Security researcher imitates cell tower

Tom Dunne

According to Wired magazine, a security researcher built his own "custom" cell tower and managed to get some phones in the near vicinity to connect and route calls through it.

A security researcher created a cell phone base station that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear. The device tricks the phones into disabling encryption and records call details and content before they’re routed on their proper way through voice-over-IP.
The low-cost, home-brewed device, developed by researcher Chris Paget, mimics more expensive devices already used by intelligence and law enforcement agencies – called IMSI catchers – that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that’s stronger than legitimate towers in the area.

The scary thing is, it only cost him around $1500 to build.


However, it was only demonstrated on 2G networks, not 3G.


This is the interesting part:

Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed.


“Even though the GSM spec requires it, this is a deliberate choice on the cell phone makers,” Paget said.

Interesting that phone makers disable the alerts. Don't want to be scaring users, I suppose.

Random

not read the entire article myself but a little worrying i guess. in the grand scheme of things though if someone thinks my calls or msgs are that interesting then i hope they enjoy.

i'll give the article a bash later on and read more about it though

gu10

lots of fun stuff you can do with a USRP, been wanting to buy one for ages but i don't have $1500 in these recessionary times. even 3G security isn't great. no reason all the fun stuff like intercepting messages should only be reserved for law enforcement though.

if anything I hope this becomes more popular and that people start using strong end-to-end encryption and one-time pads because anyone who uses that now is seen as having 'something to hide' and worthy of harassment from the law.

the guy could have just intercepted the traffic and cracked the encryption but this works too I suppose. GSM was never secure and LTE won't be either. Even using SSL/TLS over the internet is easily defeated. there are a few things you can use if you want truly secure communications but most of the time its just easier to assume that someone is listening in.