
At its most basic level, the device (I’m going to keep calling it a device for convenience’s sake) “tricks” vulnerable phones into thinking that it’s a legitimate cellphone tower. It’s not, of course.
Sounds familiar? That’s because it’s essentially an IMSI catcher, something that law enforcement officials have had access to for some time now.
It was put together by Chris Paget, a security researcher.
The thing is, they uses to cost in the millions of dollars, “back in the day.” Now for about the cost of a high-end gaming PC you could build one yourself.
You should know that the Feds had warned him not to go on with the talk, arguing that it may violate wiretapping laws.
Meh—onward!
More than 3 billion GSM users could be affected by the deployment of such a device.
Not affected: iPhone 3G and higher (slightly different network) and BlackBerry (RIM encrypts the data).