LAS VEGAS — A computer security researcher has built a device for just $1,500 that can intercept some kinds of cell phone calls and record everything that’s said.
The attack Chris Paget showed Saturday illustrates weaknesses in GSM, one of the world’s most widely used cellular communications technologies.
His attack was benign; he showed how he could intercept a few dozen calls made by fellow hackers in the audience for his talk at the DefCon conference here. But it illustrates that criminals could do the same thing for malicious purposes, and that consumers have few options for protecting themselves.
Paget said he hopes his research helps spur adoption of newer communications standards that are more secure.
“GSM is broken – it’s just plain broken,” he said.
GSM is considered 2G, or “second generation,” cellular technology. Phones that run on the newer 3G and 4G standards aren’t vulnerable to his attack.
If you’re using an iPhone or other smart phone and the screen shows that your call is going over a 3G network, for example, you are protected.
BlackBerry phones apply encryption to calls that foil the attack, Paget pointed out.
But if you’re using a type of phone that doesn’t specify which type of network it uses, those phones are often vulnerable, Paget said.
Paget’s device tricks nearby cell phones into believing it is a legitimate cell phone tower and routing their calls through it. Paget uses Internet-based calling technology to complete the calls and log everything that’s said.
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.