Hacker Intercepts Cellphone Calls with Homemade Kit

A white hat hacker has demonstrated an ingenious way of intercepting cellphone calls. The homemade do-it-yourself (DIY) kit uses $1,500 worth of equipment to help impersonate a cellphone relay tower.

Chris Paget demonstrated the technique on phones belonging to audience members at the DEF CON security conference in Las Vegas. He said it involved a flaw in the GSM cellphone technology used by AT&T and T-Mobile, but does not affect carriers Sprint or Verizon.

Hardware Acts as Relay

The principle of the trick is relatively simple: an inexpensive device known as an International Mobile Identity Subscriber catcher is set up to impersonate a cellphone tower. Because of the way it is done, the bogus tower appears the strongest in its area, meaning all phones on that network connect automatically.

The trickster can then intercept outgoing calls but reroute them to the correct person so that the two parties can have their conversation unaware someone else is listening.

Incoming Calls Harder To Catch

One drawback for snoopers: while this is being done, the real network will assume the phone is out of range and route all incoming calls to voicemail. However, a more expensive version of the IMIS catcher could be used to impersonate a specific handset and thus intercept incoming calls.

The attack only works on 2G networks. However, it's possible to use other equipment to block the 3G signal in a particular area, which will prompt nearby handsets to switch to 2G. (Source: pcmag.com)

Encryption Alerts Debated

The ability to impersonate a network tower isn't the only flaw exploited by the hack. Although GSM calls are normally encrypted, the equipment Mr. Paget used simply turns the encryption off for a particular handset. The GSM Association says phones using the system can alert users when the encryption is switched off, but Paget insists most manufacturers haven't included this alert feature. (Source: forbes.com)

Hacking Technique Has Limitations

There are some significant limitations to the interception technique. The most considerable: it only works over a limited range. The equipment costs enough that pranksters probably won't bother buying it just to listen in on random calls, and if they did, the chances of becoming a random victim (per se) are extremely low.

Instead, the technique is more likely to appeal to people who want to target specific phone users and know where they can find them. That means it's most likely to be of use in corporate espionage rather than common situations.