FCC concerned over DefCon mobile hacking talk
The FCC expressed concerns to a conference presenter, but it's unclear what authority it has to stop his talk
Chris Paget wants to demonstrate how easy it is to snoop in on mobile-phone conversations. The question is: Will the federal authorities allow it?
At the Defcon security conference in Las Vegas on Saturday, Paget is scheduled to demonstrate a device called an IMSI (International Mobile Subscriber Identity) catcher, which can be used to intercept mobile-phone data on the GSM (Global System for Mobile Communications) networks used by much of the world.
Such devices have been talked about by security researchers for years, but Paget wants to conduct a live demonstration. "The only way I can get the word out that people need to not trust GSM anymore is by demonstrating it," he said.
The U.S. Federal Communications Commission (FCC) contacted Paget Friday morning after reports of his impending talk were published. The FCC didn't tell him his talk would be illegal, but informed him of some relevant federal regulations, he said. "They expressed a number of concerns about the talk," Paget said Friday in a meeting with press at Defcon.
The agency raised concerns that Paget's device might transmit over licensed frequencies and that he might unlawfully intercept mobile-phone calls -- something he says he will take steps to avoid on Saturday.
After the meeting, Paget said he will go ahead with the talk but maybe not exactly as planned. "The only question is whether or not I'll be turning the radio on," he said. He could be warned, fined or possibly arrested, depending on what authorities make of the incident. He plans to check with his legal counsel -- the Electronic Frontier Foundation -- and will then decide whether to go forward.
The IMSI catcher is essentially a fake GSM base station that tricks handsets into dropping encryption and then sending it voice traffic. Using open-source voice over IP software, Paget is then able to forward calls to their intended recipients and listen in without the caller noticing.
Paget takes advantage of the fact that the U.S. ham radio band uses the same 900Mhz frequency as European GSM phones. He operates the IMSI catcher as a ham device, but U.S. mobile phones, many of which are capable of roaming outside the country, think they're connecting with a European GSM tower.
The demo works only for outbound calls, but Paget believes it is possible to intercept incoming calls using different techniques.
Controversy has surrounded the talk since Paget revealed the subject, with rumors that AT&T would sue to stop the demonstration. AT&T, however, has said it does not plan any such action. AT&T and T-Mobile USA both operate GSM networks in the U.S.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @ITworld
On Twitter now
DEFCON
Powered by TwitterOn Twitter now
DEFCON
Brian Proffitt
openSUSE: Not for sale today
pasmith
Two new sources fuel the Verizon iPhone rumor mill
sjvn
The Corporation has gone Open Source
Mike Elgan
What to do with your Google 'Social Circle'
Sandra Henry-Stocker
Unix How To: Give me that old-time security!
Dan Tynan
What's worse than privacy legislation? No privacy legislation
The IFA consumer electronics exhibition turns 50
Albert Einstein opened the 7th Great German Radio and Phonograph Show, the forerunner to today's IFA, in Berlin in 1930. The show marked the public debut of a prototype 'television receiver.' Since then, some products, like the 3DTV, were ahead of their time. Others, like the MiniDisc...well, just never got off the ground. Here's a look at IFA's storied past.
IFA 2010
Video: Samsung launches Galaxy Tab
3D content is king at giant tech show
Video: PlayStation 3 will be ready for 3D by October
Video: Sony announces music service, hints at TV service
Google's Schmidt to speak at Berlin show
3D, tablets galore expected at consumer electronics show
