At Defcon security conference, Researcher Chris Paget pulled demonstrated a much legal maneuvering as technical wizardry: eavesdropping on the cell phone calls of AT&T subscribers in front of thousands of admiring hackers.
“With about $1,500 worth of hardware and open source software, Paget turned two on-stage antennas into a setup capable of spoofing the base stations that connect the GSM cell phone signals used by AT&T and T-Mobile. Paget set his hardware to impersonate an AT&T signal, and dozens of phones in the room connected to his fake base station. “As far as your cell phones are concerned, I’m now indistinguishable from AT&T,” he told the crowd.
Paget invited anyone with an AT&T phone to make a call, and using his GSM hijacking trick, routed their calls through a voice-over-Internet system that connected their calls even while recording audio to a USB stick–which he promptly destroyed with a pair of scissors to make sure he hadn’t violated any privacy laws. The hack, after all, was intended to show the fundamental insecurity of GSM cell signals–not spy on callers.”