What are all these fake cell phone towers?

Interest in CryptoPhone‘s secure devices has skyrocketed since Edward Snowden’s revelations of the NSA’s mass surveillance programs. As part of their research, CryptoPhone’s mobile security team was able to find and fix 468 vulnerabilities in stock Android and has also found that the version which comes supplied on the Samsung Galaxy S3 they tested with is leaking data somewhere between 80 – 90 times per hour.

Fake cell phone towers can often be detected by CryptoPhone’s devices. A map (below) provided by the company shows 17 of these potentially malicious towers which have been found by customers that can carry out “over the air” attacks when a mobile device connects to it. From this point, a variety of attacks can be installed including spyware for eavesdropping on calls and messages.

The CEO of ESD America, Les Goldsmith, has revealed that one of his customers took a road trip from Florida to North Carolina and connected to eight of these fake cell towers; even finding one at South Point Casino in Las Vegas.

So why has the US government not burned these towers down? Goldsmith speculates these towers could belong to the government due to often being right on top of US military bases. Alongside Snowden’s revelations of the NSA and their capabilities; this would appear to be the most likely scenario.

The hardware to achieve such an attack is expensive, and this rules out the likelihood of anyone other than a government-issued body being able to set-up a phony cell tower. Devices such as the VME Dominator can not only intercept calls and texts; but also actively control the phone.

Remote control is something which Snowden has previously revealed the NSA has the capabilities of achieving via an “over-the-air” attack. This even extends to the ability of seemingly switching-off a phone but leaving the microphone running as a “bug” to listen in on conversations without the device’s owner being aware.

So what devices are vulnerable? Every smartphone essentially runs a second OS which runs on the baseband processor and acts as a middleman between the main OS and the cell towers. Chip manufacturers guard details about their processors fiercely and therefore make it a challenging – but not impenetrable – method of attack. This means no device is completely immune.

Will the risks of fake cell towers make you more privacy-conscious? Let us know in the comments.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *