A hacker has showed how to break into a GSM network using open source software and gear costing less than $1500 (€1,148).
Chris Paget demonstrated the hack at the Defcon conference in Las Vegas, using two antennas to spoof AT&T and T-Mobile base stations, connecting dozens of cellphones in the room.
“As far as your cell phones are concerned, I'm now indistinguishable from AT&T,” he said.
The device tricks nearby cell phones into believing it is a legitimate cell phone tower and routing their calls through it.
“GSM is broken — it's just plain broken,” Paget added.
The hacker said that while recipients see caller IDs that differ from the cell numbers of the people calling them, the details displayed could easily be fixed with a software patch.
Paget’s is not the first “IMSI catcher” – police and security bodies around the world use expensive commercial systems to tap into GSM networks.
However, his hack using low-cost gear illustrates that the networks are now vulnerable to a broad range of attacks.
GSM, a standard developed by European vendors and telcos in the 1980s, uses strong encryption but in many cases operators do not enable it.
The hack does not threaten 3G and 3.5G systems, which are based on CDMA radio interfaces. However, the vast majority of cellphone owners in the developing world use GSM phones.
The GSM Association said in a statement that any eavesdropper would have difficulty targeting a specific user and that the interception only works within a certain range.