Defcon hackers target cell phone security

Defcon hacking conference will feature eye-popping demo revealing the lack of security around cell phone networks

Attendees at the annual Defcon hacking conference in Las Vegas might be advised to keep their cell phones powered off at the show, where one prominent security researcher says he will demonstrate a way to transparently intercept and eavesdrop on cell phone calls.

Defcon veterans are accustomed to keeping up their guard during the show. That includes limiting (if not avoiding) Internet access during the show by shutting off wireless Ethernet adapters and steering clear of the hotel network at the Rivera Hotel, which has played host to the show for the past few years. Newbies who test the waters are likely to be hacked and have their visage displayed on the billboard-sized Wall of Sheep. That's just the way it is.

[ Get your systems up to snuff with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

But folks showing up to this year's show might also want to keep their cell phones and Windows laptops holstered, at least according to one well-known security researcher. Chris Paget of security firm H4RDW4RE, LCC said in a blog post that he would be conducting a "pretty spectacular demonstration of cellphone insecurity at Defcon" in which the researcher "will intercept the cellular phone calls of the audience without any action required on their part."

The presentation, dubbed "Practical Cellphone Spying," is described on the Defcon website as a demonstration of a method to operate an "'IMSI catcher" -- a fake GSM base station designed to trick the target handset into sending you its voice traffic: "Band jamming, rolling LACs, Neighbour advertisements and a wide range of radio trickery will be covered, as well as all the RF gear you'll need to start listening in on your neighbours."

Paget has warned about the dangers of insecure 3G implementations before. Notably, he called attention to the way that integrated circuit card IDs, like those belonging to high-profile iPad owners that were stolen by hackers from AT&T, could be used in more sophisticated attacks on cell phone users. The Defcon demonstration will put some of that research to the test.

1 2 Page 1
Page 1 of 2