Credit: Seth Anderson
You wouldn't likely know if you are under cell phone surveillance, but you would if you were about to make a call and your phone displayed an unencrypted connection warning that states, "Caution: The mobile network's standard encryption has been turned off, possibly by a rogue base station (IMSI Catcher'). Unencrypted calls not recommended."
Through notifications such as that, CryptoPhone users found and mapped 17 fake "cell towers" in the U.S. during the month of July. While most phones can't find those interceptors, a $3,500 CryptoPhone 500 can. The phone has a Samsung Galaxy SIII body, but unlike the Android OS that comes standard on the Galaxy SIII and "leaks data to parts unknown 80-90 times every hour," ESD America hardened the Android OS by removing 468 vulnerabilities.
"Interceptor use in the U.S. is much higher than people had anticipated," said Les Goldsmith, the CEO of ESD America. He told Popular Science, "One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one at South Point Casino in Las Vegas." He added, "What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. Whose interceptor is it? Who are they, that's listening to calls around military bases? The point is: we don't really know whose they are."
Privacy groups have been fighting unconstitutional stingray surveillance for several years, yet there's still a great deal citizens don't know about the portable devices known as IMSI catchers, also known by the generic term "stingray." It acts like a fake cell tower and tricks your mobile device into connecting to it even if you are not on a call. It is used for real time location tracking; some can pinpoint you within two meters as well as eavesdrop and capture the contents of your communications.
Goldsmith conducts testing on his company's "baseband firewall" while driving by an unnamed government facility in the Nevada desert that runs an interceptor. "As we drove by, the iPhone showed no difference whatsoever. The Samsung Galaxy S4, the call went from 4G to 3G and back to 4G. The CryptoPhone lit up like a Christmas tree."
You might know your phone is being intercepted if it shows 2G, instead of 3G or 4G, but some interceptors claim to be "undetectable." The VME Dominator, for example, is marketed only to government agencies. It promises that it allows "you to intercept, block, follow, track, record and listen to communications using unique triangulation and other advanced technology," but "cannot be detected. It allows interception of voice and text. It also allows voice manipulation, up or down channel blocking, text intercept and modification, calling and sending text on behalf of the user, and directional finding of a user during random monitoring of calls."
Sign up for CIO Asia eNewsletters.