Hacker shows how easy it is to snoop on GSM cell phones

From InfoWorld: Despite concerns that federal authorities might fine or arrest him, hacker Chris Paget went ahead this weekend with a live demonstration of mobile phone interception at the Defcon hacking conference.

Using several thousand dollars worth of equipment, Paget was able to intercept mobile-phone data on the GSM (Global System for Mobile Communications) networks used by AT&T and T-Mobile. He did this using a homemade system he calls an IMSI (International Mobile Subscriber Identity) catcher.

Within minutes of activating his IMSI catcher in test mode, Paget had 30 phones connected to the system. Then, with a few keystrokes, he quickly configured the device to spoof an AT&T cell tower.

"As far as your cell phones are concerned I am now indistinguishable from AT&T," he said. He predicted that every AT&T device in the room would connect to his tower, within the next half hour.

Cell phone interception is illegal in the U.S. And while the U.S. Federal Communications Commission had raised questions about his talk, Paget believes that his demonstration was legal because his device was operating in the 900MHz band used by Ham radio devices. Coincidentally, that 900MHz band is used by GSM devices in Europe "As far as your cell pones are concerned I am a European radio transmitter."

View: Article @ Source Site