Bogus cellphone towers found in the US

Pierluigi Paganini September 02, 2014

CryptoPhone 500 security firm has found 17 bogus cellphone towers in the US with a heavily customized handset exploited for surveillance activities.

Seventeen mysterious cellphone towers have been discovered in the USA, they are identical to legitimate towers, the unique difference is related a heavily customized handset built for Android security. According to the Popular Science, the bogus cellphone towers have a malicious purpose

The fake cellphone towers were used by an unknown threat actor to eavesdrop mobile communication, but the infrastructures be used also to server malware. The disconcerting discovery was made by the users of the CryptoPhone 500, a company which sells secure handsets, after that an executive noticed his mobile device was “leaking” data. The company provides smartphone running a hardened version the Android OS, and company claims that its Android release is free from hundreds of flaws which affect commercial release. CryptoPhone 500 is commercialized in the US by ESD America and run on top of an unassuming Samsung Galaxy SIII body, features high-powered encryption.

“Les Goldsmith, the CEO of ESD America, says the phone also runs a customized or “hardened” version of Android that removes 468 vulnerabilities that his engineering team team found in the stock installation of the OS. His mobile security team also found that the version of the Android OS that comes standard on the Samsung Galaxy SIII leaks data to parts unknown 80-90 times every hour. That doesn’t necessarily mean that the phone has been hacked, Goldmsith says, but the user can’t know whether the data is beaming out from a particular app, the OS, or an illicit piece of spyware. His clients want real security and control over their device, and have the money to pay for it.” state the Popular Science.

After investigation, the data leaks were traced to the cellphone towers,  Goldsmith revealed that they also implement “interception” features and the possibility to inoculate malware in a wide range of connected mobile devices. Be aware that mobile devices on the market cannot detect the malicious activity, only hardened handsets which implement “baseband attack detection.” can do it. The Baseband attack detection allows to protect, through a firewalling mechanism, the cellphone against over-the-air attacks.


malicious cellphone towers baseban attack


The origin of cellphone towers is a mystery, they were located in different places in the US as explained by Goldsmith.

“Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says.  “One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip.  We even found one at South Point Casino in Las Vegas.”

Some of the bogus cellphone towers were discovered in proximity of U.S. military bases and this circumstance alarm intelligence and security experts that has no idea of who has installed and currently maintain a so expensive and complex apparatus.

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith.  “Whose interceptor is it?  Who are they, that’s listening to calls around military bases?  The point is: we don’t really know whose they are.”

Devices for traffic eavesdropping are not easy to acquire, law enforcement and intelligence agencies are principal buyers of this technology. Goldsmith confirmed that the devices deployed on the malicious cellphone towers cost “less than $100,000” avoiding to provide further details on the appliances discovered.

“The baseband processor is one of the more difficult things to get into or even communicate with,” says Mathew Rowley, a senior security consultant at Matasano Security.  “[That’s] because my computer doesn’t speak 4G or GSM, and also all those protocols are encrypted.  You have to buy special hardware to get in the air and pull down the waves and try to figure out what they mean.  It’s just pretty unrealistic for the general community.”

Goldsmith explained that  some devices are only able to passively listen to either outgoing or incoming calls, but most advanced solutions, like the VME Dominator, are able to actively control the mobile handsets.

The document leaked by Edward Snowden revealed that the NSA has developed these cyber capabilities and has technology to conduct so called over-the-air attacks. Recently, on August 11th, the F.C.C. announced an investigation into the use of interceptors to spy on Americans by foreign intelligence services and cyber criminals.

Pierluigi Paganini

(Security Affairs – cellphone towerscyberespionage)

you might also like

leave a comment