IDG News Service - Despite concerns that federal authorities might fine or arrest him, hacker Chris Paget went ahead with a live demonstration of mobile phone interception at the Defcon hacking conference Saturday.
Using several thousand dollars worth of equipment, Paget was able to intercept mobile-phone data on the GSM (Global System for Mobile Communications) networks used by AT&T and T-Mobile. He did this using a home-made system he calls an IMSI (International Mobile Subscriber Identity) catcher.
Within minutes of activating his IMSI catcher in test mode, Paget had 30 phones connected to the system. Then, with a few keystrokes, he quickly configured the device to spoof an AT&T cell tower.
"As far as your cell phones are concerned I am now indistinguishable from AT&T," he said. He predicted that every AT&T device in the room would connect to his tower, within the next half hour.
Cell phone interception is illegal in the U.S. And while the U.S. Federal Communications Commission had raised questions about his talk, Paget believes that his demonstration was legal because his device was operating in the 900MHz band used by Ham radio devices.
Coincidentally, that 900MHz band is used by GSM devices in Europe "As far as your cell pones are concerned I am a European radio transmitter."
Not all GSM devices will connect to Paget's IMSI catcher, however. Quad band phones will connect, but U.S. phones that do not support this 900MHz band will not, he said.
By the end of the demo, Paget actually had fewer phones connected to the network -- just 17 -- something he was at a loss to explain. He said that it was possible that he had mistyped the AT&T network ID and that phones were rejecting his system because of the typo.
Android and iPhone systems would connect, however, he said. "In my experience it's generally the iPhones that connect most easily," he said. "It's actually been the bane of my existence trying to keep the damned iPhones away."
People connected to Paget's system would get a warning message, but they could dial out as normal, but anyone trying to call them would go straight to voicemail.
Paget didn't record or play back any calls, but he could have. His IMSI catcher can get around cell phone encryption by simply telling the connecting phones to drop encryption. "If I decide not to enable encryption I just disable it," he said. "It's that simple."
Earlier this week, it wasn't clear that Paget's talk would go ahead. The U.S. Federal Communications Commission (FCC) got in touch with Paget Friday morning to express concern and inform him of relevant federal regulations, he said.
The agency raised concerns that Paget's device might transmit over licensed frequencies and that he might unlawfully intercept mobile-phone calls.
On Friday, FCC spokesman Eric Bash said the agency doesn't comment on the legality of specific matters until it fully investigates and takes enforcement action.
(Nancy Gohring in Seattle contributed to this report.)
Black Hat/Defcon 2010
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Secure, Centralized, Simple: Multi-platform EMM BYOD, corporate-issued, or a mix. Manage all the mobile platforms and devices in your enterprise through a single pane of glass.
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts