Well this makes sense[1], but will be really inconvenient:
- Don't use cellphones within 1,000 feet of the conferences to avoid phony cell stations.
For anyone going this year you know the conference is at the Rio as well as most of the guests attending.
The one thing I will say is that in his talk, Paget did say that GSM's security is broken, but 3G security is still (hypothetically) intact and much stronger.
So forcing your phone onto the WCDMA network only is probably the way to go while at the conference. (Settings > Wireless > Mobile Networks > Network Mode on Android)
It depends how you define "secure." There are numerous weaknesses of 2G (GSM) security that were addressed in the 3G (UMTS) standards. The major ones: 1) GSM supports one-way authentication only (handset to network), so man-in-the-middle attacks are possible; 2) encryption is optional, and when turned on by the carrier, only covers the air interface between the phone and the basestation, leaving base transceiver station (BTS) to base station controller (BSC) connections, often a microwave links, effectively unprotected; 3) GSM encryption keys are not long enough to make brute force attacks impractical (A5/1, the strongest version of GSM encryption, has a 64-bit key); 4) GSM does not support data integrity protection, making false BTS attacks like Paget's DEFCON demo possible; and 5) encryption keys and authentication data are transmitted in the clear within a network and between networks when the phone is roaming. (Ref.: 3GPP TS 33.120, 3GPP TS 21.133).
A 3G-only phone isn't susceptible to attacks that attempt to coerce a handset into 2G operation and exploit the weaknesses of GSM security. However, UMTS networks, because they're packet-based, still have to contend with DoS attacks and other Internet headaches.
- Don't use cellphones within 1,000 feet of the conferences to avoid phony cell stations.
For anyone going this year you know the conference is at the Rio as well as most of the guests attending.
The one thing I will say is that in his talk, Paget did say that GSM's security is broken, but 3G security is still (hypothetically) intact and much stronger.
So forcing your phone onto the WCDMA network only is probably the way to go while at the conference. (Settings > Wireless > Mobile Networks > Network Mode on Android)
[1] http://www.wired.com/threatlevel/2010/07/intercepting-cell-p...