The attack Chris Paget showed Saturday illustrates weaknesses in GSM, one of the world`s most widely used cellular communications technologies.
His attack was benign; he showed how he could intercept a few dozen calls made by fellow hackers in the audience for his talk at the DefCon conference here.
"GSM is broken — it`s just plain broken," he said. GSM is considered 2G, or "second generation," cellular technology. Phones that run on the newer 3G and 4G standards aren`t vulnerable to his attack.
The device he built is called an "IMSI catcher," which refers to the unique International Mobile Subscriber Identity numbers that phones use to identify themselves to cellular networks. Paget`s device tricks nearby cell phones into believing it is a legitimate cell phone tower and routing their calls through it. Paget uses Internet-based calling technology to complete the calls and log everything that`s said.
There are more than 3 billion GSM users and the technology is used in nearly three quarters of the world`s cell phone markets, according to the GSM Association, an industry trade group.
BDST: 1345 HRS, 2 August 2010