The open-source kit that could snoop on your mobile calls

 

Gallery

By Reuters

Posted on 28 Jul 2010 at 08:17

A security expert claims to have devised a simple and relatively inexpensive way to snoop on mobile phone conversations.

Law-enforcement agencies have long had access to expensive mobile phone tapping equipment, known as IMSI catchers, that each cost hundreds of thousands of pounds.

Security consultant Chris Paget says he has figured out how to build an IMSI catcher using a $1,500 piece of hardware and free, open-source software. He claims that most wireless networks are incapable of guaranteeing calls won't be intercepted. "It's really not hard to build these things," he said.

Paget will teach other hackers how to make their own IMSI catchers on Saturday during in a presentation at the annual Defcon security conference in Las Vegas.

His technique only works with wireless systems based on GSM technology, which is used by most of the world's wireless carriers.

"GSM is broken," Paget claimed. He said he plans to demonstrate his low-cost IMSI catcher by asking audience members to make calls using GSM phones, than tap into their conversations from the podium.

Thousands of hackers will attend the Defcon conference in Las Vegas that starts on Friday, where researchers such as Paget will disclose security vulnerabilities in anything from mobile phones and business software to systems that run the electrical grid.

Their intention in teaching people how to break into things is generally to make the public aware of security risks and encourage manufacturers to boost protection in their products.