Seventeen mysterious cellphone towers have been found
in America which look like ordinary towers, and can only be identified
by a heavily customized handset built for Android security – but have a
much more malicious purpose, according to
Popular Science.
The fake ‘towers’ – computers which wirelessly attack cellphones via
the “baseband” chips built to allow them to communicate with their
networks, can eavesdrop and even install spyware, ESD claims. They are
a known technology - but the surprise is that they are in active use.
The towers were found by users of the
CryptoPhone 500,
one of several ultra-secure handsets that have come to market in the
last couple of years, after an executive noticed his handset was
“leaking” data regularly.
Its American manufacturer boasts that the handset has a “hardened” version of Android which removes 468 vulnerabilities from the OS.
Android Security: Towers in casinos
Despite its secure OS, Les Goldsmith of the handset’s US manufacturer
ESD found that his personal Android security handset’s firewall showed
signs of attack “80 to 90” times per hour.
The leaks were traced to the mysterious towers. Despite having some
of the functions of normal cellphone towers, Goldsmith says their
function is rather different. He describes them as “interceptors” and
says that various models can eavesdrop and even push spyware to devices.
Normal cellphones cannot detect them – only specialized hardware such
as ESD’s Android security handsets.
Who created the towers and maintains them is unknown, Goldsmith says.
Origin of towers ‘unknown’
“Interceptor use in the U.S. is much higher than people had
anticipated,” Goldsmith says. “One of our customers took a road trip
from Florida to North Carolina and he found eight different interceptors
on that trip. We even found one at South Point Casino in Las Vegas.”
Their existence can only be seen on specialized devices, such as the
custom Android security OS used by Cryptophone, which includes various
security features – including “baseband attack detection.”
The handset, based on a Samsung Galaxy SIII, is described as
offering, a “Hardened Android operating system” offering extra security.
“Baseband firewall protects against over-the-air attacks with constant
monitoring of baseband processor activity, baseband attack detection,
and automated initiation of countermeasures”, claims the site.
“What we find suspicious is that a lot of these interceptors are
right on top of U.S. military bases.” says Goldsmith. “Whose
interceptor is it? Who are they, that’s listening to calls around
military bases? The point is: we don’t really know whose they are.”
Baseband attacks are considered extremely difficult – the details of
the chips are closely guarded. “Interceptors” are costly devices – and
hacking baseband chips is thought to be technically advanced beyond the
reach of “ordinary” hackers, ESD says. The devices vary in form, and are
sold to government agencies and others, but are computers with
specialized software designed to defeat the encryption of cellphone
networks. The towers target the “Baseband” operating system of
cellphones – a secondary OS which sits “between” iOS or Android, for
instance, and the cellular network.
Goldsmith says that the devices cost “less than $100,000” and does
not mention what level or type of device his team has detected. Most are
still out of reach of average hackers, although freely advertised. One
model is the
VME Dominator,
which is described as, “a real time GSM A5.1 cell phone interceptor. It
cannot be detected. It allows interception of voice and text. It also
allows voice manipulation, up or down channel blocking, text intercept
and modification, calling & sending text on behalf of the user, and
directional finding of a user during random monitoring of calls.”
What has come as a surprise is how many “interceptors” are in active use in the U.S., and that their purpose remains mysterious.
Looks some really sneaky and underhanded stuff from our local government. Maybe from the secret Gull Organization itself. Let me what your thoughts are on this.
