Security researcher Chris Paget recently demonstrated a low-cost, home-developed device – a cellphone tower replica, or Global System for Mobile communications (GSM) base station – which he used for hacking into the radio frequency identification tags (RFID) from a distance.

According to Paget, the cell phone base station essentially ploys cell phones into directing their outbound calls through his device; thereby enabling another person to intercept even encrypted calls in the clear.

The device that Paget has created works largely like the more expensive devices that are already being used by intelligence and law enforcement agencies – known as the IMSI catchers – that can catch phone ID data and content. Since the device can basically spoof a genuine GSM tower, it can easily cell phones to send data to the device by sending out a signal that is even stronger than legitimate towers in the area.

Noting that the working of the device highlights the extent of the cell phone network’s vulnerability as well as the fact that hackers can conveniently intercept calls for small amounts of money, Paget said during a speech at the Defcon security conference in Las Vegas: “There’s a good chance you won’t even know about it when it (the interception of calls) happens.” 

No wonder Paget’s speech got notable beforehand attention, with the authorities at the Federal Communications Commission having contacted him about his planned demonstration, to inquire whether he would be violating wiretapping laws!