A security expert said he has devised a simple and relatively inexpensive way to snoop on cellphone conversations, claiming that most wireless networks are incapable of guaranteeing calls won't be intercepted.
Law enforcement has long had access to expensive cell-phone tapping equipment known as IMSI catchers that each cost hundreds of thousands of dollars.
But Chris Paget, who does technology security consulting work, says he has figured out how to build an IMSI catcher using a $1,500 piece of hardware and free, open-source software.
It's really not hard to build these things, he said.
Paget will teach other hackers how to make their own IMSI catchers on Saturday during in a presentation at the annual Defcon security conference in Las Vegas.
His technique only works with wireless systems based on GSM technology, which is used by most of the world's wireless carriers. In the United States, AT&T and T-Mobile USA, a unit of Deutsche Telekom AG operate on GSM systems.
GSM is broken, Paget said on Tuesday in a telephone interview. He said he plans to demonstrate his low-cost IMSI catcher by asking audience members to make calls using GSM phones, than tap into their conversations from the podium.
A spokesman for AT&T Inc, the largest U.S. carrier that runs a GSM network, declined comment. Officials with T-Mobile were not immediately available for comment.
Thousands of hackers will attend the Defcon conference in Las Vegas that starts on Friday, where researchers like Paget will disclose security vulnerabilities in systems from cell phones and business software to systems that run the electrical grid.
Their intention in teaching people how to break into things is generally to make the public aware of security risks and get manufacturers to boost protection in their products.
(Reporting by Jim Finkle, editing by Leslie Gevirtz)