Posted on 08/01/2010 4:08:56 PM PDT by PugetSoundSoldier
"A security researcher created a $1,500 cell phone base station kit (including a laptop and two RF antennas) that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear. Most of the price is for the laptop he used to operate the system. The device tricks the phones into disabling encryption and records call details and content before they are routed on their proper way through voice-over-IP. The low-cost, home-brewed device ... mimics more expensive devices already used by intelligence and law enforcement agencies — called IMSI catchers — that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that's stronger than legitimate towers in the area. Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice on the cell phone makers, Paget said."
(Excerpt) Read more at mobile.slashdot.org ...
The network vendors disable the GSM warning to show you're not encrypted, so you don't even know you're going through a bogus/spoofed cell.
IT folks - carefully consider the implications of this on corporate security! A competitor parked in front of your offices with a few of these $1500 cobbled-together microcells in the back of his Suburban could capture and record the conversations of your employees, including senior management, if they use GSM phones!
As usual, read the comments at Slashdot - lots of great information and additional details contained therein.
Phone people ping - serious breach of phone privacy! Someone alert the Tech Ping as well...
IMSI catchers just act like a really strong cell base station and thus intercept the traffic aka “man in the middle” type of intercept. Been around for a long time.
tech ping please.
Can’t believe this wasnt’ done earlier. Of course there are ways to capture individual phones. Just install a phone logger and then have it ftp or send the messages to a server that you have access to. The more and more phones are data enabled the easier it is to get their phone calls. of course this has the ability to intercept without needing access to the phone to install the software.
They used one of these in The Girl Who Kicked the Hornet’s Nest book.
This was documented on hak5 at shmoocon this year.
Good. Ask them where my pizza is that I ordered an hour ago.
Pizza was good, next time order with extra cheese. please
Obama knows he sucks....no need to listen to me telling everyone I know....:o)
This was done using a frequency counter an a AOR hacked (cut the green wire) scanner.
Yep, except IMSI catchers cost a few hundred thousand dollars. Now you can make your own for under $1500 (probably under $500, if you own a decent laptop).
LOL! That’s there is funny, I don’t care who you are!
CDMA carriers don’t have this issue to contend with. :)
Thanks for the ping. Holy sh*t. Like you said: "IT folks - carefully consider the implications of this on corporate security!"
Indeed.
Rust never sleeps...
Note that CDMA is largely invulnerable to this type of cheap snooping - it’s a lot harder to break into CDMA channels, which makes that technology (Verizon uses it) a lot more secure for corporate purposes.
I can see lots of mid-sized sedans or small SUVs parked in front of corporate offices all over the nation, snooping on the latest business secrets...
Security isn’t just the phone, it’s the network as well!
Thanks to PugetSoundSoldier for the heads up.
This apparently hits AT&T and T-Mobile most seriously.
If you want on or off the Mac Ping List, Freepmail me.
I can’t think of anything I’d pay $1500 to listen to.
But some people would.
Besides, a good percentage of that $1500 is the laptop, meaning that if you already have a suitable laptop, you can get the antennas and whatever other hardware you need for a lot less than $1500.
That said, yeah, Sturgeon's Law undoubtedly applies ("90% of everything is crud").
What’s the over/under on how long it takes for “iPhone” to appear in a headline about this vulnerability?
Indeed, true. This is one of the reasons why we’re not going to AT&T when our Alltel (CDMA) contract expires. Most of Alltel’s areas were bought up by Verizon, and will continue to be CDMA, but here in Wyoming and in western MT, AT&T got the remains of Alltel because the DOJ/DOC ruled that Verizon getting these areas would amount to a ‘monopoly.’
In about six months, AT&T will be forcing their customers onto GSM phones, whether iPhones or something else (eg, a GSM Blackberry). We’re not going there to GSM.
And besides, AT&T sucks at servicing rural areas. I’ve had enough of their crap 10 years ago, and I’m not paying one thin dime to put up with their crap ever again.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.