Forgot your password?
typodupeerror
Security IT

AT&T Won't Block Black Hat Eavesdropping Demo 126

Posted by samzenpus
from the enough-rope-to-hang-yourself dept.
snydeq writes "AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week. Hacker Chris Paget last week said that he plans to demonstrate on Saturday how to set up what's essentially a fake cell tower that allows him listen in on nearby mobile calls. But Tuesday, he wrote on his blog that he had 'heard that AT&T may be considering suing me to stop my talk.' AT&T, however, has insisted it has no plans to interfere with the talk."
This discussion has been archived. No new comments can be posted.

AT&T Won't Block Black Hat Eavesdropping Demo

Comments Filter:
  • AT&T Doesn't Care (Score:5, Insightful)

    by OverlordQ (264228) on Wednesday July 28, 2010 @10:43PM (#33064574) Journal

    But what about the types of people that actually enforce the wiretapping and interception laws?

    • by Sycraft-fu (314770) on Wednesday July 28, 2010 @11:02PM (#33064718)

      I'm still not very convinced this is legal, and you want to be sure. While they might well say "It isn't like he caused any harm, just let it slide," they also might now. The law is the law and all that. Plus maybe some company pressures them in to it. Some provider who gets mad says "Hey, you need to charge this guy, he broke wiretapping laws!"

      When you are doing something all on your own equipment in a controlled environment, then sure you are good to go. So having a lab with what you need and trying it on your own stuff, that is legal. However intercepting random people in the area of your tower? Don't think that is legal, doesn't matter if you are doing it as a demonstration or not.

      • by msauve (701917) on Wednesday July 28, 2010 @11:13PM (#33064794)
        "I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal."

        It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.
        • by causality (777677) on Wednesday July 28, 2010 @11:41PM (#33064944)

          "I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal." It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.

          I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.

          Before CD players in cars were common, you could get standalone CD players that broadcast the audio in the FM band. The car's radio/tape-player could be set to FM and turned to that frequency to pick up the audio from the CD. This was acceptable because the transmitter is in the same vehicle as the FM radio, so tiny power levels were sufficient.

          I admit that I am not a lawyer and don't know much about FCC regulations. I get the impression they're not an agency with a sense of humor, and one you wouldn't want to have to deal with. Still, would cell frequencies be given some special treatment that is not given to FM radio frequencies?

          • by sumdumass (711423)

            They even had microphones that would transmit to a certain radio station. However, those devices were licensed and certified for a particular consumer use. It wasn't that you didn't need a license, it's that the device used a specific channel set aside for something like that.

          • by riT-k0MA (1653217)
            You still have something similar:
            A USB MP3-Player [amazon.com] which plugs into your cigarette lighter and transmits on FM frequencies.
          • If you'd run the whole experiment inside a Faraday cage, then it would be legal I suppose. But then, in order to get the point of this experiment proven, AT&T must cooperate (i.e., put one or more of their towers inside the cage).

          • by msauve (701917) on Thursday July 29, 2010 @06:00AM (#33066564)

            I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.

            Nope, not as a general rule. What you're thinking of are the small FM radio band transmitters (such as used for iPod to car radio), which the FCC allows under a specific rule (47 CFR 15.239 [gpo.gov]) which limits their output. No such rule is available for someone wanting to operate their own cell site. It's illegal, regardless of how low the power or how short the range. Another poster mentioned a Faraday cage; still illegal (even though you'd be unlikely to get caught).

            • by causality (777677)

              I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.

              Nope, not as a general rule. What you're thinking of are the small FM radio band transmitters (such as used for iPod to car radio), which the FCC allows under a specific rule (47 CFR 15.239 [gpo.gov]) which limits their output. No such rule is available for someone wanting to operate their own cell site. It's illegal, regardless of how low the power or how short the range. Another poster mentioned a Faraday cage; still illegal (even though you'd be unlikely to get caught).

              Thank you for correcting my misperception about this. It sounds like the people running this demo would be wise to tread carefully to make sure they don't run afoul of the regulations. No one in their right mind wants a massive federal bureaucracy coming down on them. This may in fact be why AT&T isn't worried about taking their own action.

            • by MobyDisk (75490) *

              Then how are microcells legal?

              • Re: (Score:3, Informative)

                by msauve (701917)
                The ones which are sold by carriers to consumers are authorized under the carrier's license, the same way the cell phones themselves are. 47 CFR 22.3:

                Authority for subscribers to operate mobile or fixed stations in the Public Mobile Services ... is included in the authorization held by the licensee providing service to them.

          • True in some jurisdictions and not in others. For example, those FM transmitters for iPods et al are illegal in some places.

        • Re: (Score:2, Interesting)

          by EETech1 (1179269)
          We have 3 pico (femto maybe) cells at my work that take cdma calls and data and route them into Verizon somehow (LAN?). We also have 4 Spotwave systems set up in other locations to re-transmit CDMA and GSM voice and data outside the building, so I'm quite sure it is legal to have the equipment, and transmit on Cell phone frequencies, because it is something that can be arranged by our help desk, and our telecom guy installs them and maintains them, as they are purchased, or leased by our company. Now being
        • Re: (Score:1, Insightful)

          by Anonymous Coward

          If he sets up his own "cell site," there's not a license to be found anywhere

          Funny, the "cell site" I run and maintain broadcasts on said frequencies and is perfectly legal.

          http://www.repeaterstore.com/products/repeaterkits/ [repeaterstore.com]

          I never had to contact the FCC nor AT&T for any such license either. In fact it was AT&Ts own team sent out whom recommended the hardware and configuration.

          The team was one sales droid and two techs, so I will give that these are not experts on law.
          But what they are experts on are acting as a representative of AT&T, and recommending this as standard

          • Re: (Score:3, Insightful)

            by msauve (701917)

            Funny, the "cell site" I run and maintain broadcasts on said frequencies and is perfectly legal.

            The manufacturers/sellers claim that, but funny, they never cite the regulations which would support such a claim.

            This is a grey area - if they are legal, it's for the same reason you don't need a license to operate a cell phone, because it's communicating with a system licensed for that frequency band (the cell carrier). Wilson, probably the manufacturer with the best reputation in this market, says "Wilson cell phone boosters fully comply with FCC regulations for cellular devices and are FCC type accepte

            • by msauve (701917)
              I should add...
              "because it's communicating with a system licensed for that frequency band (the cell carrier)..." with that licensee's authorization. When you use a cell phone, it is operating under the authority of the carrier's license. If you go to Verizon and buy one of the pico cells they carry, you're operating it on frequencies they have a license for, and with their authorization. If you buy and use a repeater from Joe's Repeater Shack, and your carrier has no knowledge of it, it is very likely illeg
        • So... what are you, AT&T, or the FBI going to do to prevent or track/trace or even find out about such exploits being used?

          Rhetorically "you", of course. Literally, though, how would anyone find out?

        • by sp332 (781207)
          Nope, the demo will definitely comply with FCC regs about operating in the GSM band. http://www.tombom.co.uk/blog/?p=195 [tombom.co.uk]
          • by msauve (701917)
            LOL. Not possible. He's obviously ignorant of the applicable regulations, since he is implying that low power somehow makes it legal.

            This isn't hard. He doesn't have a license from the FCC for the cellular band (he can't, because ATT does). Unlicensed intentional radiators are covered (mostly) by 47 CFR 15(c). There is no provision for unlicensed operation in the cellular bands.

            Cellular service is covered by 47 CFR 22, which clearly states:

            Sec. 22.3 Authorization required.

            Stations in the Public Mobile Services must be used and operated only in accordance with the rules in this part and with a valid authorization granted by the FCC under the provisions of this part ... (b) Authority for subscribers to operate mobile or fixed stations in the Public Mobile Services ... is included in the authorization held by the licensee providing service to them.

            Additionally, he will likely be in violation of 47 CFR 15.9:

            Sec. 15.9 Prohibition against eavesdropping.

            Except for the operations of law enforcement officers conducted under lawful authority, no person shall use, either directly or indirectly, a device operated pursuant to the provisions of this part for the purpose of overhearing or recording the private conversations of others unless such use is authorized by all of the parties engaging in the conversation.

            ...and

      • by Vellmont (569020) on Thursday July 29, 2010 @12:23AM (#33065128)


        "Hey, you need to charge this guy, he broke wiretapping laws!"

        That might be just a bit difficult to convince a jury, given that his "wiretapping" is going to be limited to a small area that likely includes just the conference room full of people their for expressly this purpose, for not particularly long. If anyone doesn't want to be "wiretapped" perhaps they can restrain themselves and not make any phone calls during that short period in that room.

        Why is it that some people are always so convinced "the law" is something like the laws of physics that's set in stone and not interpreted for a specific purpose?

        I'm guessing he'll be breaking FCC regulations. If someone wants to make some big complaint about the few minutes he'll be running his demo, well I'd help contribute to whatever pathetic fine they might try to assess. In reality this would never happen since the FCC has better things to do.

        • Re: (Score:3, Informative)

          by GrumblyStuff (870046)

          From what I've heard of jury duty and from people I know who have had jury duty, they strongly emphasis only whether or not the law was broken and will screen for anyone thinking. Guess if they can't get a plea bargin, they go for the next easiest thing.

        • That might be just a bit difficult to convince a jury, given that his "wiretapping" is going to be limited to a small area that likely includes just the conference room full of people their for expressly this purpose, for not particularly long.

          You expect a jury (or judge) to understand a technical issue? It will basically boil down to "ZOMG HAX, put him in jail!!!1one!"

          • by Vellmont (569020)


            You expect a jury (or judge) to understand a technical issue? It will basically boil down to "ZOMG HAX, put him in jail!!!1one!

            No, but I expect a jury or judge to understand that when you go to talk where the guy says he's going to listen in on a phone call for the next couple minutes that someone in the room makes, you just don't make a call unless you want everyone in the room to hear it. Why is this such a hard concept for some people to grasp?

      • It is a well known issue that none of the cell phone SPs are ever held accountable and yet always get to charge the big bucks for all those services. Just for the sake of showing how weak the system is, if I were that guy, I would go through with it even if there were cops there to take me in after the presentation for breaking a law...I am sure many
        people would help fund him for his his lawyer....we could all donate 1$ each...as well, this helps to promote more people to do this sort of thing, hence they w

      • by KDR_11k (778916)

        It's black hat hacking, it's not about legality. What he's showing is a security weakness that needs to be fixed.

        • by ewanm89 (1052822)
          Technically, it's white hat in that he is informing them of the security flaws. The fact he is also informing everyone in the underground/black market at the same time is irrelevant.
    • by Nikker (749551) on Wednesday July 28, 2010 @11:31PM (#33064898)
      As long as he only uses an informed and willing volunteer over a private connection would this demonstration really come under wiretapping laws? If they are going to send it through speakers infront of a crowd it would be more like an elaborate microphone than anything else.
  • by MoeDumb (1108389)
    Did he hear it over an AT&T line?
  • Rumour? (Score:4, Informative)

    by amirulbahr (1216502) on Wednesday July 28, 2010 @10:43PM (#33064580)
    So he blogged that he heard that AT&T might sue him to stop the talk, AT&T deny the rumour, it makes headlines.
    • Re:Rumour? (Score:4, Insightful)

      by bsDaemon (87307) on Wednesday July 28, 2010 @11:15PM (#33064810)

      Yeah. It's called "New Media." It's like news, but without the journalism degrees or standards of professionalism.

      • Re: (Score:3, Insightful)

        by chapstercni (238462)

        Yeah.. cause we can see how professional all those journalists are that have the degrees. They are impartial, and fact check everything.

        • Re: (Score:3, Insightful)

          by bsDaemon (87307)

          There are still plenty that do, although it's true that gone are the days of Cronkite. It's sad, really, but 24-hour news cycles mean they can't put as much time and effort into making sure that they cover relevant information accurately. That's not an excuse, more of an indictment. Do people even watch the evening news anymore?

          • Re: (Score:3, Funny)

            by inKubus (199753)

            Why does news only have to last 24 hours? Any story worth telling probably has at least a few years worth of action in it. Slow is better. Trust me.

          • Re: (Score:3, Interesting)

            by GrumblyStuff (870046)

            I try but they always tack on some celebrity or sports shit and then I turn off the TV.

          • by mattack2 (1165421)

            Yes, I watch the evening news every day (though lately I sometimes get the podcast instead and listen to the audio only).

      • Re:Rumour? (Score:4, Insightful)

        by houghi (78078) on Thursday July 29, 2010 @04:06AM (#33066034)

        It's like news, but without the journalism degrees or standards of professionalism.

        So it's like news?

    • by nmb3000 (741169)

      So he blogged that he heard that AT&T might sue him to stop the talk, AT&T deny the rumour, it makes headlines.

      To be honest, the first think I thought when I read his blog entry was "scapegoat". Maybe he realized his hack doesn't work quite right, or is flawed in some other way and wants an easy way out of giving the presentation? Claiming worry about a big lawsuit sounds pretty good for that.

      I'm betting at this point that AT&T came forward because they:

      1) Want to make sure he can't use them as an excuse, and
      2) They really want to know (probably more than most people) if the hack really works.

      I can easily see

    • by Phroggy (441)

      So where did he get the idea AT&T might sue? Did they tell him they might sue? Did someone else with inside knowledge of AT&T's plans tell him they might sue? Did some random person think to themselves, "hey, AT&T could sue!" and told him it was a possibility? Did he make it up himself and lie about it?

      Also, did AT&T decide not to sue because they looked at the situation, considered their best course of action, and determined that suing wasn't the right thing to do? Or did they decide t

  • by onionman (975962) on Wednesday July 28, 2010 @10:43PM (#33064582)

    Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.

    • Re: (Score:3, Informative)

      by DJRumpy (1345787)

      The right thing is to give these companies time to respond and to close potential security vulnerabilities before the information goes public. In this case, that obviously is not going to happen (by that I mean addressing vulnerabilities). I hate that they have to release this information in such a public way and wish they wouldn't, but I see the need for it all the same.

      • Re: (Score:2, Insightful)

        by MessedRocker (1273148)

        Sometimes the greatest incentive to change your ways is to have your foibles on public display.

      • I remember reading on another story about this demonstration that this vulnerability is one that's been known for a decent amount of time so far. If so, this is the needed course of action, since the companies won't change until word gets out that the system is unsafe.
        • I think it's not so much a matter of not knowing about this as a potential vulnerability, as it is a case of the hardware necessary to pull it off suddenly becoming cheap and affordable to just about anyone with the slightest interest in doing it.

          Perfect illustration of "exploit" that becomes possible due mainly to falling prices:

          My best friend owns two Blu-Ray players. One is Region "A". He bought it for $99 the day after Thanksgiving last year. The other is Region "B". He paid around $160 for it, includin

        • by klingens (147173) on Thursday July 29, 2010 @12:59AM (#33065294)

          There already was a public talk about this GSM vulnerability last december. Back then, the group cracking the protocol didn't have the hard/software to demultiplex the connections a GSM basestation has to handle in realtime. That problem is now solved and so the hack is fully functional. The rainbowtables needed to crack the protocol were publicly created for almost all of 2009. The GSM industry had PLENTY of time to react and get their shit together, instead they stonewalled, ignored and threatened the hacking group as Mr. Piaget described back in his December 2009 talk.
          The DECT industry group for cordless phones who use a similar encryption method but weaker as GSM had their protocol examined bofore that in 2008 or so by the same people. When the hackers approached the DECT people they were basically welcomed and both, DECT group and hackers, worked together on fixing the protocol, spec and especially implementations.
          Ironically the DECT industry group and the GSM association is made of largely of the same companies...

          • When the hackers approached the DECT people they were basically welcomed and both, DECT group and hackers, worked together on fixing the protocol, spec and especially implementations.

            This is great - is there a DECT2 now? My current phones are 900MHz spread-spectrum, but they don't seem to be widely available any longer.

            Ironically the DECT industry group and the GSM association is made of largely of the same companies...

            So perhaps the first hackers' group had a superior approach? I don't recally ever readi

            • Ironically the DECT industry group and the GSM association is made of largely of the same companies...

              So perhaps the first hackers' group had a superior approach? I don't recally ever reading about it - perhaps that was part of the success?

              I suspect the cellphone case has more government regulation of the protocols that would have to be tweaked.

    • by bogaboga (793279)

      Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.

      For AT&T, 'learning from research' would be admitting inferiority in a way. It's better for them to stay away officially then send geeks of their own to 'learn from the research', even though their own geeks failed to see iPhone problems before millions did.

    • by ScrewMaster (602015) on Wednesday July 28, 2010 @10:51PM (#33064636)

      Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.

      Time was when "research" and "AT&T" were damn near synonymous. But yeah, it's good that they're keeping the sharks in check.

      • Time was when AT&T wasn't just a name purchased by Cingular.

      • Re: (Score:3, Informative)

        by evilviper (135110)

        Time was when "research" and "AT&T" were damn near synonymous.

        There was a time when Nuclear Power Plants and "Westinghouse" were nearly synonymous, yet now they're making cheap toasters that don't work.

        The "AT&T" of today only happens to use the same name as the "AT&T" of years ago. Other than that, they died out entirely, much like Polaroid. What's now calling itself AT&T is, in fact, SBC, and has all the baggage associated with that shiftless company.

    • would it be evil for AT&T to give the FBI the location of the talk and express concern about the electronic transmitter being demoed, which broadcasts a signal to phones before they allow calls to be intercepted?

      what about every single person in the audience and surrounding city that might not really care how cell phone security works as long as people aren't advertising how to listen to their calls. he might have an angry mob on his hands.

      • If you could cover any significant urban area with a small and low powered antennae sitting on a table inside a theater, mobile calls would be a lot cheaper than they are. This is research, and it's being done inside the lab. Also, stopping research is fucking stupid. If I got my conference interrupted by the FBI, I would go ahead and sell the technology to spammers. That would be far worse. Do not attempt to stop research, ever. It is the wrong thing to do, both in ethical and practical considerations.

        • why would your new research mesh network node ever need to trick users of a competitors network and intercept their traffic? why not just demonstrate a call strictly over your own network relays? is it because the latency of such a network makes voice calls horribly awkward? the advertised device and method of interception has no applicable use for research other than unwarranted interception. the advertised demo is neither ethical or practical.
      • by pspahn (1175617)

        I was under the impression that if you went to Las Vegas, and something happened that you didn't want people to know about (maybe embarrassment, blackmail, or you don't want your grandchildren to know)... I thought it was supposed to stay there. Have I been lied to?

        Maybe I should visit Atlantic City instead.

    • I'll be impressed when I DON'T see the feds come busting in as a result of an "anonymous" tip...
  • Just because one person at AT&T said they won't do anything about it, there is absolutely no guarantee that someone else doesn't have different plans.
    There are many examples of a corporate spokesman saying one thing, while the company immediately did the opposite.

    just imagine:

    Well dressed spokesman speaking to TV reporter: "Absolutely not! There is no credibility to the rumor that there is any terrorist activities or police actions taking place at this facility! The rumors are absolutely false! I can
    • by bsDaemon (87307)

      Or when Kennedy came out saying that no Americans would be involved in any invasion of Cuba right about the time of Bay of Pigs fiasco with the CIA...

    • Re: (Score:3, Insightful)

      by nacturation (646836) *

      Just because one person at AT&T said they won't do anything about it, there is absolutely no guarantee that someone else doesn't have different plans.

      The way I read it was: "Oh no, we won't interfere with the talk at all. But just wait until you see what we do after the talk!"

  • While I detest AT&T on multiple levels, this shows that AT&T is thinking clearly(at least at the very moment at time). AT&T was probably advised, from a legal standpoint, that they(AT&T) had no legal basis to use to stop this demonstration. It is the same reason why we can learn how to build a multitude of bombs, learn how to make various drugs, and learn a plethora of various knowledge on the internet and out in the "real world". The First Amendment to the United States' Constitution can

    • by fuzzyfuzzyfungus (1223518) on Wednesday July 28, 2010 @11:06PM (#33064736) Journal
      On the other hand, if they don't kill it, the presenter may well have just committed a number of crimes in front of a live audience, and probably a fair few cameras)...

      If they don't, he'll just have some nastygrams to hang on his wall, and a story of being oppressed by the man, without any lingering consequences.

      They might just be ignoring it entirely, figuring that the Streisand effect is not with them on this one; but the path of maximum vindictiveness actually requires them to let him go ahead...
      • by LurkerXXX (667952)

        the presenter may well have just committed a number of crimes in front of a live audience, and probably a fair few cameras.

        A live audience filled with feds...

  • by Anonymous Coward

    Too many problems with the iPhones - personal towers might be a good idea

    • Too many problems with the iPhones - personal towers might be a good idea

      Maybe that's why AT&T doesn't want to block the presentation. They hope to learn something about building cell towers.

  • Headlines like that truly annoy me. The implication is that AT&T is going to allow eavesdropping when in fact they are just not going to stop a talk! I don't like AT&T but that doesn't mean I like to see them or anyone else incorrectly maligned!
    • the false implication is that the demo WILL happen. a demo has been scheduled... claims have been made, but there is certainly no certainty that the demo will actually happen and fulfill all the claims.
  • Defcon != Blackhat (Score:2, Informative)

    by baeyogin (461380)

    Different conference. My understanding is that the EFF is involved, and signs are being posted around the perimeter. Either way, I won't be using a GSM enabled phone. Should be interesting.

    • lol really? Is Defcon seriously marketing themselves as 'not blackhat' now? Man, they've really gone downhill. I don't want to go anymore. Time was that was their main selling point: convention of hackers, or which were definitely blackhats back in the day.
      • Re: (Score:2, Informative)

        by Anonymous Coward
        No, what baeyogin was saying is that the "Black Hat" conference takes place before DEFCON. They're both in Vegas, and Black Hat is the 28th-29th, while DEFCON comes afterwards.

        There's nothing 'non-' or 'un-blackhat' about DEFCON.
  • Somebody at AT&T should be getting a pat on the back. He or she just helped the company dodge a Barbara-Streisand-Effect bullet.
  • Remeber Adobe? (Score:5, Insightful)

    by PinkyGigglebrain (730753) on Thursday July 29, 2010 @12:31AM (#33065158)
    Anyone else remember how Adobe got the FBI to arrest and charged Sklyarov?

    It doesn't matter what some mediadroid says. All it would take is one phone call from the right person at AT&T to the right person in the DOJ.

    AT&T could deny any and all prior knowledge when the Feds arrest the presenter for breaking some law or another. Hell, AT&T could even call for his release afterward knowing that history would repeat itself.

    Considering how big AT&T is again there really isn't anything anyone can do even if they did move openly. Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.
    • Re: (Score:1, Troll)

      by Score Whore (32328)

      Remember when Chris Paget defamed AT&T by making up a false story of impending litigation in a lame attempt to create some press for himself?

      (That's one way it could go.)

      I also heard that Chris Paget only runs Windows Me on his desktop because he thinks everything else is just dumb. That's what I heard anyway.

    • by vlueboy (1799360)

      Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.

      Maybe. But AT&T is NOT cable. Dialup and DSL usually have competitors that we can flee to in case of poor signal or service. It's not like it runs most of the world's internet... it's just an American company, and faces hard competition from Verizon, Sprint, T-Mobile and others. If underdeveloped places provide only AT&T service, then consider yourself weird --the VZ map is the most complete one when it comes to cell service, if their ads have taught us anything all these years.

      Other than that, iPho

    • by evilviper (135110)

      Considering how big AT&T is again there really isn't anything anyone can do even if they did move openly. Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.

      AT&T, Verizon, and Sprint all provide competitive cell phone service. Sure, maybe you'd have to give up the exact model of cell phone you currently use, but that's it.

      "Home phone" is a bit of an anachronism now. Wire a cell

  • Listening in on cell phone calls was sometimes as trivial as turning on your TV to the right UHF station. If you wanted to get sophisticated, you bought a scanner to listen on the right frequency.

    It's interesting someone found a way to make a base station an do a MITM attack, but this is nothing compared to the massive problem with cloning, interception, and everything else than went on in the analogue era of cell phones for many many years.

  • No AT&T, you can't stop him. That is the problem, and the point of his talk.

    Sera
  • I wonder how many will actually cut AT&T some slack or give them credit for NOT interfering?
    • by Jaden42 (466735)

      I wonder how many will actually cut AT&T some slack or give them credit for NOT interfering?

      \insert is this your first time on slashdot joke here\

  • I think it is strange that we are now more worried about being sued then about the technical knowledge and the fact that if he can do it, everybody else can do it.

    And this is a place where everbody says IANAL. This is a place about IT. And yet most people are more concerned about the law then about the technical side of it all.

    • And yet most people are more concerned about the law then about the technical side of it all.

      This is surprising? A kernel panic doesn't get you sent to a rape cage.

  • by pinkushun (1467193) on Thursday July 29, 2010 @04:29AM (#33066146) Journal

    Senator Stampingston: Gentlemen, it's clear that we're in a universally precarious situation. Dethklok has summoned a troll.
    General Krosier: That's impossible, there's no such thing as trolls.
    Senator Stampingston: Then how do you explain the dead unicorns?

    Um... Okay, moving on to the next call...

    • The results would probably be much more like chatroulette... dude trying to get laid, dude trying to get laid, phone sex, kid talking to grandma, dude trying to get laid...
  • Don't they teach students about man-in-the-middle attacks anymore, these days?

  • How does an AT&T customer know he is connecting to a fake tower?

    He gets a signal.

    • by sorak (246725)

      To the person who modded me down,

      I understand the difficulty you must have. Life must be very stressful for you, these days. Having to groom the perfect goatee, spend all your time at Starbucks, and shop for black turtlenecks can take it's toll on a person.

      But please understand, what I did is known colloquially as a joke. Please look it up, while you still have a connection to the internet. And if you are doing this from a home computer, please let me advise you to use the scroll bars. Swiping your finger a

  • AT&T Won't Block Black Hat Eavesdropping Demo at Black Hat conference.

    But I'm sure they'll be blocking the wireless hacking demos at DEFCON.



    See ya'll there, gotta love these 2 conferences.

He keeps differentiating, flying off on a tangent.

Working...