Listening in on Cellphones

I just got out of Tom Ritter, Doug DePerry and Andrew Rahimi’s amazing talk titled “I can hear you now” which was standing room only in the Palace room at Caesars.

In the talk they demonstrate how a Femtocell, which is a home cellular base station, can be used to emulate a cellphone tower and listen in on your phone calls. The full title is actually “I can hear you now: Traffic interception and remote mobile phone cloning with a compromised CDMA Femtocell”.

If a pic is worth 1000 words, a video is worth a million, so here’s Tom Ritter making a call and getting his phone call monitored by their hacked femtocell. You’ll notice from the video that they already have Tom’s voice being recorded before the call is even answered.

A femtocell is a box you can get from your cellphone provider that pretends to be a cellphone tower if you’re out of cellphone tower coverage. It connects to your home Internet and routes your cellphone calls over the Internet. Tom, Doug and Andrew show how they hacked into the femtocell and modified it so that when they walk into a room with their hacked femtocell, cellphones in the room will connect to their femtocell, their owners will think they’re connected to a regular cellphone network, and they can listen in on your voice calls, SMS’s and data.

The research to put this together is some of the most impressive and dedicated I’ve seen. They didn’t stop at simply recording voice, they managed to intercept SMS and went to extraordinary lengths to intercept data too. It took over a year to put this together. Congrats to the iSec Partners Team!!