Hacker Chris Paget demonstrated a GSM phone interception attack at the 18th Def Con security conference in Las Vegas.
Despite concerns that the demonstration would fall foul of the FCC since mobile phone interception is illegal in the US, Pagent showed what was described as an IMSI catcher. Running in test mode the software captured the IMSI numbers of 30 attendee’s mobile phones in a matter of minutes.
Paget then then switched the software to a new mode where it impersonated an AT&T mobile phone tower. Phones that connected to the fake tower would have incoming calls go to voice mail but outgoing calls could be made. The attack could get around encryption, Paget said, by simply asking the handsets to drop GSM encryption when they connected.
Paget believed that the attack demonstration would not fall foul of the law because his attack operated on the 900MHz European GSM band which is not used in the US.
While many models of phone with quad-band radio functionality were effect, Paget said that iPhone’s were the model that was fooled by the attack most easily. "It’s actually been the bane of my existence trying to keep the damned iPhones away," he said.