Skip to main content

$1,500 System Can Intercept Your Cellphone Calls

You see it in movies all the time when the characters pass sensitive information through a cell phone conversation. If you've watched any of the TV series 24, you'll know what sort of dramatic effect cell phones have.

Security researcher Chris Paget demonstrated a home made cell phone tower antenna that can spoof itself as a legitimate AT&T or T-Mobile (or any other GSM network) tower to intercept all outgoing calls.

The system is composed of two RF directional antennas that emits only 25 milliwatts, a laptop and open source software. The entire setup cost $1,500, with a significant portion of that being from the laptop.

The cell tower spoofing system is able to capture and record all outgoing cell phone conversations by intercepting the audio and then routing it through a VoIP system. Currently, the system is unable to intercept data, even if it's transmitted over EDGE.

Calls that are inbound to those connect to the spoofed cell phone tower will be routed straight to voicemail.

While one would be quick to criticize the GSM specification for the weakness, GSM phones and towers actually have encryption features. Phones are supposed to have the capability to tell the user when the phone call is no longer encrypted, but cell phone makers have chosen to disable the warning – perhaps to avoid dealing with customers concerned about the warning messages they are getting on their phones.

Paget demonstrated his technology by capturing about 30 phones on AT&T in the nearby vicinity. Anyone trying to make a call received a message first telling them that their calls were being recorded to a USB stick (which was destroyed after the demonstration).

As for those on 3G, Paget said that he could jam 3G signals and force phones to fall back to 2G mode so that they'd be susceptible to his interceptor.

Read more on Wired.