Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 2nd, 2010

Inexpensive Equipment Tricks GSM Mobile Phones And Intercepts Calls

Chris Paget, a security researcher known for his work in the field of radio communications security, demonstrated how GSM phone calls can be intercepted with inexpensive equipment at the DEFCON hackers conference in Vegas. The technique exploited a loophole in current GSM implementations.

Paget made a name for himself by exploiting flaws in Radio-frequency identification (RFID) technology used in Enahnced Driver Licenses (EDLs), as well as electronic ID and passport cards. In the past the researcher demonstrated how information stored on RFID tags embedded in these government-issued documents can be sniffed with off-the-shelf equipment while driving around in a car.

This year he returned at the Black Hat technical security conference and showed how the same RFID tags can be read from much longer distances. With some custom-made equipment the researcher was able to hit a 217 feet range, smashing the previous record of 69. He also claims that by cranking up the power, the device can read tags from well over 500 feet.

However, his most impressive presentation yet was at DEFCON, the largest annual hackers conference in the world, that immediately follows Black Hat. There he managed to wow the audience by intercepting mobile phone calls made by attendees in the room.

To pull off this feat he used a device dubbed the “IMSI (International Mobile Subscriber Identity) catcher”, which he built with cheap and readily available components. The equipment is capable of mimicking an AT&T cell tower operating in the 900MHz band and tricks mobile phones into connecting to it.

The IMSI catcher exploits the fact that in U.S. the 900 MHz frequency range is used by amateur radios, while in most other parts of the world, including Europe, it is used by GSM networks. The problem is that, for compatibility reasons, many mobile phones sold in the United States are capable of operating over the 900 MHz band.

“During the talk at least 30 handsets connected to my tower; there were probably many more than this but the logs were all destroyed on-stage (I broke the USB key into several pieces […]). Logged data included IMSI, IMEI, all numbers that were dialed, and of course audio recordings of all calls made (a total of 17 calls were connected during the talk),” the researcher writes on his blog.

Since phone call interception is illegal, the U.S. Federal Communications Commission (FCC) expressed concerns prior to the talk. There were also rumors of AT&T intending to intervene and stop the demo from happening. However, Paget enlisted the legal guidance of the Electronic Frontier Foundation (EFF) and to keep the exposure to a minimum, he tweaked the power of his device so the experiment wouldn’t affect people outside the conference room.

Credit: News

Share this item with others:

More on CyberInsecure:
  • GSM Encryption Cracked, 4.3 Billion Mobile Phones Affected
  • Malware In Online Game For Mobile Phones Launders Money
  • New J2ME Security Vulnerabilities Affect Nokia S40 Phones
  • Windows Mobile Trojan Poses As “3D Anti-terrorist action” War Game
  • New Symbian OS Malware Silently Transfers Mobiles Account Credit

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Inexpensive Equipment Tricks GSM Mobile Phones And Intercepts Calls

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.