If you"re taking a late-summer roadtrip, chances are your phone will be intercepted by a fake cell phone tower.
At least that"s what Les Goldsmith, CEO of ESD America and developer of the CryptoPhone 500, claims.
According to Goldsmith, his team -- using the custom-developed CryptoPhone, which provides a hardened version of Android with a wealth of unique security features and patches a number of flaws present in the stock Android OS -- discovered dozens of fake cell phone "towers" not belonging to any carriers which intercepted the device"s signal, allowing the tower"s owner to intercept any calls or communications and even "remotely push spyware to the device."
On a road trip taken from Florida to North Carolina by one of ESD America"s customers, Goldsmith says, the device encountered 8 different interceptors. This may not be shocking, except for the fact that baseband interceptors are very costly to produce and difficult to create, meaning that only the truly committed or those with many resources have the ability to make them. The team discovered one such interceptor at a casino in Las Vegas, but many were found on top of military bases and government facilities.
An ECHELON facility, part of an NSA program which functions similarly to the fake towers
On one such excursion by ESD America"s mobile security team, their phone was intercepted by a fake tower, and forced down from 4G to 2G -- a protocol which is much easier to exploit. Many higher-end interceptors, however, have the ability to "spoof" the signal so that the phone still displays a 4G connection despite being forced to 2G and exploited.
The fake towers may very well be operated by the government, Goldsmith says, but he also entertains the possibility that they could"ve been planted by a foreign government such as China to snoop on military communications. Regardless of the source or the intent, regular citizens are falling victim to the interceptors and running the risk of having their phone calls and even text messages intercepted by unknown parties.
Source: PopSci via ESET Blog |Top image via Shutterstock - SIM card on smartphone, bottom image via HAL Archives