Ethical hacker Chris Paget is scheduled to give a talk on cellphone insecurity at Defcon this Saturday, during which he means to demonstrate the possibility of interception of phone calls made by members of the audience through GSM networks by bypassing the cryptoscheme and using a home-made, low-cost IMSI catcher combining free open-source software and a $1,500 piece of hardware.
He’s intention is to demonstrate that what was previously an option accessible only to people and (law enforcement) agencies that have lots of money at their disposal, can be now employed by a myriad of random individuals with limited funds and questionable motives.
Thinking (rightly!) that this demonstration could raise privacy issues, he consulted the Elecronic Frontier Foundation about the whole thing and has taken some steps to allay privacy fears:
- Prominent warning signs about the demonstration including time, date and an URL for more information will be displayed in the area where calls might be intercepted, and participants will be warned to turn off their cellphone if they don’t want their calls to be intercepted.
- The machine intercepting the calls will have no hard drive, just a USB stick for local storage, which will be turned over to the EFF for destruction after the demonstration is over.
- “At all times, for all connected handsets, a best-effort will be made to connect calls successfully to their destination. It is unlikely that any 911 service can be provided, however a best effort will be made to connect any emergency calls to a suitable local destination.”
He posted this plan on his blog a week ago, but yesterday he notified the public that he heard that AT&T may be considering suing him to stop his talk, and he tried to explain that his demonstration will not be affecting the AT&T network – or any other network, for that matter.
Regarding a possible interference with 911 calls, he offers the following information: “If you’re in the room, need to dial 911 and you have a GSM phone you can just raise your hand and shout. In the extremely unlikely situation that someone near the room with a GSM phone connects to my demo network and also needs to dial 911, I am taking the extra precaution of ensuring that that person will be connected to someone local who can call for or send help.”
He also mentions that the destruction of the USB stick containing the logs, recordings, and other data will not be performed by the EFF, after all. “I’m open to suggestions for a trusted third-party to either destroy the logs generated during my demonstration or verify that they’re wiped,” he says.
Considering the troubles that controversial demonstrations and talks such as this bring to the speakers and the conferences, is it any wonder that Black Hat organizers are thinking of not announcing them until the last possible moment?