Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Builds $1,500 Cell Phone Tapping Device

Soulskill posted more than 4 years ago | from the snoop-on-the-cheap dept.

Cellphones 109

We previously discussed security researcher Chris Paget's plans to demonstrate practical cell phone interception at DefCon. Paget completed his talk yesterday, and reader suraj.sun points out coverage from Wired. Quoting: "A security researcher created a $1,500 cell phone base station kit (including a laptop and two RF antennas) that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear. Most of the price is for the laptop he used to operate the system. The device tricks the phones into disabling encryption and records call details and content before they are routed on their proper way through voice-over-IP. The low-cost, home-brewed device ... mimics more expensive devices already used by intelligence and law enforcement agencies — called IMSI catchers — that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that's stronger than legitimate towers in the area. Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice of the cell phone makers, Paget said."

cancel ×

109 comments

Sorry! There are no comments related to the filter you selected.

Disabled warning (5, Interesting)

maxwell demon (590494) | more than 4 years ago | (#33101236)

If the GSM spec does specify the warning should be there, does that mean the manufacturers are violating their GSM license when they disable that warning? Or could they be sued for false marketing because the phone you bought does not follow the GSM spec despite being called a GSM phone?

In short: Could they be (successfully) sued for it?

Re:Disabled warning (2, Informative)

Anonymous Coward | more than 4 years ago | (#33101332)

No, the SIM Card disables the warning not the phone

Re:Disabled warning (3, Funny)

commodore64_love (1445365) | more than 4 years ago | (#33101358)

What's a SIM card? My phone doesn't appear to have one of those.

Re:Disabled warning (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33101386)

Then your phone isn't GSM.

Re:Disabled warning (1)

kidgenius (704962) | more than 4 years ago | (#33101450)

Then you shouldn't worry (yet) as your phone is CDMA not GSM

Re:Disabled warning (1)

sznupi (719324) | more than 4 years ago | (#33103418)

Quite a lot of GSM phones nowadays don't sit, most of the time, on what could be strictly called a GSM network, too; they use UMTS (accidentally, also utilising a form of CDMA - why this one consortium insisted on using the name of a basic radio method as their branding?).

So, what, the setup also jamms UMTS? I don't think a 3G phone will really try to use the GSM/TDMA network, as long as UMTS is present...

Re:Disabled warning (1)

ncgnu08 (1307339) | more than 4 years ago | (#33104626)

Lets not forget that GSM will be phased out for UMTS which is already being replaced by LTE...

Re:Disabled warning (0)

Anonymous Coward | more than 4 years ago | (#33102722)

It is a little card that has your ID in it for companies like AT&T and T-Mobile. If you move your sim card from one phone to another it will have the same phone number. CDMA phones require an extra step to change phones because the companies keep record of the IMEI of your phone in their database and that determines what phone rings for your number.

Re:Disabled warning (0)

Anonymous Coward | more than 4 years ago | (#33101416)

so... since the SIM card comes from the carrier, you should be able to sue the carrier.

Re:Disabled warning (1)

sirlark (1676276) | more than 4 years ago | (#33107976)

So then, could the carriers who provide those sim cards be sued? Don't they also make claims about GSM compliance, at least those networks who still use GSM?

Re:Disabled warning (4, Insightful)

erroneus (253617) | more than 4 years ago | (#33101334)

They would rather violate the license as they would inevitably be protected by the government(s) that demanded things be set as they are.

A better question would be how can we turn that feature back on?

Re:Disabled warning (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#33101502)

I agree. It's no secret the US government will use any and all means necessary to retain power. It desperately needs pruned.

Re:Disabled warning (0)

Anonymous Coward | more than 4 years ago | (#33101742)

Any RF engineer worth his salt can and does use a cellphone itself as a radio scanner.
What will a consumer who spends $1500 hear?
Ill tell you. Guys and girls cheating on spouse #1
drug deals #2
been there done that with old analog Amps Fm cell system
Is hearing cheating spouses and drug deals worth it?
I guess you could get rich or jailed for extortion, but is $1500 worth it?

Re:Disabled warning (0)

Anonymous Coward | more than 4 years ago | (#33101998)

Yes Sir ,
Your an Rf engineer Alright, I too have an old AMPs cellphone Bag phone , I heard Cellphone conversation on IF frequency on Radio scanner , Cheating spouses and drug deals and obvious criminal activity is the best stuff , unfortunately people do give account and bank credit card numbers out .
No you cant buy a radio scanner !
even if it can receive the frequency range , it cannot receive the digital cellphone audio at all. Isn't it amazing what FCC federal government can accomplish when so called government lawmakers get caught 'red handed'? Which lawmaker By the way was it who got caugh and made it illegal to receive cellphones and cordless phones ;/

Re:Disabled warning (0)

Anonymous Coward | more than 4 years ago | (#33103432)

They will also hear lots of small talk, like:
Ill be home late Honey
get a bottle of milk before you come home

$1500 for hardware and a requirement to hear 500 -900 hours of idle BS talk isn't worth it

Re:Disabled warning (1)

soundguy (415780) | more than 4 years ago | (#33104468)

Back in the mid-90's I could pick up analog calls with an ancient TV set tuned to around channel 80 on UHF. It was pretty dull. At the time, I had an AT&T bag phone that put out 5 watts. I really miss that phone. It weighed a ton, but the voice quality was vastly superior to digital and it worked pretty much anywhere, even a hundred miles from civilization in the middle of the desert southwest.

Re:Disabled warning (1)

dafing (753481) | more than 4 years ago | (#33108020)

I still remember a friend bringing his handheld police scanner around a few years ago, it picked up "analog calls", I was TERRIFIED at first, as we heard two burly sounding men talking about "rust on a shitbox Ford", I wasnt sure if they could also hear me! I was quick to change the tuning.

Police Scanners have always seemed unlawful to me, our police force know how they are being heard, and they tell each other to ring a cellphone, "ring me on oh two one....", now I suppose those cellphones will ALSO be cracked into by the radio boffins.

A work-around! (1)

Paracelcus (151056) | more than 4 years ago | (#33102458)

http://www.phonecrypt.com/ [phonecrypt.com]

Re:A work-around! (1)

TheLink (130905) | more than 4 years ago | (#33102508)

I use a phone to communicate with other people. Not to talk to myself and an imaginary friend that uses phonecrypt.

Re:A work-around! (1)

commodore64_love (1445365) | more than 4 years ago | (#33103788)

+1 insightful

I barely use my phone at all (which is why it only costs me $5 a month), but I am concerned about the future if I ever decide to get an internet-capable phone. I don't want police spying on me without a warning that the encryption had been turned off.

Re:A work-around! (1)

Kozz (7764) | more than 4 years ago | (#33103936)

I use a phone to communicate with other people. Not to talk to myself and an imaginary friend that uses phonecrypt.

And you've also just summed up why people don't use PGP/GPG, for better or worse.

Re:A work-around! (1)

TheLink (130905) | more than 4 years ago | (#33106508)

Yeah it'll be nice if more people used crypto.

Ubuntu is helping in some ways- they've made it easy for normal users to have their home directory encrypted (so all that talk about Ubuntu not contributing enough is bullshit).

Even more than 10 years ago I think many email programs actually had support for S/MIME. But that design required CAs and $$$ (yes there could be free CAs or people could set one up themselves, but good luck with getting the public to do that).

Whereas if the architecture was more like ssh, lots of people would be using encryption. e.g. if you send a message you have an option to "send encrypted" and it would include a public key in the message if it's the first time the email program is sending to any of the recipients.

But of course there would be fewer opportunities for various parties to collect a yearly "tax" on, and I'm sure various governments wouldn't want such widespread use of crypto.

Re:Disabled warning (0, Offtopic)

Anonymous Coward | more than 4 years ago | (#33101404)

In short: Could they be (successfully) sued for it?

No. Obama will simply grant them retroactive immunity. Same protections that were afforded to carriers who snooped on calls without properly documented warrants.

Re:Disabled warning (1)

Threni (635302) | more than 4 years ago | (#33101432)

> does that mean the manufacturers are violating their GSM license when they disable that warning?

Maybe. Most shops and pubs in the UK breach their agreements with their acquirers when they either surcharge or impose minimum transaction amounts on debit/credit card transactions. The rules are simple - you can't do it. But I'm not aware of any shops which don't. It's a funny old world, isn't it.

Re:Disabled warning (1)

uglyduckling (103926) | more than 4 years ago | (#33101474)

You're not aware of _any_ shops that don't impose minimum transaction amounts? You need to get out more.

Re:Disabled warning (1)

Drgnkght (449916) | more than 4 years ago | (#33101588)

No, The GP meant they were not aware of any shops that do not impose such a minimum. It was a little ambiguous, but that was the intent of "The rules are simple - you can't do it. But I'm not aware of any shops which don't." In other words, every shop the GP have ever been in has had minimum transaction amounts or surcharges.

Re:Disabled warning (4, Insightful)

Anonymous Coward | more than 4 years ago | (#33101492)

Sheesh! Why sue? That's not the answer to everything unless you're looking for a way to make some cash, or living in a litigation-crazy country like the USA.

How about a user-driven pressure group to force a change - after all, if someone does manage to screw big bucks out of this:

1) It'll make some lawyers even more rich.
2) The phone companies will just pass the cost onto the customers somehow

Suing the ass off companies just because they don't do things the way you like is just plain crazy.

Re:Disabled warning (1)

novafluxx (1089189) | more than 4 years ago | (#33102874)

Agreed 100%. I'm sick of people thinking litigation is the answer yo EVERYTHING. Money does not equate to the problem being solves. If anything those that sue would probably end up settling out of court in secret anyway, and the rest of us get nothing, or if its a class-action suit, those who participate would get $30 USD and the lawyers would make millions.

You are just 100% plain sick. (0)

Anonymous Coward | more than 4 years ago | (#33106362)

If a company is working on my dollar, then they'll do as I expect. Phone systems on the Cell Service were always open and non-encrypted no different than a WiFi HUB that cascaded it's WAN to another WiFi Hub encapsulated somewhere else using a MicroWave'd link. They are the same frequencies used by Amateur Radio HAM operators where they too could call someone up. The fee only went to the service of a Cell Service between it's bridges to other networks who had subscribing clients. Then they got greedy to the local internation operators (HAM's) and forced the encryption of the entire network but use proprietary means of selling Cell Phones that would be much more useful if the people could remove encryption to use as 2-way like they used too. The truth is a Cell Phone is nothing more than a tranceiver with a PDA computer that was crippled by the carrier's agenda. So many of these devices are thrown away and wasted and littered into the environment just because of someone's jealousy to do as a HAM radio operator (individual) but without the liability because they are a for-profit company with a regulated corporation.

Can you imagine if everyone had open use of their Cell Phone, and every one was it's own peer'd access point in a Bittorrent-style of repeated redundant network of shared routes? Who needs Cell Phone Towers when properly-written software on those PDA's could geographicall navigate communications just by pressence alone?

Re:Disabled warning (0)

Anonymous Coward | more than 4 years ago | (#33102892)

Though I agree with your argument's spirit, the bottom line is *most* companies don't care about your wants outside of buying their products or services. They ONLY thing they care about is their bottom line. When you affect the bottom line, then you have their attention. Sad, but that has been my experience for many years.

Re:Disabled warning (1)

sznupi (719324) | more than 4 years ago | (#33103482)

A relativelly small settlements, as most of them are, don't exactly have a guarantee of impacting bottom lines; especially if the costs are passed on.

Now, if people stopped buying products or services of particular company due to user-driven pressure group...

Re:Disabled warning (1)

thePowerOfGrayskull (905905) | more than 4 years ago | (#33104276)

Sheesh! Why sue? That's not the answer to everything unless you're looking for a way to make some cash, or living in a litigation-crazy country like the USA.

You do know that it's possible -- sometimes even necessary -- to sue for remedies other than cash, don't you? These remedies include (but are not limited to) enforcing or nullifying contract or license terms. But hey, don't let the facts get in the way of your prejudices...

Re:Disabled warning (0)

Anonymous Coward | more than 4 years ago | (#33104562)

Is it really an issue Yet?
Give the $1500.00 worth of parts to a typical consumer , tell that consumer , put these together to receive cellphones
Aha Most cant do it
But
If he kits the thing with good instructions so consumers can use it , I think that will put him on Hells radar screen

He was worried about breaking laws or being sued and didn't or was reluctant to demo it at DEFCON
That's smart !

This isn't
  My first thought would be :
  What might a Billion $$$ cellphone industry profiting big off of GSM do to me and my hacker friends if I threatened their income ? Or just perceive big loses? Big Billion $$$ corporations cant or wont commit crimes and get away with it right?

Re:Disabled warning (1)

maxwell demon (590494) | more than 4 years ago | (#33108068)

Give the $1500.00 worth of parts to a typical consumer , tell that consumer , put these together to receive cellphones
Aha Most cant do it

I do not care about the typical consumer. I care about the criminal who might get my phone banking credentials.

Re:Disabled warning (1)

hitmark (640295) | more than 4 years ago | (#33101508)

<blockquote>Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed.</blockquote>

note the bit about the SIM card. That means its AT&T or T-mobile, not apple or HTC, that is suppressing the message. I suspect its done more to avoid tech support calls wondering why the message keeps showing up all the time, as various generations of towers have differing levels of encryption implemented.

Re:Disabled warning (1)

black3d (1648913) | more than 4 years ago | (#33104496)

No, they don't violate any license terms by disabling a warning in the GSM spec. No, they could not be succesfully sued for it. The GSM spec is not even a license, it's a set of guidelines for what a phone must be capable of to meet GSM standards. To meet this specification, the phone has to be able to detect it's connected to a tower without an encryption channel, and to display a warning to that effect. All that matters is that the phone is physically able to do this. The standards authority doesn't require it to be enabled, just able to perform the function. For law enforcement purposes, both the authority and the manufacturers understand it's better to have the functionality disabled.

Sad that folks are always looking for someone to sue.

Re:Disabled warning (0)

Anonymous Coward | more than 4 years ago | (#33105316)

Cellphone call What U will hear for $1500and this hackers device
Hello Honey, I'm going to be late,OK Pick up some Milk.

Hey don't get mad , but i just spent over $1500 to hear what you just said without using a cellphone and i can hear other wives order their husbands to get milk Too with this radio thing and a computer

$1500 Dollar for that !
you Jackass! were getting a divorce !
 

Give it a month (3, Insightful)

sv_libertarian (1317837) | more than 4 years ago | (#33101242)

The government will mandate better encryption and stronger standards so they maintain their monopoly on being able to intercept phone calls.

Re:Give it a month (3, Interesting)

bsDaemon (87307) | more than 4 years ago | (#33101316)

Then there will be another 3 years of court cases and lobbying to make the government pay the cell carriers to upgrade their equipment, although much of the issue is on the phones not properly realizing they're on a bogus tower and not providing the required notification. So everyone will have to upgrade phones if they're on a GSM network.

Of course, we'll be on iPhone 7 by the time AT&T finally concedes to the upgrade, and iPhone 10 by the time its done, and as they're the only GSM carrier of consequence in the US, user upgrades likely won't be an issue 'cause everyone will be clamoring for it while remaining blissfully ignorant of this situation.

But the reality of the situation is probably closer to the fact that the government will just let this whole thing slide under the assumption that the easier it is to do, the cheaper they'll be able to obtain 3rd-party products to conduct intercepts for investigations.

Re:Give it a month (4, Interesting)

poetmatt (793785) | more than 4 years ago | (#33101360)

actually, what about the prospect of intercepting our own phone calls?

As noted if you can do this on a laptop and then voip a call, couldn't people do this at home as a pseudo-femtocell?

Re:Give it a month (1)

TooMuchToDo (882796) | more than 4 years ago | (#33101710)

Yes, but it's entirely likely you'd be violating FCC regulations running an unlicensed station, as well as running it at power levels you're not licensed for.

Re:Give it a month (-1, Offtopic)

MrMacman2u (831102) | more than 4 years ago | (#33101898)

Your post seems to convey that people attempting to essentially illegally "wiretap" a cellphone for presumably malicious purposes are going to give half a care about FCC regulations...

I'd say something about "fail" but I think it goes without saying at this point.

Re:Give it a month (1)

TooMuchToDo (882796) | more than 4 years ago | (#33101944)

My apologies. My post left out the part that the FCC actually aggressively goes after folks who do this on an ongoing basis.

Re:Give it a month (1)

dave562 (969951) | more than 4 years ago | (#33102726)

Citation needed. I fully believe that they would like to do so. I doubt that they have the resources and manpower to do it though. Do you have any evidence to the contrary, any articles or other documentation that proves they "aggressively" go after folks "on an ongoing basis."??

Re:Give it a month (3, Informative)

Rob the Bold (788862) | more than 4 years ago | (#33102130)

Your post seems to convey that people attempting to essentially illegally "wiretap" a cellphone for presumably malicious purposes are going to give half a care about FCC regulations...

I'd say something about "fail" but I think it goes without saying at this point.

Presumably, if you're interested in a "pseudo-femtocell" as poetmat mentions in the post to which the GP is replying, you're not doing it for malicious purposes so much as providing cell service somewhere that doesn't get proper coverage from the outside network. In certain buildings, certain terrain, neighborhoods with insufficient towers, that sort of thing. The sort of thing that "legitimate" femtocells are used for.

I think you have "failed" to consider that this is the application that TooMuchToDo was referring to, not wiretapping or even necessarily doing anything malicious.

Re:Give it a month (0)

Anonymous Coward | more than 4 years ago | (#33102200)

Yes, but it's entirely likely you'd be violating FCC regulations running an unlicensed station, as well as running it at power levels you're not licensed for.

I have no idea what the FCC regulations are regarding licensing femtocells except I'm sure you're right that they'd want you to have a license.

As to power, however: if you're operating a femtocell for the benefit of yourself and perhaps neighbors and colleagues because there isn't adequate network coverage, then the transmit power you are using wouldn't have to be that great. You're in close proximity to the instruments you serve, so the 1/d^2 rule is working in your favor. So even transmitting very low power, you could overwhelm the "legitimate" signal, since it's presumably crappy anyway or you wouldn't be wasting your time and money on a personal femtocell.

Re:Give it a month (1)

poetmatt (793785) | more than 4 years ago | (#33103436)

again, it's not like I care about FCC regulations. In the worst case what would they do if I could even figure out how to do this, tell me to stop? It's not like I'm going to start a bitter personal battle with the government here.

However, it'd be nice to know if it can be done as that would give people easy options other than the not even remotely adequate ones that our cellular providers have been offering.

I mean have computer + wireless + internet connection = you should have 90% of the capability right there. So it's a question of what you need to intercept your own signal and femtocell it for probably close to no cost.

Re:Give it a month (1)

maxume (22995) | more than 4 years ago | (#33106136)

It quickly becomes a question of whether the radio hardware costs more than a phone that will do VOIP over a Wifi connection.

Re:Give it a month (0)

Anonymous Coward | more than 4 years ago | (#33106808)

What about inbound calls?

"deliberate choice" (5, Insightful)

Manip (656104) | more than 4 years ago | (#33101254)

So wait, law enforcement use a method to interception that would be compromised if that warning was displayed, and phone manufacturers fail to enable such a warning? Call my a conspiracy nut but perhaps they were asked not to include such a warning for exactly that reason. It wouldn't be the first time the government has asked private industry to make it easier to snoop.

Re:"deliberate choice" (0)

Anonymous Coward | more than 4 years ago | (#33101452)

No. The phone manufacturers deliver a product acording to the GSM Standard what includes a warning when using an unencrypted network. It's the *carriers* that disable the warning via the SIM card 'cause they fear more supportcalls when a user roams into an unencrypted network like india or china.

(captcha: Pothole. How does slashdot know that??)

Re:"deliberate choice" (1)

stonewallred (1465497) | more than 4 years ago | (#33101470)

Uh, think the NSA got the telecoms to do more than make it easier to snoop.

Re:"deliberate choice" (4, Interesting)

hitmark (640295) | more than 4 years ago | (#33101482)

have GSM encryption ever been about end to end encryption? My understanding is that the encryption only covers the radio signal, so that someone with a radio scanner cant just grab the call out of the air. The police can get a warrant and make a call to the telco and have them set up a tap at the base station or some other convenient place.

i suspect the message is not there more out of convenience, as the message would be popping up all the time when going between stations of various generations. Also, we seem to be confusing handset makers (nokia, HTC, apple etc) with the telcos (AT&T, T-mobile). From the summary, its the SIM, not the phone, that says if the message should show or not. That means its the telcos that suppress the message, not the handsets. given the number of involved parties in the mobile phone business, it helps to place the blame where it belongs.

Re:"deliberate choice" (1)

Sique (173459) | more than 4 years ago | (#33101528)

It's not just about law enforcement. India for example forbids encrypted phone calls completely. If the warning was turned on, phones in India would complain about non encrypted connections with every reconnect to an antenna.

Re:"deliberate choice" (3, Funny)

Auckerman (223266) | more than 4 years ago | (#33101632)

Call my a conspiracy nut

Not a problem, I'll get his number from the CIA.

Re:"deliberate choice" (0)

Anonymous Coward | more than 4 years ago | (#33102076)

So wait, law enforcement use a method to interception that would be compromised if that warning was displayed, and phone manufacturers fail to enable such a warning? Call my a conspiracy nut

No, you are a conspiracy nut. The government doesn't need to do this elaborate sort of thing.

The government gets the phone company to record the phone call instead. Much easier, no fuss, no muss, and completely undetectable by the phone user.

Re:"deliberate choice" (0)

Anonymous Coward | more than 4 years ago | (#33102608)

Call my a conspiracy nut

Tried, but noone was answering the phone at the nsa...

Re:"deliberate choice" (0)

Anonymous Coward | more than 4 years ago | (#33106450)

Law enforcement agencies do NOT use this method for interception. Never had and never will. They simply contact the carriers Law Enforcement liaison unit, provide the necessary paperwork (warrant or similar depending on jurisdiction) and the intercept is provided by the carrier from the "backend" via the in-build interception mechanisms in every mobile/fixed network deployed worldwide.

Which SIM card to buy (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33101260)

So which manufacturers/service providers leave the encryption warning intact?

Some interesting and troubling points (4, Informative)

UnknowingFool (672806) | more than 4 years ago | (#33101268)

The device works only on 2G GSM. While Chris Paget did not demonstrate it, he noted that he could also set up the device to block 3G signals and thus force all calls through 2G.

Re:Some interesting and troubling points (0)

Anonymous Coward | more than 4 years ago | (#33101388)

Once again, I'm glad I'm on CDMA with Verizon Wireless.

Re:Some interesting and troubling points (3, Informative)

citizenr (871508) | more than 4 years ago | (#33101758)

GSM blocker is only $30 on dealextreme
http://www.dealextreme.com/details.dx/sku.28714 [dealextreme.com]

if you only screw 3G antenna it will block 2110~2170MHz leaving 930~960MHZ alone

If it is the SIM card disabling the warning?? (3, Insightful)

Sigurd_Fafnersbane (674740) | more than 4 years ago | (#33101274)

Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed. Even though the GSM spec requires it, this is a deliberate choice on the cell phone makers, Paget said."

I am not sure I understand the above text. If it is the SIM card disabling the setting, why is this then labeled a deliberate choice by the cell phone makers?

Also I have seen at least on numerous Nokia mobile phones that an icon in the display notify you at least in some instances when encryption is disabled. (This happen quite frequently in e.g. China).

Re:If it is the SIM card disabling the warning?? (5, Insightful)

maxwell demon (590494) | more than 4 years ago | (#33101298)

I am not sure I understand the above text. If it is the SIM card disabling the setting, why is this then labeled a deliberate choice by the cell phone makers?

Why can SIM cards disable the warning? Well, clearly because the cell phone allows the SIM card to disable the warning.

Re:If it is the SIM card disabling the warning?? (1)

Sigurd_Fafnersbane (674740) | more than 4 years ago | (#33101348)

If that is the case, it must be specified how a SIM card request this blocking from the phone. Otherwise this is not likely to work between different manufacturers of phones and SIM cards. If there is a specified way of doing this it must be within the GSM protocol to do so.

Alternatively this is a behavior specified by certain network operators who buy phones and SIM cards in bulk and mandate an in-official spec extension from both the SIM card and the phone manufacturer.

In the latter case I think the problem is with the operator. You cannot blame Nokia, Motorola, Samsung, Apple etc., from making business with AT&T, Vodafone, Hutchinson and the like. If an extra feature is a requirement for selling to these operators in the first place what are you to do? The customer is always right and in the subsidized markets the customer is the operator and not the punter using the phone.

Re:If it is the SIM card disabling the warning?? (1)

hitmark (640295) | more than 4 years ago | (#33101522)

operators in some parts of the world loves to mess with phone firmwares. Thats one reason why symbian phones never made it big in USA, as nokia didnt like them doing so.

Re:If it is the SIM card disabling the warning?? (1)

Hal_Porter (817932) | more than 4 years ago | (#33101520)

It's probably part of the GSM and 3G specifications to allow for unencrypted networks.

Re:If it is the SIM card disabling the warning?? (1)

Hal_Porter (817932) | more than 4 years ago | (#33101420)

I had an old Sony Ericsson K600i with a European SIM on a couple of trips to China and it would always warn about encryption being disabled.

There's no need for a the intelligence service of the US or an EU country to do this - they can just tell the telco to do a lawful interception [wikipedia.org] even on an encrypted line because lawful interceptions happen inside the network after the call has been decrypted.

Whether they disable the warning on Chinese SIMs I've no idea. I actually think most of the Chinese system is based on self censorship - so if people get the warning it's a non too subtle reminder that the government is listening.

That easy? (1)

synoniem (512936) | more than 4 years ago | (#33101314)

I find it quite astonishing that it is that easy to intercept GSM calls. And that phonemakers disable this warning is even more astonishing!

GSM doesn't look so easy here (1)

rduke15 (721841) | more than 4 years ago | (#33101804)

These guys may be able to intercept cell calls, but I can't even send an SMS message with Wammu on my Ubuntu machine.

The built-in Sony Ercicsson F3507g modem works for Mobile Broadband through Network Manager, but Wammu cannot use it to send an SMS.

And it doesn't work with my external phone either. On the rare occasions when Wammu can find the phone, it says it sent the SMS, but in fact it didn't.

So I sure admire these guys who can intercept calls with a laptop, while I need an XP virtual machine so that I can reliably send SMSes using "MyPhoneExplorer"...

Re:GSM doesn't look so easy here (1)

Y-Crate (540566) | more than 4 years ago | (#33102132)

You know what's going to happen, right? One day some setting will be changed somewhere in your provider's network, and the avalanche of SMS messages floating around in a buffer somewhere are going to finally reach their intended recipients. Very, very, very late. ;)

Ou of interest... (1)

muckracer (1204794) | more than 4 years ago | (#33101350)

So what are the currently available options for true end-to-end encryption between cell phones anyway?

Re:Ou of interest... (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#33101496)

Nothing, to the best of my knowledge, has been standardized(the encryption used to protect the inherently-vulnerable-to-nearby-eavesdropping wireless signals may be better or worse; but the carrier is treated as trusted).

On the plus side, now that quite powerful phones with general-purpose computer capabilities and fast data connections are available, there isn't anything stopping you from applying any of the technologies used by computers to protect data traveling over the public internet to your phone. You just won't be able to do so with anybody who hasn't set up something compatible.

Re:Ou of interest... (1)

PPH (736903) | more than 4 years ago | (#33105206)

there isn't anything stopping you from applying any of the technologies used by computers to protect data traveling over the public internet to your phone.

Steve Jobs saying, "That app isn't authorized."

Re:Ou of interest... (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#33105282)

I'm operating on the understanding that any iPhone you haven't jailbroken isn't actually your phone, it's just a leased device that you managed to pick up all the financial responsibility for...

Re:Ou of interest... (1)

PPH (736903) | more than 4 years ago | (#33105336)

And its not really yours even if you jailbreak it. In spite of a recent court ruling allowing users to jailbreak their equipment, there's nothing stopping the vendor or service provider from pushing out updates to re-take the phones.

Re:Ou of interest... (1)

hitmark (640295) | more than 4 years ago | (#33101530)

sip software with 128-bit or stronger public key encryption that only uses the mobile network as a data carrier?

Re:Ou of interest... (1)

Paracelcus (151056) | more than 4 years ago | (#33102494)

I already posted this further up, just Google Phonecrypt

Re:Ou of interest... (1)

stonewallred (1465497) | more than 4 years ago | (#33102752)

Don't say anything you don't want recorded by the police. Don't have phone turned on or even have battery installed if you don't want location noted by police. Communicate strictly by F2F meetings held in a cone of silence.

how would one reenable this warning setting (1)

electrogeist (1345919) | more than 4 years ago | (#33101356)

on iphone and android?

Re:how would one reenable this warning setting (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#33101434)

on the iphone you just ride your magical unicorn over the rainbow to Steve Job's castle in the clouds and he'll fix it for you personally.

Re:how would one reenable this warning setting (3, Insightful)

kidgenius (704962) | more than 4 years ago | (#33101506)

Here's the easiest way....have this guy not only publish his results, but his methods too. Put the plans up for free download so anyone can follow his plans and build such a device. When hundreds (or thousands) of these devices start popping up and people are getting spied on by their fellow citizens, there will be an outrage! (silly emphasis). After that, the manufacturers may start including the warnings. Note: using one of these devices probably already violates various cyber-laws, so that threat wouldn't deter many if it's hard to be caught.

Re:how would one reenable this warning setting (1)

Vellmont (569020) | more than 4 years ago | (#33101594)


When hundreds (or thousands) of these devices start popping up and people are getting spied on by their fellow citizens, there will be an outrage! (silly emphasis)

Heh. Like say the "outrage" of 20 years ago during the analogue era of cell phone when anyone with a scanner could listen in on cell phone calls? This was widely reported at the time. The response? Ban scanner makers from selling devices capable of receive on cell phone frequencies.

This kind of thing has been going on since wireless phones have been invented. 30 years ago it was listening in on cordless phones. People outrage lasts about until the next commercial and then they forget about it.

No outrage will happen (0, Troll)

rsborg (111459) | more than 4 years ago | (#33102414)

When hundreds (or thousands) of these devices start popping up and people are getting spied on by their fellow citizens, there will be an outrage! (silly emphasis).

Fact is, the GSM security notification was circumvented so the government(s) could snoop in on your conversations. Re-enabling security notifications would render many operational spy-jobs and much equipment (at the lowest levels) useless. For this reason alone, I'm pretty sure that there will be no outrage and no media circus. Instead the issue will be quietly ignored and (some) folks who run this kit will be sent to Guantanamo. All at the expense of our real security... think twice about sending CC details over a cell phone.

Re:No outrage will happen (1)

TheLink (130905) | more than 4 years ago | (#33102610)

The government could already snoop in on your GSM conversations.

1) If there's encryption enabled, it ends at the tower. After that they can listen in.
2) GSM encryption was intentionally designed to be weak enough to crack:

http://en.wikipedia.org/wiki/A5/1 [wikipedia.org]
http://groups.google.com/group/uk.telecom/msg/ba76615fef32ba32 [google.com]

The lack of these security notifications just makes snooping even easier than it already is.

Root cause (3, Informative)

cliffjumper222 (229876) | more than 4 years ago | (#33101418)

The root cause of this weakness is that whereas the 2G network can authenticate the handset (both the SIM and the ME), the handset cannot authenticate the network. It's assumed the 2G network is trustworthy, which in this case, it isn't. There's a stack load of problems with 2G (GSM) security including unilateral authentication, which leads to network impersonation; weak encryption (short keys and broken algorithms); lack of end-to-end or virtually end-to-end encryption; weak confidentiality; no data integrity algorithms; lack of visibility to the user that encryption is on, etc. A lot of these are fixed in 3G. See http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300.pdf [3gpp.org] and http://www.arib.or.jp/IMT-2000/ARIB-spec/ARIB/21133-310.PDF [arib.or.jp] . In this second PDF, section A.4 Hijacking of services describes this attack.

Re:Root cause (1)

hitmark (640295) | more than 4 years ago | (#33101554)

well, the GSM standard is nearly 20 years old now. Thats a lot of time in the tech world.

More likely the government? (1)

Low Ranked Craig (1327799) | more than 4 years ago | (#33101430)

this is a deliberate choice on the cell phone makers, Paget said.

After having been told to do so by the carriers who were told to do so by the intelligence collecting agencies of various governments via their respective communications ministries no doubt.

Re:More likely the government? (1)

PPH (736903) | more than 4 years ago | (#33105174)

After having been told to do so by the carriers who were told to do so by the intelligence collecting agencies of various governments via their respective communications ministries no doubt.

But it sounds so much nicer to say 'volunteer' after we remove the electrodes from your testicles (or drag your companies tax returns through every conceivable tax audit if you are inside the USA, where we don't do the testicle thing).

Verizon (1)

Digital Pizza (855175) | more than 4 years ago | (#33101438)

It'd be funny if Verizon used this as an advertising slam against the iPhone and ATT (though of course they won't). I wonder if something like this could be done against CDMA?

Re:Verizon (1)

hitmark (640295) | more than 4 years ago | (#33101578)

it would surprise me if not. Tho being a lesser used system, its a less interesting target.

Taking a big punding to the ass (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#33101442)

Most Linux users would love it but for the rest of us it sucks.

Hak5 (3, Informative)

doronbc (1434117) | more than 4 years ago | (#33101444)

He actually gave a talk [revision3.com] about this on Hak5. It seemed it could be accomplished using an USRP [ettus.com] and OpenBootTS [sourceforge.net]

Re:Hak5 (1)

Steauengeglase (512315) | more than 4 years ago | (#33107110)

It worries me that the USRP gets so much press. I'm sure it is good for ETTUS in the short term, but eventually the FCC is going to do some shit kicking when the masses realize that not only does such a thing exists, but that anyone can purchase it for $700. Lord help HAM radio operators and other RF hobbyist if 60 Minutes does a piece on it. They already have a hard enough time being viewed as whack jobs, adding "potential domestic terrorist" won't help.

Nothing to see here, please keep moving (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33101672)

there is nothing new here, the GSM ciphers were cracked years and years ago. This is a situation where the law protects users, not technology. The 3G guys learned their lesson and fixed the issues of 2G in 3G.

Haha (3, Interesting)

X.25 (255792) | more than 4 years ago | (#33101778)

I can't even explain how common this thing is, and how many geeks are playing with it.

He didn't actually *build* the hardware, he purchased it - some smart people actually build these things, and hobbyists play with it.

Why this guy felt like he had to take a credit for it is beyond me.

Re:Haha (1)

MacGyver2210 (1053110) | more than 4 years ago | (#33102140)

That's like saying "Oh cell phones are old news, this guy shouldn't take credit for hacking them".

Yes, radio transceivers are old news. No, not many other people use them in this way, and on these frequencies, and for this purpose, which is why this talk even made it to DefCon. Also, not many people understand the GSM spec well enough to circumvent(turn off) the encryption or to force use of the weaker 2G network.

If, as you claim, geeks are constantly doing this:

1. There would be a lot more geeks in Jail
2. This wouldn't have been worthy of a DefCon presentation

Quit being a wannabe hater and go learn what it actually does.

Re:Haha (3, Insightful)

Anonymous Coward | more than 4 years ago | (#33103170)

I can't even explain how common this thing is, and how many geeks are playing with it.

Try using a car analogy.

Why this guy felt like he had to take a credit for it is beyond me.

As clearly linked, Paget is demonstrating . This is the community equivalent of science journal peer review -- it's separating the facts from the FUD. This is Investigative Reporting, the third leg that Democracy stands on.

That is creditable, quite unlike "I can't even explain how common this thing is, and how many geeks are playing with it", which is as credible as any other sniggering teenager remark that's designed to say "I'm so cool and in the know, and you're so not."

Slashdotters are fixated on "privacy"... (1)

John Hasler (414242) | more than 4 years ago | (#33102284)

...but if I had a GSM phone (I have no cellphone at all, actually) I'd be a lot more interested in using this to set up my own cell and route my calls over the Net.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?