Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers' Flying Drone Now Eavesdrops On GSM Phones

Soulskill posted more than 3 years ago | from the it-slices-it-dices-it-makes-juilenne-fries dept.

Robotics 90

Sparrowvsrevolution writes "At the Black Hat and Defcon security conferences in Las Vegas next week, Mike Tassey and Richard Perkins plan to show the crowd of hackers a year's worth of progress on their Wireless Aerial Surveillance Platform, or WASP, the second year Tassey and Perkins have displayed the 14-pound, six-foot-long, six-foot wingspan unmanned aerial vehicle. The WASP, built from a retired Army target drone converted from a gasoline engine to electric batteries, is equipped with an HD camera, a cigarette-pack-sized on-board Linux computer packed with network-hacking tools, including the BackTrack testing toolset and a custom-built 340 million word dictionary for brute-force guessing of passwords, and eleven antennae. On top of cracking Wi-Fi networks, the upgraded WASP now also performs a new trick: impersonating the GSM cell phone towers used by AT&T and T-Mobile to trick phones into connecting to the plane's antenna rather than their carrier, allowing the drone to record conversations and text messages on 32 gigs of storage."

Sorry! There are no comments related to the filter you selected.

Does it actually fly this time? (0)

Anonymous Coward | more than 3 years ago | (#36921506)

Last time we heard about the WASP, it was with a link to a video of the immediate crash.

RC planes will be illegal in (3, Insightful)

rbrausse (1319883) | more than 3 years ago | (#36921544)

3, 2, ....

cool toy, and the rationale "The number one reason we did this was because we were told it wouldn’t be possible” is THE reason why we as mankind are still innovative (okay, "because I can" is similar important)

Re:RC planes will be illegal in (0)

Anonymous Coward | more than 3 years ago | (#36921688)

I believe UAVs already are

Re:RC planes will be illegal in (1)

Anonymous Coward | more than 3 years ago | (#36924074)

In the US there are certain conditions with which one can operate a UAV. Here is the fed doc: http://www.faa.gov/about/initiatives/uas/media/UAS_FACT_Sheet.pdf

Re:RC planes will be illegal in (2)

ArhcAngel (247594) | more than 3 years ago | (#36922012)

I believe Rupert Murdoch expressed an interest in this last year.

Re:RC planes will be illegal in (1)

atomicxblue (1077017) | more than 3 years ago | (#36922228)

Why go through all that trouble when your reporters can just give people phones you control?

Re:RC planes will be illegal in (0)

Anonymous Coward | more than 3 years ago | (#36922286)

Oh, I see... same reasoning why all penises should be illegal...
Because some are known to be used for raping.

Oh, and while we're at it, why not ban all houses, as some houses are used to lock rape victims away.

Then we can move on to the real evil-doers, like fluffy bunnies (carry diseases that in rare cases kill people), adorable puppies (rabies) and sweet tweety birds (can be "the word [youtube.com] ", causing mass-riots).

P.S: This comment contains an automatic counter for moderators with lack of sarcasm detectors. The number can be seen, prepended by a minus sign, in the header. ;)

Re:RC planes will be illegal in (1)

PeanutButterBreath (1224570) | more than 3 years ago | (#36925770)

. . . and the rationale "The number one reason we did this was because we were told it wouldn’t be possible” is THE reason why we as mankind are still innovative (okay, "because I can" is similar important)

Its also the reason why we are plagued by old problems that are either boring or mostly afflict the poor or otherwise powerless, while much of mankind's innovation is focused on re-solving glamours or lucrative problems, creating attention-seeking gimmicks and other stupid-human-tricks.

The missing... (1)

gef7 (1789448) | more than 3 years ago | (#36921558)

....link!

Doesn't matter to me... (2, Insightful)

Anonymous Coward | more than 3 years ago | (#36921596)

I'm a Sprint customer!

Re:Doesn't matter to me... (0)

Anonymous Coward | more than 3 years ago | (#36922304)

I get it, you're trying to be funny. But you're actually correct, this only works on GSM 'cause the GSMA "forgot" to add mutual authentication. Meaning, only the handset has to authenticate itself to the nework, but not the other way around (the providers only care(d) about beeing able to bill someone, it was simply unthinkable that an entire GSM network infrastructure will fit into a milk carton in the lifetime of 2G-GSM...)

What.... (-1)

Anonymous Coward | more than 3 years ago | (#36921640)

no "I for one welcome our ..." comment yet ?

Re:What.... (0)

arootbeer (808234) | more than 3 years ago | (#36921664)

Seeing as the point is you wouldn't know it's there, how could you welcome it?

Re:What.... (1)

Anonymous Coward | more than 3 years ago | (#36922066)

Pascal's Wager?

Re:What.... (1)

arootbeer (808234) | more than 3 years ago | (#36922128)

Well played!

Are you there, Rupert (0)

Anonymous Coward | more than 3 years ago | (#36921720)

Ah, but this would be a marvelous way to gather news [wikimedia.org] !

can i buy this? (1)

cod3r_ (2031620) | more than 3 years ago | (#36921728)

on amazon maybe?

Time to build an open source Stinger clone (0)

Anonymous Coward | more than 3 years ago | (#36921756)

to bring down the drone...

Re:Time to build an open source Stinger clone (1)

Chronus1326 (1769658) | more than 3 years ago | (#36921900)

See my comment, three paragraphs down

Gamers rejoice! (1)

squidflakes (905524) | more than 3 years ago | (#36921774)

Every single day it seems like the future societies described in Shadowrun and Cyberpunk 2020 are that much closer.

Re:Gamers rejoice! (1)

ginbot462 (626023) | more than 3 years ago | (#36921850)

Still waiting on the Glitter Boys

If government was doing this (2)

ugen (93902) | more than 3 years ago | (#36921814)

If government was doing this - it'd be an outcry of "oh, the privacy". Hackers - "cool stuff".
I don't like these guys any more than I like the government and don't trust them any further than I could throw them.

Re:If government was doing this (1)

mjperson (160131) | more than 3 years ago | (#36921872)

Dude, a couple of hacker built a UAV that silently taps into cell phone conversations...

"If government was doing this..."

What on Earth makes you think that the army doesn't have this capability if a couple of guys at DefCon put it together in a few months?

Re:If government was doing this (0)

Anonymous Coward | more than 3 years ago | (#36922058)

WHOOOOOSH!

Re:If government was doing this (4, Insightful)

houghi (78078) | more than 3 years ago | (#36922118)

In the US they do not need one. They have direct access to the towers already. In other countries they already have this.

Remember the specifics that Bin Laden did not use cell phones? The reason this was mentioned was because if he had, they would have been faster in finding him. And how would they have done that? By using what they already have.

This all from the standard 'news' places, so basically a reading of the press releases.

So not only do I think they have it, I know they have it and they told us so.

Re:If government was doing this (0)

Anonymous Coward | more than 3 years ago | (#36929708)

Hackers don't have mandatory KPPs?

Re:If government was doing this (2, Insightful)

Gr33nJ3ll0 (1367543) | more than 3 years ago | (#36921878)

If the government was doing this it would be more than one, wouldn't be demoed to the public, and would be abused by the police to stalk ex-girlfriends. I suspect that in these guys hands it's slightly safer, though all bets are off if News Corp gets their hands on it.

Re:If government was doing this (0)

Anonymous Coward | more than 3 years ago | (#36922082)

The gov't already has it. [washingtonpost.com]

Re:If government was doing this (1)

cavreader (1903280) | more than 3 years ago | (#36923150)

Anyone using this type of tech can abuse it, including the freelance hackers out looking for their Lulz. I am sure the US government already has this capability and most likely some pretty fair defensive systems in place that are constantly evolving as more threats and weaknessess are identified. The increase in UAV reliance in military and intelligence ops alone should keep the sigint R&D adequately funded. Does the government use these types of capabilities illegally? I guess that depends on the area of operations and who is running the ops? This type of capability certainly provides the chance for misuse but do we stop developing this tech just because someone might do something bad with it? Certainly some tech can fall into this category such as the technology behind bio, chemical, and nuclear weapons but sigint tech?

Re:If government was doing this (1)

Danse (1026) | more than 3 years ago | (#36925342)

If the government was doing this it would be more than one, wouldn't be demoed to the public, and would be abused by the police to stalk ex-girlfriends. I suspect that in these guys hands it's slightly safer, though all bets are off if News Corp gets their hands on it.

Why would the government need it when they can already get all this stuff directly from the telecom companies anyway?

Re:If government was doing this (2)

rbrausse (1319883) | more than 3 years ago | (#36921918)

I don't like these guys any more than I like the government and don't trust them any further than I could throw them.

you have a point here. But you can throw those 2 guys much farther than the ~ 5M people of the executive branch of the US government...

Re:If government was doing this (1)

GooberToo (74388) | more than 3 years ago | (#36921926)

+100 Insightful.

Re:If government was doing this (0)

Anonymous Coward | more than 3 years ago | (#36922056)

-200 Just for the hell of it.

Re:If government was doing this (0)

Anonymous Coward | more than 3 years ago | (#36923690)

At least you admit your comments should consistently get -200. If only we had a name to go with it.

Re:If government was doing this (1)

Anonymous Coward | more than 3 years ago | (#36921972)

Don't need to, they already have a fiber connected to AT&T's headquarters. http://www.wired.com/threatlevel/2009/10/att-doj-foia/

Ooh, here is what they are using
"The (Narus) STA Platform consists of stand-alone traffic analyzers that collect network and customer usage information in real time directly from the message.... These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device" (Telecommunications magazine, April 2000). http://www.wired.com/science/discoveries/news/2006/05/70908

It was obvious to Klein that the splitter—a special glass prism—was being used to split the light beams in the fiber-optic cables into two signals—one signal carrying the message to its normal destination, the other carrying a copy to the NSA computers a floor below. Klein writes: “The important fact is that each separate signal contains all the information, nothing is lost, so in effect the entire data stream has been copied. What screams out at you when examining this physical arrangement is that the NSA was vacuuming up everything flowing in the Internet stream: e-mail, web browsing, Voice-Over-Internet phone calls, pictures, streaming video, you name it.” Klein learned from a co-worker that similar splitter cabinets were being used in other cities, including Seattle, San Jose, Los Angeles and San Diego.

The next big piece in the puzzle came when Klein found out that the NSA’s secret room included a piece of equipment called a Narus STA 6400.
http://www.icl-fi.org/english/wv/953/spying.html

Re:If government was doing this (3, Informative)

element-o.p. (939033) | more than 3 years ago | (#36921992)

I don't like these guys any more than I like the government and don't trust them any further than I could throw them.

Tassey and Perkins will demonstrate the WASP’s high-flying exploits at next week’s Black Hat Security Conference in Las Vegas...Tassey, a security consultant to Wall Street and the U.S. intelligence community and Perkins, a senior security engineer supporting the U.S. government [emphasis mine]... [suasnews.com]

In this case, the difference between "hackers" and "the government" appears to be negligible, at best.

Re:If government was doing this (1)

Anonymous Coward | more than 3 years ago | (#36922046)

The point isn't that you, an insignificant lemming, should like it. The point is that it is possible, contrary to what everyone has been saying, and that security against such things should be increased. Hacking isn't usually about destruction as much as it's about curiosity. The problem with our society is that when people find a glaring security defect the first response is to hate the person who found it, rather than congratulating them for being a pioneer and honest enough to alert people to the problem. Our absurd ostrich approach is the problem. If person X finds an exploit in a system and tells the administrators about it, we act as though they put the defect there... when in reality all they did was discover it.

Systems are flawed and without people finding the flaws that are willing to come forward about them, they remain open for more nefarious types to exploit.

Re:If government was doing this (1)

GooberToo (74388) | more than 3 years ago | (#36923766)

The problem here is, the security problems are both well known and well documented for over a decade now. No one doubts they exist. No one claims otherwise. The societal value added here, even to the hacking community, is a negative number.

Cool factor? Yes. Very cool? Yes. Untrustworthy douche bags? Yes!!!

Re:If government was doing this (1)

wolrahnaes (632574) | more than 3 years ago | (#36925852)

I disagree. The issues are real, but many question the threat posed by them. A few bored hackers building a proof-of-concept in their garage provides undeniable proof that not only is the threat real but it's well within the reach of anyone who cares to try.

Re:If government was doing this (1)

sjames (1099) | more than 3 years ago | (#36928620)

There are several reasons for this. The hackers won't be knocking at 3 A.M. to drag you off to gitmo if you should say your new suitcase is "the bomb". The hackers won't be compiling a database of everybody's phonecalls in case they need to prosecute and/or blackmail you later. The hackers will not be trying to dun you with 'targeted ads' based on your remarks to your friend on the phone.

The hackers are forthcoming and letting us all know about gaping security holes in public announcements. Odds are this has been around classified top secret in various government agencies that aren't actually supposed to be using the technology at all but do so daily.

Er... think a bit harder (1)

brunes69 (86786) | more than 3 years ago | (#36931950)

Your line of thinking should be more along the lines of "if these hackers with next to no money can do this, odds are the government is already doing it, has been doing it for a long time, time, and simply no one knows about it yet".

Re:Er... think a bit harder (0)

Anonymous Coward | more than 3 years ago | (#37070254)

Everyone knows the government can get into your phone conversations. But now the government knows that everyone can get into theirs. THAT is the point of this.

Will it decrease dropped call (1)

Bob the Super Hamste (1152367) | more than 3 years ago | (#36921822)

So will it decrease dropped calls or extend the range? Well either way AT&T can still claim "More bars in more places".

Re:Will it decrease dropped call (1)

Chronus1326 (1769658) | more than 3 years ago | (#36921990)

LOL neither, it just takes them, and sends them to the blackhole. It just pretends to be a cell tower. Just like visiting www.BankofAmerica.geocities.com Go ahead...give me your information

Re:Will it decrease dropped call (0)

Anonymous Coward | more than 3 years ago | (#36922380)

no, it must be proxying them. it talks about recording conversations, so it must be completing
the phone call for you or else all the recordings are just "Hello? .... Hello? ... Hello? - click"

Re:Will it decrease dropped call (1)

justforgetme (1814588) | more than 3 years ago | (#36931176)

I just put an order for a dozen of those to extend my WiFi network to the beach!

Is this really a good thing? (1)

Chronus1326 (1769658) | more than 3 years ago | (#36921890)

A product such as this, even if only used as a proof of concept, is quite dangerous, and I'd like nothing more than to shoot it down with a Stinger, and destroy all the R&D material. I find it interesting that they label this as a black-hat project, with malicious intentions, which it clearly is. They could have had a better public reception if it was pitched as a military tool to enable battlefield communications by the drone claiming to be a cell-phone carrier tower, like a temp cell tower.

Re:Is this really a good thing? (0)

Anonymous Coward | more than 3 years ago | (#36921976)

Because without those R&D materials it will be gone forever.
It's not like some people could independently create it themselv- oh wait.

Re:Is this really a good thing? (1)

Registered Coward v2 (447531) | more than 3 years ago | (#36923550)

A product such as this, even if only used as a proof of concept, is quite dangerous, and I'd like nothing more than to shoot it down with a Stinger, and destroy all the R&D material.

The beauty of it is tab a Stinger would probably never hit - no IR signature of note.

I find it interesting that they label this as a black-hat project, with malicious intentions, which it clearly is. They could have had a better public reception if it was pitched as a military tool to enable battlefield communications by the drone claiming to be a cell-phone carrier tower, like a temp cell tower.

It's not so much malicious as a way to show that communications are more vulnerable than we realize - and that with some ingenuity people can do some pretty good snooping. If they really were malicious they'd never tell anyone about it - and they seem to be pretty careful about how they go about it to avoid legal or ethical problems as well.

Re:Is this really a good thing? (1)

sycodon (149926) | more than 3 years ago | (#36925294)

Seems kinda like shooting you the chest with a .22 to show how vulnerable you are to lead bullets.

Re:Is this really a good thing? (1)

Registered Coward v2 (447531) | more than 3 years ago | (#36926002)

Seems kinda like shooting you the chest with a .22 to show how vulnerable you are to lead bullets.

No, I'd say it's more alike shooting a 22 into a gel target with a cheap ballistic nylon shirt to show how much damage it can do in an effort to ducat people who think that they are safe from a 22 bullet because they wear a "ballistic" nylon shirt.

WASP? (1)

balaband (1286038) | more than 3 years ago | (#36921892)

Abbreviation seems relevant: W.A.S.P. [wikipedia.org] ?

Re:WASP? (0)

Anonymous Coward | more than 3 years ago | (#36922164)

METAL!

Can't resist (1)

spaceplanesfan (2120596) | more than 3 years ago | (#36921922)

I for one welcome our new warflying overlords...

Hacking phones is much easier than that (1)

phonewebcam (446772) | more than 3 years ago | (#36921924)

If you work in a newspaper all you do is befriend a victim of crime, "donate" one to them out of the goodness of our heart and - wahay! - all your base are belong to us. [msn.com]

somewhere, somehow (1)

nimbius (983462) | more than 3 years ago | (#36921946)

Dick Cheney is wiping salty tears of joy from his puffy alabaster jowels,
as janitors for major wireless carriers are busy hefting cinderblocks from the toiletbowls of executive office bathrooms.

me? i take comfort in knowing as a cavedwelling nerd this might not affect me much. The only wireless I use is dedicated to reheating my pizza, and until proven otherwise my celluar conversations are typically deemed 'uncool' and of very little tactical value.

unless you too hate the fourth edition of DnD...

Re:somewhere, somehow (1)

Sir_Eptishous (873977) | more than 3 years ago | (#36923490)

DnD died after 2nd edition... Long live TSR!

I wonder how (1)

bugs2squash (1132591) | more than 3 years ago | (#36921964)

they got a license to use the GSM spectrum.

Re:I wonder how (0)

Anonymous Coward | more than 3 years ago | (#36922470)

That's a long story. They *think* they have a license, but they really don't. According to Chris Paget's slides [tombom.co.uk] (slide 6), they believe that they are in the clear because they think they are operating in a ham band.

FTFA:

That GSM hack is based on a demonstration that security researcher Chris Paget performed at Defcon last year, showing that with a powerful enough antenna placed close enough to target phones, the victims’ handsets can be tricked into connecting to Paget’s setup instead of the carrier’s tower. Perkins and Tassey have implemented the same tools in their airborne hacking machine, and like Paget, used a portion of the radio frequency band set aside for Ham radios to avoid violating FCC regulations.

There's supposedly an overlap in the Euro GSM 900 band and our Ham band between 902-914MHz, but this is actually incorrect (just see every other GSM frequency chart [wikimedia.org] online). The Cell phone (uplink) is actually in this band, and the tower (downlink) is 45 MHz greater. It's unfortunate that this little typo is cropping up like this.

Information is good! (2)

bshourd (1921628) | more than 3 years ago | (#36921980)

A lot of people seem to be upset that this hack exists. It's used for evil, after all.

But that's not the point. Aren't you *glad* that you know this is possible? Now that we are aware this can be done, we can start trying to protect against it. The real crime here would have been for these hackers to see a vulnerability, and ignore it. Then anybody else who found the vulnerability could exploit it without knowledge of it even existing. That's a hundred times more dangerous.

Kudos to these guys on their brilliance, and ethical kudos on unveiling it. Without people like this, we would never know that we were in danger. Although, as they say, ignorance is bliss.

Re:Information is good! (1)

TheLink (130905) | more than 3 years ago | (#36922564)

AFAIK companies were already selling equipment for listening in on GSM calls back in the 1990s. This was normally installed at the telco level.

The thing is such telco equipment in those days was usually very expensive, so it's not likely that some random hacker would be able to afford one for personal use, add the necessary other equipment and run his own "proxying" cellphone station.

But the TLAs/secret services of many countries were certainly already eavesdropping on GSM calls back then.

That said, back then (and even today) HAM radio enthusiasts could listen in on analog cellphones and cordless phones.

Re:Information is good! (0)

Anonymous Coward | more than 3 years ago | (#36923314)

Availability of information as a concept or theory is one thing, these guys built a tool to screw us all.

Re:Information is good! (0)

Anonymous Coward | more than 3 years ago | (#36923480)

Doesn't matter. There's already a tool out there called OpenBTS [sf.net] that's open source and easy as heck to get running. Been out for a few years too.

Emergency cell tower (5, Interesting)

Viadd (173388) | more than 3 years ago | (#36922130)

How often have you heard of people who are lost in the woods/at sea, and who could have called for help if they had cell phone connectivity?

They could fly one of these as part of a search. Even if the owner isn't actively using the phone, the drone could detect the electronic serial number of each phone in its coverage area and match it against the lost person's phone.

Re:Emergency cell tower (1)

digital photo (635872) | more than 3 years ago | (#36922312)

+1 Thank you. A positive use for military grade technology.

Re:Emergency cell tower (1)

Thud457 (234763) | more than 3 years ago | (#36922992)

How often have you heard of people who are lost in the woods/at sea, and who could have called for help if they had cell phone connectivity? They could fly one of these as part of a search. Even if the owner isn't actively using the phone, the drone could detect the electronic serial number of each phone in its coverage area and match it against the lost person's phone.

+1 Thank you. A positive use for military grade technology.

Sarah Conner disagrees.
(not quite sure of the correct plural usage here. Sarahs Conner ? Sarah Conners ? But what about Saras ? And O'Conners? Do T-800s implement Soundex? )

Re:Emergency cell tower (1)

gknoy (899301) | more than 3 years ago | (#36922934)

Wow. That's actually really brilliant.

Re:Emergency cell tower (4, Informative)

Thail (1124331) | more than 3 years ago | (#36923676)

After Hurricane Katrina, T-Mobile did something very similar. The mounted what is commonly referred to as a COW (Cell on Wheels) onto a helicopter, then flew over the flooded areas. If a cell phone attempted to connect to the tower (Any GSM handset, didn't have to be t-mobile) they were then able to fly around and triangulate the position and find survivors.

Re:Emergency cell tower (0)

Anonymous Coward | more than 3 years ago | (#36924276)

I was thinking this same thing, but my idea took it a step further. Put some satelite phone circuitry in the thing and presto! you restored cell service to that lost, injured, buried, etc person so they can describe their surroundings to rescuers in situations where the drone wouldn't be able to zero in on their location. This has the added benefit of allowing the operator at the other end to keep the person calm, and stationary. An injured person is much more likely to stay put and not risk injuring themselves further if they actually know help is on the way.

340 million word dictionary? (1)

seven of five (578993) | more than 3 years ago | (#36922310)

So how long does it take to go through 340 million words? And wireless networks aren't smart enough to lock you out after 10 failed attempts?

Re:340 million word dictionary? (0)

Anonymous Coward | more than 3 years ago | (#36924772)

What do they lockout? The MAC Address, easily spoofable, same as IP address and in the event that it did lock out it would simply deny service for any legitimate user.

You might want to search for aircrack-ng and see how it exactly works.

Re:340 million word dictionary? (0)

Anonymous Coward | more than 3 years ago | (#36927200)

Just for the record, if they are referring to WPA attacks then the attacking is done off-line using captured traffic from the target network. Since the brute force attack is done offline, the victim access point isn't being interacted with and would have no indications of an attack in progress.

WEP doesn't require a dictionary based attack.

Re:340 million word dictionary? (0)

Anonymous Coward | more than 3 years ago | (#36927706)

And wireless networks aren't smart enough to lock you out after 10 failed attempts?

When doing this, you'd probably take a sample of data from the network and try to decrypt it yourself, away from the prying eyes of the network. Then, once you've worked out what the password probably is, you can attempt a connection, and the network will treat you like its best friend.

Re:340 million word dictionary? (0)

Anonymous Coward | more than 3 years ago | (#36931696)

So how long does it take to go through 340 million words? And wireless networks aren't smart enough to lock you out after 10
  failed attempts?

They also aren't dumb enough to let someone else lock YOU out by sending 10 garbage attempts to the access point.

Re:340 million word dictionary? (0)

Anonymous Coward | more than 3 years ago | (#36936114)

So how long does it take to go through 340 million words? And wireless networks aren't smart enough to lock you out after 10
  failed attempts?

I am assuming that having access to college, junior college of some sort, with the right amount of ambition or imagination, one can create such a dictionary within weeks, may be less in a year. Another idea is t0 daisy chaining multiple ps3s.

Re:340 million word dictionary? (0)

Anonymous Coward | more than 3 years ago | (#36936276)

And wireless networks aren't smart enough to lock you out after 10
  failed attempts?

You're a silly man.

CDMA (1)

Bengie (1121981) | more than 3 years ago | (#36922438)

I wonder if this attack would work on CDMA. Even though it's a lot more expensive, can it be done? It's a basic MTM attack. Without some sort of public key system, how can we know if we're talking to a legitimate tower?

Re:CDMA (0)

Anonymous Coward | more than 3 years ago | (#36925182)

All US CDMA phones have a shared secret with the network used to derive the A-key. There's been little research into CDMA interception as it's quite a bit harder and GSM is just such an easy target.

Record Conversations? (1)

stinkyj (300739) | more than 3 years ago | (#36922552)

Sadly I've been stuck in telecom the last 10 years. I have to admit I scanned the article, but I missed the part where they connect their 'tower' to the phone company's network. So for argument's sake, let's pretend the mobile registers with the simulated BTS. What magic will connect them to another phone to record a conversation? I suppose they could fake the traffic to get the call connected, oh wait that would require another simulation of an SGSN and multiple protocol message, that I'm having real doubts about, but lets say they have done it somehow. We have an AT&T microcell here because of shotty coverage and that's a piece of junk.
What are you going to talk to? a prerecorded message that you've never heard before? then again some granny may tell them her shopping list...

Re:Record Conversations? (0)

Anonymous Coward | more than 3 years ago | (#36923124)

I have to admit I scanned the article, but I missed the part where they connect their 'tower' to the phone company's network.

Maybe you should go back and read the full article instead of "scanning" it

Re:Record Conversations? (1)

hrimhari (1241292) | more than 3 years ago | (#36923128)

Once the phone accepts the fake BTS, every request can be intercepted, which clearly includes dial-out with target ISDN. Then the other side of the hack only has to repeat the request with whatever connection it has.

They don't have to bridge it to AT&T or any real cell phone network. It suffices to bridge it to the fixed phone network or use a VOIP access like Skype-out.

I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fixed phone network. I believe it has been ruled illegal, but guess how effective that would be to stop this hack.

Re:Record Conversations? (1)

wolrahnaes (632574) | more than 3 years ago | (#36927332)

I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fixed phone network. I believe it has been ruled illegal, but guess how effective that would be to stop this hack.

It's trivial for anyone with a VoIP line or ISDN/T1 to send whatever number they want with a call, so if their carrier will accept and pass it along it'll reach the other end without trouble. Some carriers block sending any numbers which are not associated with the customer, but this is uncommon in my experience outside of residential-focused providers.

Time to wear the foil hat. (1)

russryan (981552) | more than 3 years ago | (#36923688)

Combine this cracking technology with the Japanese flying sphere (http://slashdot.org/index2.pl?fhfilter=flying+sphere ) for very flexible snooping.

I see a huge job offer in their future. (1)

pushf popf (741049) | more than 3 years ago | (#36923788)

I'm sure any number of military and intelligence agencies would be thrilled to give them a pile of money and all the cool toys they could handle.

To the builders and flyers of these spycraft (0)

Anonymous Coward | more than 3 years ago | (#36924104)

Let it be known, there is much interest in anti-spycraft technology and that they should be willing to shoot down their own crafts lest they be captured by some law-abiding citizens/hackers out there, somewhere.

hack into their rc and crash it into the (0)

Anonymous Coward | more than 3 years ago | (#36924248)

ground

i am sure the Feds want one of these.... (1)

hesaigo999ca (786966) | more than 3 years ago | (#36925394)

Where are they taking orders, I want to get one..... before they become illegal to purchase.

Bugs? (1)

clanrat (707500) | more than 3 years ago | (#36930516)

Insects have antennae; radios use antennas. Sorry, pet peeve.

H.a.r.m. (0)

Anonymous Coward | more than 3 years ago | (#36931190)

Oh no, were in H.A.R.M.'s way!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?