Defcon hackers target cell phone security

Attendees at the annual Defcon hacking conference in Las Vegas might be advised to keep their cell phones powered off at the show, where one prominent security researcher says he will demonstrate a way to transparently intercept and eavesdrop on cell phone calls.

Defcon veterans are accustomed to keeping up their guard during the show. That includes limiting (if not avoiding) Internet access during the show by shutting off wireless Ethernet adapters and steering clear of the hotel network at the Rivera Hotel, which has played host to the show for the past few years. Newbies who test the waters are likely to be hacked and have their visage displayed on the billboard-sized Wall of Sheep. That’s just the way it is.

[ Get your systems up to snuff with InfoWorld’s interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]

But folks showing up to this year’s show might also want to keep their cell phones and Windows laptops holstered, at least according to one well-known security researcher. Chris Paget of security firm H4RDW4RE, LCC said in a blog post that he would be conducting a “pretty spectacular demonstration of cellphone insecurity at Defcon” in which the researcher “will intercept the cellular phone calls of the audience without any action required on their part.”

The presentation, dubbed “Practical Cellphone Spying,” is described on the Defcon website as a demonstration of a method to operate an “‘IMSI catcher” — a fake GSM base station designed to trick the target handset into sending you its voice traffic: “Band jamming, rolling LACs, Neighbour advertisements and a wide range of radio trickery will be covered, as well as all the RF gear you’ll need to start listening in on your neighbours.”

Paget has warned about the dangers of insecure 3G implementations before. Notably, he called attention to the way that integrated circuit card IDs, like those belonging to high-profile iPad owners that were stolen by hackers from AT&T, could be used in more sophisticated attacks on cell phone users. The Defcon demonstration will put some of that research to the test.

Paget has been in hot water before for exposing glaring security holes in commonly used technology. This time around, the researcher isn’t taking any chances, especially given laws against the interception of telephone communications. With the help of the Electronic Frontier Foundation, Paget is going to extra lengths to make sure that his Defcon demonstration doesn’t bring the law down upon him.

Areas in which cell phone communications might be intercepted will be marked with warning signs about the ongoing demonstration, and users will be advised to turn their cell phones off, though the demonstration will only work on GSM-capable cell phones. Paget also said the demo will be performed from a machine with no hard drive, only a USB key for local storage, which will be turned over to the EFF immediately following the demonstration for destruction. Finally, the fake GSM station that will be used for snooping will be a low-power device, limiting its range.

The security of powerful, Internet-connected mobile devices has become a major concern for organizations, and regulators are beginning to require better security be applied to the data and transmissions to and from the devices. But five years after the infamous hack of Paris Hilton’s cell phone, security researchers warn that carriers have made few improvements to the systems and applications used to provision and manage cell phones and customer accounts.

It remains to be seen whether law enforcement or mobile operators like AT&T will step in to try to stop the demonstration. That kind of legal maneuvering is par for the course at shows like Black Hat and Defcon and, in almost every case, make for great PR (if also a lot of legal pain) for both the show and the researcher. Past shows have been notable for high-profile hacks — and legal fireworks — involving companies like Cisco and HID. We’ll see if history repeats itself this year.

This article, “Defcon hackers target cell phone security” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.