Are your calls being intercepted? 17 fake cell towers discovered in one month

CryptoPhone users found 17 fake "cell towers" in a month, but don't know who deployed them or why. Most phones don't show any signs that they are a target of stingray surveillance, such as when users' calls are recorded, texts spoofed and location tracked. Although most of those interceptors trick a phone into connecting to 2G, Johnny Law is in a rush to upgrade "stingray" surveillance so it works over 4G LTE.

You wouldn't likely know if you are under cell phone surveillance, but you would if you were about to make a call and your phone displayed an unencrypted connection warning that states, "Caution: The mobile network's standard encryption has been turned off, possibly by a rogue base station (IMSI Catcher'). Unencrypted calls not recommended."

Through notifications such as that, CryptoPhone users found and mapped 17 fake "cell towers" in the U.S. during the month of July. While most phones can't find those interceptors, a $3,500 CryptoPhone 500 can. The phone has a Samsung Galaxy SIII body, but unlike the Android OS that comes standard on the Galaxy SIII and "leaks data to parts unknown 80-90 times every hour," ESD America hardened the Android OS by removing 468 vulnerabilities.

"Interceptor use in the U.S. is much higher than people had anticipated," said Les Goldsmith, the CEO of ESD America. He told Popular Science, "One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip.  We even found one at South Point Casino in Las Vegas." He added, "What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. Whose interceptor is it?  Who are they, that's listening to calls around military bases?  The point is: we don't really know whose they are."

Privacy groups have been fighting unconstitutional stingray surveillance for several years, yet there's still a great deal citizens don't know about the portable devices known as IMSI catchers, also known by the generic term "stingray." It acts like a fake cell tower and tricks your mobile device into connecting to it even if you are not on a call. It is used for real time location tracking; some can pinpoint you within two meters as well as eavesdrop and capture the contents of your communications.

Goldsmith conducts testing on his company's "baseband firewall" while driving by an unnamed government facility in the Nevada desert that runs an interceptor. "As we drove by, the iPhone showed no difference whatsoever. The Samsung Galaxy S4, the call went from 4G to 3G and back to 4G. The CryptoPhone lit up like a Christmas tree."

You might know your phone is being intercepted if it shows 2G, instead of 3G or 4G, but some interceptors claim to be "undetectable." The VME Dominator, for example, is marketed only to government agencies. It promises that it allows "you to intercept, block, follow, track, record and listen to communications using unique triangulation and other advanced technology," but "cannot be detected. It allows interception of voice and text. It also allows voice manipulation, up or down channel blocking, text intercept and modification, calling and sending text on behalf of the user, and directional finding of a user during random monitoring of calls."

VME Dominator is not the only 4G interceptor on the market. Martone Radio Technology also advertises 4G interception, and SS8 describes solutions for "Integrating Lawful Intercept into the Next Generation 4G LTE Network" (pdf). According to Goldsmith, "If you've been intercepted, in some cases it might show at the top that you've been forced from 4G down to 2G. But a decent interceptor won't show that.  It'll be set up to show you [falsely] that you're still on 4G. You'll think that you're on 4G, but you're actually being forced back to 2G."

Yet Ars Technica reported that law enforcement agencies are trying to come up with the funds to upgrade their "stingray" cellular surveillance systems before 2G and their ability to unconstitutionally spy on people becomes obsolete. AT&T, for example, will shut down its 2G network in 2017, but Verizon's network will support 2G until the "end of the decade."

Although it will be a long time before cell phones no longer support 2G, Johnny Law is working on upgrading Harris Corporation "Stingray" systems, with "Hailstorm," to support 4G LTE interception. The News Tribune in Tacoma reported on a March 2014 purchase order from the DEA, which stated, "The Hailstorm upgrade is necessary for the Stingray system to track 4G LTE phones."

According to Ars Technica, the Oakland Police Department, Fremont Police Department, and the Alameda County District Attorney joined forces by applying for a DHS grant to pay for the Hailstorm upgrade. "The entire upgrade will cost $460,000--including $205,000 in total Homeland Security grant money, and $50,000 from the Oakland Police Department (OPD)." In theory, more documents are being gathered and will be released this month by the Alameda County DA's office.

While the FCC seems to have known about cellular network vulnerabilities that stingrays exploit, last month it established a "task force" to investigate the "illicit and unauthorized use" use of stingrays. Instead of investigating law enforcement's use of such interceptors, the FCC "plans to study the extent to which criminal gangs and foreign intelligence services are using the devices against Americans." The FCC also refused the ACLU's FOIA request for stingray documents.

Meanwhile innocent Americans may be subjected to the "invasive surveillance technology" without ever knowing it is happening. ACLU technologist Christopher Soghoian said of stingray surveillance, "They are essentially searching the homes of innocent Americans to find one phone used by one person. It's like they're kicking down the doors of 50 homes and searching 50 homes because they don't know where the bad guy is."

If the framers of the Constitution could see how technology is being used against us, they would roll over in their graves.

Join the CSO newsletter!

Error: Please check your email address.

Tags galaxymsisurveillancesecuritymobile security

More about FCCGalaxyIMSINewsSamsungTechnologyVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Darlene Storm

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place