August 2, 2010

Hacker Makes Call Spying More Affordable

A hacker is making mobile phone snooping affordable by showing how to build a call-catching system for just $1,500.

Chris Paget showed off his budget device to over a thousand people at DefCon in Las Vegas, warning them to turn off their phones if they wanted to be spared.

"I can intercept cell phone calls with 1,500 dollars worth of radio gear and a laptop," Paget told the AFP news agency after the talk.

"Your handset thinks I'm your cell phone tower and I get to control your calls. These attacks used to cost millions of dollars, now you can do it for a lot less."

The gear includes an antenna and radio equipment and broadcast a GSM signal that imitates a legitimate telecom service tower, prompting handsets to automatically connect.

A hacker could then forward calls to intended recipients and listen in.

"I can target specific people if I want to spy and I can command only certain types of phones to connect," Paget said. "An attacker could easily take advantage of this."

This equipment is able to help a hacker snag credit card or account information from calls made to shops or banks.  Companies could be staked out in the hope insiders would reveal valuable information during calls.

Paget's creation worked only on mobile phones using the GSM network and not more secure 3G, third generation, networks.

"GSM is broken," Paget said. "It is up to telecom providers when to shift from GMS to 3G networks. GMS is widely deployed with millions of handsets in use."

However, according to Paget, someone could use a noise generator and a power amplifier that could jam a 3G network and prompt handsets to resort to GSM systems that are used as backup systems.

He gestured to a noise generator he bought online for $450 and a power amplifier purchased on the Internet for $400.

"I'm not turning this thing on," Paget said. "It would knock out pretty much every cell phone there is for most of Las Vegas."

The system only grabs outgoing calls since it fooled handsets.

The phones are considered gone from the networks since they have disconnected from real telecom service providers, and incoming calls are routed directly to voice mail boxes.

Paget said that hackers can use credentials from duped handsets to impersonate the phones to carriers.

His talk was almost scuttled by the U.S. Federal Communications Commission, which reached out to him with concerns and the danger that it might pose a statute it might violate.

"There was so much shenanigans involved making sure I could get on stage," Paget told the AFP news agency after the DefCon briefing. "The good news is that it is all over and I haven't been arrested."


On the Net: