Advertisement


Advertisement

Thread Rating:
  • 5 Vote(s) - 2.6 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacker builds $1,500 cell-phone tapping device
Advertisement
#1
[Image: capt.122c43e592b34182adf9eeac9c75995e-12...9w9PV80A--]

A computer security researcher has built a device for just $1,500 that can intercept some kinds of cell phone calls and record everything that's said.

The attack Chris Paget showed Saturday illustrates weaknesses in GSM, one of the world's most widely used cellular communications technologies.

His attack was benign; he showed how he could intercept a few dozen calls made by fellow hackers in the audience for his talk at the DefCon conference here. But it illustrates that criminals could do the same thing for malicious purposes, and that consumers have few options for protecting themselves.

Paget said he hopes his research helps spur adoption of newer communications standards that are more secure.

"GSM is broken — it's just plain broken," he said.

GSM is considered 2G, or "second generation," cellular technology. Phones that run on the newer 3G and 4G standards aren't vulnerable to his attack.

If you're using an iPhone or other smart phone and the screen shows that your call is going over a 3G network, for example, you are protected. BlackBerry phones apply encryption to calls that foil the attack, Paget pointed out. But if you're using a type of phone that doesn't specify which type of network it uses, those phones are often vulnerable, Paget said.

Paget's device tricks nearby cell phones into believing it is a legitimate cell phone tower and routing their calls through it. Paget uses Internet-based calling technology to complete the calls and log everything that's said.

A caveat is that recipients see numbers on their Caller IDs that are different than the cell numbers of the people calling them. Paget claims it would be easy to upgrade the software to also include the callers' real numbers.

The device he built is called an "IMSI catcher," which refers to the unique International Mobile Subscriber Identity numbers that phones use to identify themselves to cellular networks.

Commercial versions of such devices have existed for decades and have mainly been used by law enforcement. Paget's work shows how cheaply hobbyists can make the devices using equipment found on the Internet.

"That's a significant change for research — it's a major breakthrough for everyone," said Don Bailey, a GSM expert with iSec Partners who wasn't involved in Paget's research.

Another security expert, Nicholas DePetrillo, said such devices haven't been built as cheaply in the past because the hardware makers have closely controlled who they sell to. Only recently has the necessary equipment become available cheaply online.

In the U.S., AT&T Inc. and T-Mobile USA are two cellular operators whose networks include GSM.

There are more than 3 billion GSM users and the technology is used in nearly three quarters of the world's cell phone markets, according to the GSM Association, an industry trade group.

In a statement, the group emphasized the hurdles to launching an attack like Paget's, such as the fact an attacker's base station would need to be physically close to the target and that only outgoing calls can be intercepted. Incoming calls are not vulnerable.

"The overall advice for GSM calls and fixed-line calls is the same: neither has ever offered a guarantee of secure communications," the group said. "The great majority of users will make calls with no reason to fear that anyone might be listening. However, users with especially high security requirements should consider adding extra, end-to-end security features over the top of both their fixed line calls and their mobile calls."

A representatives for AT&T had no comment. T-Mobile didn't immediately respond to e-mails Saturday from The Associated Press.

Paget had been debating dropping the demonstration from his talk, after federal authorities told him it might violate wiretapping laws. He went ahead with it after conferring with lawyers. He said he didn't believe he had broken any laws.

Yahoo
Reply
Thanks given by:
Advertisement
Advertisement




Possibly Related Threads…
Thread Author Replies Views Last Post
  General News: Feature phone that has no keypad, uses Google Assistant to communicate showcased nairrk 0 639 05-11-2019, 08:46 AM
Last Post: nairrk
  General News: Lava 34 Super feature phone with long lasting battery launched for Rs 1,799 nairrk 0 700 03-12-2019, 06:40 PM
Last Post: nairrk
  General News: Reinvent launches slimmest Smart 3G Feature Phone in India nairrk 0 756 11-22-2018, 06:42 PM
Last Post: nairrk
  General News: HMD Global unveils Nokia 106 feature phone, 2 color variants for Nokia 230 nairrk 0 628 11-15-2018, 08:49 AM
Last Post: nairrk
  General News: Reliance JioPhone is the top-selling feature phone in global market: Report nairrk 0 628 05-26-2018, 10:52 AM
Last Post: nairrk
  General News: Zanco Tiny t1, the world's smallest mobile phone launched nairrk 0 793 12-20-2017, 06:46 PM
Last Post: nairrk
  General News: Micromax Bharat Ultra 2 vs Karbonn A40 4G vs Jio Phone nairrk 0 931 11-05-2017, 06:42 PM
Last Post: nairrk
  General News: Micromax Bharat 1 vs Reliance JioPhone: Which 4G feature phone do you prefer nairrk 0 916 10-22-2017, 09:10 AM
Last Post: nairrk
  Update: Bharat 1 4G feature phone launched, priced at Rs 2,200: Specifications and features nairrk 1 961 10-20-2017, 07:45 AM
Last Post: nairrk
  General News: Reliance JioPhone hands-on and first impressions: A ‘smart’ feature phone nairrk 0 838 09-22-2017, 02:53 PM
Last Post: nairrk

Forum Jump:


Users browsing this thread: 1 Guest(s)
Advertisement