📜 ⬆️ ⬇️

Hacker created a $ 1,500 cell phone listening device

A computer security researcher for only $ 1,500 has created a device that can intercept calls of certain types of cell phones and record conversations.
Chris Paget’s attack last Saturday at Defcon demonstrated the vulnerability of the GSM standard, one of the most common cellular technologies.

The attack produced was local and benign in nature: Chris demonstrated how you can intercept several dozen calls made by other hackers in the hall during his speech at the DefCon conference. But the same method can be used by criminals by no means for demonstration purposes, and users have not so much means for protection.
Paget hopes that his research will help stimulate the adoption of new, more secure communication standards. “GSM hacked — just hacked,” he said.
GSM or 2G, cellular technology "second generation". Phones that work on the new 3G and 4G standards are not vulnerable to this attack.
If you are using an iPhone or another smartphone that displays during a call on the screen that the connection is made via a 3G network, you are protected. Paget also noted that BlackBerry phones use encryption when making calls, which also disrupts a possible attack. According to Paghet, if you use a phone that does not display information about the standard used, such phones are vulnerable.

Translator's Note

In addition to the original (too “populist”) article, let's dig a little deeper.

In his personal blog, Chris posted a presentation with DefCon and promised to post a video from the conference.
The presentation reveals some details of "hacking". In a nutshell: a base station is created with a forged network name (BTS - Base transceiver station); when the phone is connected, the station sends a command to disable encryption.
The output power of the device used is only 25 milliwatts, antennas with a gain of 13dBi, which gives about 0.5 W ERIP (Effective Isotropic Radiated Power). To demonstrate this was quite enough.
During the demonstration, at least 30 telephones were connected to its base station. Logs were removed immediately, and physically - a USB flash drive with logs was broken (a USB flash drive was used to boot the system). IMSI, IMEI, dialed numbers and audio recordings of all seventeen calls made were saved in the logs.
Unlike the journalist of the Associated Press, Chris openly declares that IMSI Catcher has been used and the technology has been known since 1993. Thus, it’s probably not about hacking, but using the flaws of the GSM standard and the lack of notification in cell phones when encryption is disabled by the BS command - in a low-cost implementation.


Source: https://habr.com/ru/post/100756/

All Articles