Hacker Chris Paget demonstrated a GSM phone interception attack at the 18th Def Con security conference in Las Vegas.
Despite concerns that the demonstration would fall foul of the FCC since mobile phone interception is illegal in the US, Pagent showed what was described as an IMSI catcher. Running in test mode the software captured the IMSI numbers of 30 attendee's mobile phones in a matter of minutes.
Paget then then switched the software to a new mode where it impersonated an AT&T mobile phone tower. Phones that connected to the fake tower would have incoming calls go to voice mail but outgoing calls could be made. The attack could get around encryption, Paget said, by simply asking the handsets to drop GSM encryption when they connected.
Paget believed that the attack demonstration would not fall foul of the law because his attack operated on the 900MHz European GSM band which is not used in the US.
While many models of phone with quad-band radio functionality were effect, Paget said that iPhone's were the model that was fooled by the attack most easily. "It's actually been the bane of my existence trying to keep the damned iPhones away," he said.
Advertisement
Related Stories
- iOS update fixes bugs and security flaws May 8th 2012 at 5:45AM
- Microsoft fingers Chinese firm in RDP flaw leak May 4th 2012 at 3:00AM
- Microsoft fixes '0-day' Hotmail flaw Apr 30th 2012 at 12:19AM
- Global Payments breach of 1.5m credit cards Apr 3rd 2012 at 8:29AM
- Hacktivists lifted more data than criminal gangs Mar 22nd 2012 at 11:14PM
- Microsoft accused of leaking attack code Mar 18th 2012 at 9:30PM
- Lulzsec leader Sabu turned by the FBI Mar 7th 2012 at 1:15AM
- Over half of UK companies infected by malware Feb 13th 2012 at 11:57AM
- Google describes 'Bouncer' Android anti-malware system Feb 3rd 2012 at 6:41AM
- Apple OS X updates released Feb 2nd 2012 at 5:44AM
