The 18th annual Defcon security conference in Las Vegas just finished yesterday and one of the highlights of the show was a presentation given by Chris Paget who demonstrated a $1500 system used to intercept and record mobile phone calls. The system uses a classic man in the middle attack technique. What’s essentially happening is Chris is transmitting a signal, just like a regular cell phone tower, which is then picked up near by devices. Your mobile phone always looks to connect to the strongest tower around, so if Chris is in the room then be warned. You’re going to get comprised.
Once you’re connected to Chris’s faux tower, he can record your calls. Simple as that. Now if you’re on Verizon then you’re unaffected since the system only works by breaking into the weak encryption offered by GSM. If you’re on 3G then you’re marginally safer. Chris says he can just transmit 3G jamming signals to force your mobile phone to switch to 2G, thus getting around the stronger, more modern, encryption that 3G has to offer.
Systems like this used to cost over $100,000. What Chris is doing enables everyone, even your neighbor, to spy on people. Most of the cost of what Chris built went into the laptop. The antennas he purchased look like regular ariels that you used to see on top of apartment buildings. And of course he used Linux to save on the Windows license fee. Should you be alarmed? It’s hard to tell. I’m not a lawyer, but I’m pretty sure that there has yet to be a case where using this sort of technique to acquire incriminating information has been used.
Chris’s system doesn’t currently capture data packets, only voice calls. Higher end professional grade systems, which are obviously more expensive, enable packet collection. The military can afford them. You can’t.
AT&T customers will be pleased to know that they’ll have no issues because they can’t make calls anyway.
[Via: Gizmodo]
[More info on Chris’s blog]