Recently we blogged about rogue cell towers (also called IMSI catchers, stingrays or GSM interceptors) and the potential risk they pose of intercepting cell phone calls. An ongoing investigation into the proliferation of these devices has found rogue cell phone towers all over the Washington, DC area—including near the White House, the US Capitol and the Supreme Court.
Researchers and information security specialists are concerned that the towers discovered so far might be only the tip of the iceberg. The systems are designed to be portable and can be operated from a vehicle or moved around at will. Many such “mobile base stations” could be active only on a periodic basis, making them even harder to find.
Once a cell phone or other mobile device connects to a rogue tower, a malicious actor can eavesdrop on calls and text messages, and possibly even push malware to the device. At least one organization is selling interceptors commercially, but its website states that federal law prohibits their use except by “the Government of the United States or any agency thereof.” The firm says its technology is “completely undetectable” (by conventional equipment, presumably), and that it enables the user to “intercept and/or modify voice and/or text.”
While our government authorizes some of these interceptors, it is highly likely that non-commercial versions of such systems exist and that their use is unregulated. The FCC has responded to sharp questions from Congress on this issue by creating a task force to combat these systems “to protect the cellular network systemically from similar unlawful intrusions and interceptions.”
Who is operating these rogue towers? US government agencies? Law enforcement? Sophisticated hackers? Foreign governments? Corporations? All of the above? At this point we just don’t know. At least one blogger points out that the towers are the “new favorite toy” of agencies from the NSA to your local police. Others speculate that the NSA and perhaps the FBI and some other agencies have no need for such tools; they can tap calls through the service provider. For that matter, according to Edward Snowden, the NSA is able to turn on a powered-off phone and use it as a listening device.
Who is most at risk from whoever is behind these towers? Individuals and organizations that are communicating sensitive and/or valuable information using mobile devices, especially with talk and text, would certainly have the most to lose. People using cell phones for personal interactions are less likely to be targeted for cybercrime even if their calls are routed through an interceptor.
What can individuals at highest risk do to protect themselves? Right now there a couple of technology options for those who can afford them:
- A German firm has developed a firewall that lets people know when their phone is connecting to a rogue tower. But for now it’s only available to enterprise customers using Android phones.
- The now-famous CryptoPhone 500 “goes off like a Christmas Tree” in the presence of rogue towers—indeed, it’s been the primary means of detecting them. But these phones are currently priced over $3,000.
- You might know if your phone is being intercepted if it displays 2G instead of 3G or 4G, but more sophisticated interceptor devices can get around that.
- If you suspect your transmissions may be intercepted, power down your device.
What can organizations do to protect themselves? The only viable approach to this and other unanticipated threats is to develop and apply a consistent, risk-based information security policy. To find out more, contact Pivot Point Security.