I love DefCon! Every year we get to hear about some new reason we should be walking around with tinfoil hats. The latest is courtesy of security researcher Chris Paget which mimics a cellular tower so that all of your phone calls go through it. It catches outbound calls and tricks phones into disabling their encryption while forwarding the call over VoIP.
It turns out that intelligence and law enforcement agencies use a similar technology but they cost quite a bit more than the $1,500 that Paget spent on his system. It does it by providing a stronger signal than what the real carrier towers are pumping out. The system only works on 2G GSM calls due to the vulnerability in the encryption that we have mentioned a few times. The interesting thing that Paget did was show that he could send a jamming noise to block 3G making phones fall back on the vulnerable 2G connection that he can listen in on.
Since users would be connected to a rogue tower this only works on outgoing calls since the carrier has no idea you exist. Incoming calls would just go to your voicemail. Paget had to deal with some issues the FCC raised due to regulations his demonstration would violate so he used the 900Mhz HAM radio spectrum which is used in Europe. I have to give him credit for creativity… I find it amazing when researchers take a potential vulnerability and show the real world ramifications.