Security engineers have discovered more than a dozen rogue cell towers across the United States silently intercepting cell phone calls and wireless data traffic and potentially passing them on to unknown individuals, law enforcement and national security agencies, or even foreign governments.
ESD America, the makers of the highly secure CryptoPhone, has discovered a growing number of unauthorized interceptors operating as cell towers, and warn the problem is probably much worse than its first survey shows, and does not account for an even larger number of privately owned mobile repeaters and base stations operating across the country.
Network World reports these unauthorized cell towers represent an enormous security risk if they are run by a malicious actor. Connecting to a rogue tower allows its operator to eavesdrop on your calls and text messages, as well as deliver malicious data payloads such as spyware or tracking software direct to an unsuspecting user’s smartphone.
In fact, with consumer-grade wireless devices programmed to automatically and quietly connect to any technically compatible cell tower, federal law at 47 U.S.C. 302a prohibits the use of interceptors except by the government of the United States and authorized law enforcement agencies.
While legitimate manufacturers of interceptors insist on proper credentials before selling the equipment, manufacturers in the Far East that have run a brisk business selling cell phone jammers on eBay illegal to use in the United States have found new revenue selling unsecure cell tower extenders and interceptor devices that could allow even a non-technical person to run his own rogue cell tower operation.
Les Goldsmith, the CEO of ESD America, told Popular Science he was surprised to find many of the identified interceptors “on top of U.S. military bases.”
“So we begin to wonder – are some of them U.S. government interceptors,” pondered Goldsmith. “Or are some of them Chinese interceptors? Whose interceptor is it? Who are they, that’s listening to calls around military bases? Is it just the U.S. military, or are they foreign governments doing it? The point is: we don’t really know whose they are.”
Those are questions members of Congress now want answers to, and they want those answers from the Federal Communications Commission, which promises a task force will combat the unauthorized interceptor devices.
The FCC may want to step it up, because this week, Goldsmith and Aaron Turner, president of IntegriCell took a road tour around Washington, D.C. and quickly identified 15 rogue cell towers up and running in the nation’s capital, including three on Pennsylvania Avenue alone. They used the very costly CryptoPhone as their guide.
Security experts believe the FCC is poorly equipped to deal with the rogue tower issue and have warned businesses that cell phone conversations are subject to eavesdropping and are not a secure form of communications. They also don’t believe cell phone companies are in a hurry to lock down their networks either.
“Unfortunately, right now, the carriers are focused on revenue and availability,” said Turner. “With all technology decisions, you always have to balance between integrity, availability, and confidentiality, and in this case the carriers have defaulted to availability. The solution is, people are going to have to protect themselves, the government’s not going to come and protect you. They may, in some strange, crazy and massive breach situation, but the everyday enterprise, for the everyday high-value individual, this is something where they’re going to have to be self-sufficient and protect themselves.”