> informatique > hardware > telecommunications-security > def-con-18-chris-paget-practical-cellphone-spying

DEF CON 18 - Chris Paget - Practical Cellphone Spying

DEFCONConference - 2013-11-08

Chris Paget - Practical Cellphone Spying
It's widely accepted that the cryptoscheme in GSM can be broken, but did you know that if you're within radio range of your target you can intercept all of their cellphone calls by bypassing the cryptoscheme entirely? This talk discusses the practical aspects of operating an "IMSI catcher", a fake GSM base station designed to trick the target handset into sending you its voice traffic. Band jamming, rolling LACs, Neighbour advertisements and a wide range of radio trickery will be covered, as well as all the RF gear you'll need to start listening in on your neighbours.

Chris Paget has over a decade of experience as an information security consultant and technical trainer for a wide range of financial, online, and software companies. Chris' work is increasingly hardware-focused, recently covering technologies such as GSM and RFID at venues such as Defcon and Shmoocon. With a wide range of experience encompassing software, networks, radio, cryptography and electronics, Chris enjoys looking at complex systems in unusual ways to find creative attacks and solutions.

For copies of the slides and additional materials please see the DEF CON 18 Archive here: https://defcon.org/html/links/dc-archives/dc-18-archive.html

UKM8 - 2019-07-10

Lol my wife's former ( Nigerian ) employer has for the last decade used similar technology he knows the in's and out's of everything we do.. During one of many court appearances he and his minions would all take out their sim cards before the judges entered the room replace the battery's and then then phones on... That was in 2010. Our phones ring other contacts from our phones with out any knowledge that we have rang until we get a call.. I use parrot to record all my calls but when I use the call recorder menu it will also have a unknown caller for the first 20 seconds and the it switches to the persons contact name..Amazing tech

Sjoer van der Ploeg - 2019-01-17

I was going to make a smart comment on the SMS part, but then I realized setting up a SMSC to relay messages would indeed not be identifiable by the receiver as the SMSC uses the CID from the MO (in this case you).

You could however intercept them and convert them into a flash SMS with the number added, sadly the recipient wouldn't be able to save the message...

Who still uses SMS, besides me? :p

Mike Hunt - 2017-05-25

Beep

Илья Найдов - 2014-09-20

On most Android phones there is a hidden radio settings app that is available through entering a code in the Dialer – there you can select "WCDMA only" setting instead of the default "WCDMA preferred" or "Auto" setting... I have my phone always in the 3G mode...