| Submit your comments on this article |
| -Land of the Free |
| Mysterious Fake Mobile Phone Towers Are Intercepting Calls All Over The U.S. |
| 2014-09-04 |
| [Business Insider] Seventeen fake mobile phone towers were discovered across the U.S. last week, according to a report in Popular Science. Tip firya Clyde, they are not "fake," they simply do not route traffic, at least not to the party you're attempting to call. Rather than offering you mobile phone service, the towers appear to be connecting to nearby phones, bypassing their encryption, and either tapping calls or reading texts. Les Goldsmith, the CEO of ESD America, used ESD’s CryptoPhone 500 to detect 17 bogus mobile phone towers. ESD is a leading American defence and law enforcement technology provider based in Las Vegas. ESD With most phones, these fake communication towers towers are undetectable. But not for the CryptoPhone 500. It is a customised Android device that is disguised as a Samsung Galaxy S III, but has highly-advanced encryption. Goldsmith told Popular Science: “Interceptor use in the U.S. is much higher than people had anticipated. One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one at South Point Casino in Las Vegas.” The towers were found in July, but the report implied that there may have been more out there. Although it is unclear who owns the towers, ESD found that several of them were located near U.S. military bases. Proximity to U.S. military installations enables connectivity to secure systems. Next question please. “Whose interceptor is it? Who are they, that’s listening to calls around military bases? Is it just the U.S. military, or are they foreign governments doing it? The point is: we don’t really know whose they are,” Goldsmith said to Popular Science. It’s probably not the NSA — that agency can tap all it wants without the need for bogus towers, VentureBeat reported: Not the NSA, cloud security firm SilverSky CTO/SVP Andrew Jaquith told us. “The NSA doesn’t need a fake tower,” he said. “They can just go to the carrier” to tap your line. Bypassing the "carrier" saves a lot of paperwork. Time is money. ComputerWorld points out that the fake towers give themselves away by crushing down the performance of your phone from 4G to 2G while the intercept is taking place. So if you see your phone operating on a slow download signal while you’re near a military base … maybe make that call from somewhere else. In an amazing coincidence, police departments in a handful of U.S. cities have been operating “Stingray” or “Hailstorm” towers which — you guessed it — conduct surveillance on mobile phone activity. They do that by jamming mobile phone signals, forcing phones to drop down from 4G and 3G network bands to the older, more insecure 2G band. Jamming, yes quite an amazing coincidence. |
| Posted by:Besoeker |
| #14 USN, Ret - I used to work designing, testing, gathering the infrastructure side of call flows, stats and such at the company with the batwings logos. I hated CALEA - its un-American. When I balked at some of it they brought in H1B visa holders to do it as they had no tradition of constitutional rights. I've had really lucrative ideas nixed by drones from a 3 letter org because their current sats couldn't snoop on it in another country. (US was never the problem as FBI gets all data on the land side.) Same for other mediums then RF. "You can't do that. We can use it to spy. We don't care if it has a market valuation in the 100s of billions to trillions we claim it." Autos and tires - look at ODB stds and some extensions that the EPA and Clinton's wanted. odb-iii starts getting bad http://lobby.la.psu.edu/_107th/093_OBD_Service_Info/Organizational_Statements/SEMA/SEMA_OBD_frequent_questions.htm |
| Posted by: 3dc 2014-09-04 23:55 |
| #13 Also TPMS for the tire pressure reporting. |
| Posted by: Skidmark 2014-09-04 23:54 |
| #12 Ret., check GM OnStar or Ford SYNC. IEEE is a good resource for CDMA tracking. |
| Posted by: Skidmark 2014-09-04 23:52 |
| #11 3dc: that is interesting (and scary) info; would you be so kind as to provide some references to the source material please?? |
| Posted by: USN, Ret. 2014-09-04 15:18 |
| #10 CrazyFool, some auto companies have been known to embed cellphones into engine computers and other devices for delivering actual use engineering statistics to the company. Unless you can sniff for it you would never know it's there. They know who owns the car (DMV registration) so if you have one of those autos your auto's position is always known. The pressure sensor in your tires is announcing itself to EPA sensors on the roads and highways. It has enough info to know the exact serial number of the tire so you can be tracked that way. At one point some idiots at EPA (Clinton era) wanted the ability to remotely shut your car down if it didn't have proper tire inflation with only the EPA able to revive it. Imagine the accidents when the EPA shut you down on the inside lane at 80mph in heavy traffic. |
| Posted by: 3dc 2014-09-04 11:24 |
| #9 Kerry Patton - NSA (Signals Intelligence) for Dummies: BLUF: Generally speaking, if it emits a signal or can be pinged, your communications and location are potentially at risk. |
| Posted by: Besoeker 2014-09-04 10:55 |
| #8 Interesting 3dc. It's amazing what you can learn at Rantburg U. Thanks! |
| Posted by: CrazyFool 2014-09-04 10:52 |
| #7 Also, unless turned off or the battery removed, your phone periodically tells the system where it is so the system can know where to ring an incoming call or send a text. So your position is always noted if a phone is on. |
| Posted by: 3dc 2014-09-04 10:41 |
| #6 Also, if any side of a cellphone conversation has the receiver and transmitter in the same hard-case you can kiss the native encryption goodbye. That's because one side of the base is easy to decrypt and you can crack the otherside by sonic feedback through the case making an echo of the message visible in the more encrypted side of the conversation. This provides enough of a hint to crack the encryption. (use hands free stuff on both sides) That said a good portion of a call can be recovered from the call detail log even if it wasn't one of the random calls sent to the FBI under CALEA. (oh and the FBI is entitled to all data under CALEA from every phone) |
| Posted by: 3dc 2014-09-04 10:35 |
| #5 ed - before GPS in phones we could do better than that at "Batwings" but the spooks would never listen when we tried to tell them how because they told us they were smarter then us and knew it all. The secret is the power strength measurement off the pilot beams. (for CDMA) A phone is constantly making these looking at many many pilots (each carrier sector base has at least one) . So with PSMs from over 17(normal min) pilots you can triangulate pretty damn well. Also if they are in a call the call detail logs (infrastructure side) show constant measurements for each leg of a call because the phone needs to decide when to do it's spiderwalk of soft, softer or hard handoffs (hard is a good way to drop a call) The phone constantly gives its measurements to potential hand-in sites as one moves about in in a call. You have to know pretty damn well where the phone is to make the call work in the first place since you are punching in on your Walsh Code at the precise time to not interfere with others and that requires knowledge of exact distance to the base/carrier/sector transmitter. For that reason all base stations have a GPS with time because every phone needs to know the exact time too. Prior to GPS in the phone they derived position only from the time signal in each of the pilots. Way before GPS we could calculate it down to inches. Further CDMA background - in CDMA it is normal to be connected to more than one base/carrier/sector transceiver at a time. You then do a spiderwalk of moving one leg of the call while keeping the others. If you are a normal customer your call typically has 3 legs. If you are a discerning customer and pay through the nose your call can have N-legs where N is directly related to $. If you are GSM tough titties it's not that elegant so you drop a lot. |
| Posted by: 3dc 2014-09-04 10:26 |
| #4 Got $3500 bucks for a spy-resistant cell phone? and more Here. |
| Posted by: JohnQC 2014-09-04 09:50 |
| #3 The small Stingray units are down to the size of a large paperback book now. The tech's can now walk through a complex or building and 'chase' a phone down to a 10 meter locale, with the GPS off. |
| Posted by: ed in texas 2014-09-04 07:40 |
| #2 Note to Bov, the particular hue of yellow highlight above is reserved for guest posters, in this case the tireless and oddly knowledgeable Besoeker. Similar in hue to Fred proprietary yellow, but lacking in chroma and a bit more cyan. |
| Posted by: Shipman 2014-09-04 07:32 |
| #1 Customer: Dude my Phone's not workimg, just says "searching" SmartPhone rep: are you in a good cellular coverage area? how many bars? Customer: Dude I am standing right next to a tower wtf!!! SmartPhone rep: uuuuumm.....have you tried restoring your phone...??? |
| Posted by: Bov Flimbers 2014-09-04 03:41 |