Interviewer: So this is really interesting and very powerful, but it raises a lot of questions
that certainly deal with intercepting people's cellular communication
could be used for evil. Presumably you're not using it for evil.
So what's the motivation for doing this and
and kind of how can you do this in an ethical way?
Carson: We're clearly not doing this to do evil ourselves.
However, we do this because it is already used to do evil by others.
For at least 10 years industrial-scale GSM cracking equipment has been available
and there's been very little talk about the system so far.
So this is an attempt to shine that light onto evil that is ongoing
spying on citizens, spying on host countries from embassies
spying in war zones on civilian populations that we want to uncover
and the result of this discussion that we've been having very publicly
was to GSM networks over the past two years is hopefully that these networks
now implement protections against what they perceive mostly as a publicity threat.
Because we are not actually doing anything evil but we say we could.
It is the ultimate convincing argument that you can intercept
the phones of even the phone company's executives.
So the ethical part of hacking includes both not doing evil
but convincing everybody to do the counter, in this case deploy
technical countermeasures or at least to warn customers that cellphones
are not as secure as companies would like them to be.
It always hard to say what would have happened had we not done this
but it may be time coincidental, it may be because of this research
networks are starting to upgrade or have been upgraded these past years.
More in newer networks, that is everywhere outside of the western world
but also in Europe and hopefully the US soon will start rolling out countermeasures.
Often times they find that these countermeasures are little more than
configuration changes, software patches, things that are overdue for many years.
Technology twenty years old that has been upgraded many times
adding MMS and fast-internet connections and visual voice mail
and all these things but the security hasn't been patched, even once.
Same works for the T-Mobile network here.
Same works against every network in Europe right now
pretty much every network outside of Europe. A few have been patched now.
The most secure network that we have seen recently was in Egypt.
Given that it's now not just defending your customers from ongoing evil
but also a possible publicity threat you're avoiding
there's a lot to gain for the networks and at the same it doesn't cost them very much.
So it just took a few research years to create the information base for them to act upon.
Interviewer: Thanks very much, Carson, this has been really interesting
and very cool what you showed us, thanks. Carson: Thank you.
