Discussion:
Mysterious phony cell towers could be intercepting your calls
(too old to reply)
Thad Floryan
2014-09-04 04:41:32 UTC
Permalink
Raw Message
An article on SFGate today, Wednesday, 3 September 2014:

http://www.sfgate.com/technology/businessinsider/article/Mysterious-Fake-Cellphone-Towers-Are-Intercepting-5731884.php

linked to this Popular Article with F-A-R more information:

http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls

which begins:

Like many of the ultra-secure phones that have come to market in the
wake of Edward Snowden's leaks, the CryptoPhone 500, which is marketed
in the U.S. by ESD America and built on top of an unassuming Samsung
Galaxy SIII body, features high-powered encryption. Les Goldsmith, the
CEO of ESD America, says the phone also runs a customized or "hardened"
version of Android that removes 468 vulnerabilities that his engineering
team team found in the stock installation of the OS.

His mobile security team also found that the version of the Android OS
that comes standard on the Samsung Galaxy SIII leaks data to parts
unknown 80-90 times every hour. That doesn't necessarily mean that the
phone has been hacked, Goldmsith says, but the user can't know whether
the data is beaming out from a particular app, the OS, or an illicit
piece of spyware. His clients want real security and control over their
device, and have the money to pay for it.

To show what the CryptoPhone can do that less expensive competitors
cannot, he points me to a map that he and his customers have created,
indicating 17 different phony cell towers known as “interceptors,”
detected by the CryptoPhone 500 around the United States during the
month of July alone. (The map below is from August.) Interceptors look
to a typical phone like an ordinary tower. Once the phone connects with
the interceptor, a variety of “over-the-air” attacks become possible,
from eavesdropping on calls and texts to pushing spyware to the device.

“Interceptor use in the U.S. is much higher than people had
anticipated,” Goldsmith says. “One of our customers took a road trip
from Florida to North Carolina and he found 8 different interceptors on
that trip. We even found one at South Point Casino in Las Vegas.”

Who is running these interceptors and what are they doing with the
calls? Goldsmith says we can’t be sure, but he has his suspicions.

“What we find suspicious is that a lot of these interceptors are right
on top of U.S. military bases. So we begin to wonder – are some of them
U.S. government interceptors? Or are some of them Chinese
interceptors?” says Goldsmith. “Whose interceptor is it? Who are they,
that's listening to calls around military bases? Is it just the
U.S. military, or are they foreign governments doing it? The point is:
we don't really know whose they are.”

{ l-o-n-g article continues at the above Popular Science URL }

Thad
David Kaye
2014-09-04 05:20:20 UTC
Permalink
Raw Message
Post by Thad Floryan
Who is running these interceptors and what are they doing with the
calls? Goldsmith says we can’t be sure, but he has his suspicions.
If they're illegal, all one has to do is cut the power to them or otherwise
disable them and see who comes running. The question is easily solved.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Thad Floryan
2014-09-04 06:35:57 UTC
Permalink
Raw Message
Post by David Kaye
Post by Thad Floryan
Who is running these interceptors and what are they doing with the
calls? Goldsmith says we can’t be sure, but he has his suspicions.
If they're illegal, all one has to do is cut the power to them or otherwise
disable them and see who comes running. The question is easily solved.
Yet no one has done that apparently. A cell "tower" can be physically
small and easily hidden. Think of the femtocells that several cellphone
vendors make available for purchase or rent though I doubt something that
size would be able to "service" an area as large as has been suggested in
the PopSci article (e.g., interception is occurring while driving along
freeways, highways and presumably anywhere else in the "service" area).

As written in the PopSci article:

" What we find suspicious is that a lot of these interceptors are
right on top of U.S. military bases."

The situation could be similar to that which existed around the
Lockheed/BlueCube complex at US101 and Hwy 237: approach the area
and you would be shot dead with no warning according to the signs
that I saw there in the 1960s when I had to visit Lockheed Missiles
and Space Company with "equipment" I carried from the Electronics
Defense Labs (EDL) 1/4 mile away in Mountain View in the area bounded
by 237, Evelyn Ave, Ferguson Drive, and Whisman Road -- that entire
area is now a condo development, and even the train tracks on what
was the EDL's spur are now history.

Most likely some 3-letter agency is operating them and, as we know,
the NSA and cohorts will get off with just a slap on the wrist for
all the spying within the USA they've been doing given how the US
Constitution is being eroded/ignored by the present administration
using Executive Orders to bypass Congress and the US Supreme Court.

Thad
Keith Keller
2014-09-04 14:29:39 UTC
Permalink
Raw Message
Post by Thad Floryan
Post by David Kaye
Post by Thad Floryan
Who is running these interceptors and what are they doing with the
calls? Goldsmith says we can???t be sure, but he has his suspicions.
If they're illegal, all one has to do is cut the power to them or otherwise
disable them and see who comes running. The question is easily solved.
How naive. This assumes that someone in power cares about shutting
these towers down.
Post by Thad Floryan
Most likely some 3-letter agency is operating them and, as we know,
the NSA and cohorts will get off with just a slap on the wrist for
all the spying within the USA they've been doing given how the US
Constitution is being eroded/ignored by the present administration
using Executive Orders to bypass Congress and the US Supreme Court.
I'd almost prefer it be our government operating these shadow towers
than some commercial entity (or worse, another nation's government).
At least our own government is too incompetent to do anything serious
with most of the information they've gathered, and too unmotivated to do
anything serious with most of the rest. (Small comfort to those few the
government *does* end up targeting based on data from these towers.)

--keith
--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
David Kaye
2014-09-05 07:45:23 UTC
Permalink
Raw Message
Post by Keith Keller
Post by David Kaye
If they're illegal, all one has to do is cut the power to them or otherwise
disable them and see who comes running. The question is easily solved.
How naive. This assumes that someone in power cares about shutting
these towers down.
Why is my solution naive? I said nothing about anybody "in power" or the
government or anything. I simply said that disabling the unit would yield
an answer as to who's responsible. WHY do you trash everything I write?
Don't you have any hobbies, Keith Keller?




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
sms
2014-09-04 16:47:19 UTC
Permalink
Raw Message
Post by Thad Floryan
http://www.sfgate.com/technology/businessinsider/article/Mysterious-Fake-Cellphone-Towers-Are-Intercepting-5731884.php
http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls
Like many of the ultra-secure phones that have come to market in the
wake of Edward Snowden's leaks, the CryptoPhone 500, which is marketed
in the U.S. by ESD America and built on top of an unassuming Samsung
Galaxy SIII body, features high-powered encryption. Les Goldsmith, the
CEO of ESD America, says the phone also runs a customized or "hardened"
version of Android that removes 468 vulnerabilities that his engineering
team team found in the stock installation of the OS.
His mobile security team also found that the version of the Android OS
that comes standard on the Samsung Galaxy SIII leaks data to parts
unknown 80-90 times every hour. That doesn't necessarily mean that the
phone has been hacked, Goldmsith says, but the user can't know whether
the data is beaming out from a particular app, the OS, or an illicit
piece of spyware. His clients want real security and control over their
device, and have the money to pay for it.
To show what the CryptoPhone can do that less expensive competitors
cannot, he points me to a map that he and his customers have created,
indicating 17 different phony cell towers known as “interceptors,”
detected by the CryptoPhone 500 around the United States during the
month of July alone. (The map below is from August.) Interceptors look
to a typical phone like an ordinary tower. Once the phone connects with
the interceptor, a variety of “over-the-air” attacks become possible,
from eavesdropping on calls and texts to pushing spyware to the device.
“Interceptor use in the U.S. is much higher than people had
anticipated,” Goldsmith says. “One of our customers took a road trip
from Florida to North Carolina and he found 8 different interceptors on
that trip. We even found one at South Point Casino in Las Vegas.”
Who is running these interceptors and what are they doing with the
calls? Goldsmith says we can’t be sure, but he has his suspicions.
“What we find suspicious is that a lot of these interceptors are right
on top of U.S. military bases. So we begin to wonder – are some of them
U.S. government interceptors? Or are some of them Chinese
interceptors?” says Goldsmith. “Whose interceptor is it? Who are they,
that's listening to calls around military bases? Is it just the
we don't really know whose they are.”
{ l-o-n-g article continues at the above Popular Science URL }
The most likely explanation is that someone is trying to generate sales
of secure phones.
Jeff Liebermann
2014-09-04 18:10:27 UTC
Permalink
Raw Message
Post by Thad Floryan
His mobile security team also found that the version of the Android OS
that comes standard on the Samsung Galaxy SIII leaks data to parts
unknown 80-90 times every hour.
Parts unknown? Pardon my suspicious nature but Wireshark would show
the IP addresses of the destination rather easily. Something is
rather fishy in the vague nature of these cell phone leaks. Most
likely, it's all the stupid applications phoning home informing the
mothership that their customers are using their application. To
better improve the quality of the product, of course. Actually, I
don't recall any app that doesn't phone home. Fire up Wireshark and
sniff the outgoing traffic on a typical PC, and you'll see the same
type of traffic.
--
Jeff Liebermann ***@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
d***@36.usenet.us.com
2014-09-04 19:11:21 UTC
Permalink
Raw Message
Post by Thad Floryan
cannot, he points me to a map that he and his customers have created,
indicating 17 different phony cell towers known as _interceptors_
I love user generated maps.
One in my zip code was in the middle of a lake, probably because the
users reporting the location, were, on average, in the middle of the lake.
That location has since migrated towards a nearby highway, as more GPS
enabled phones happen to be checking their maps as they drive by.

The location of the phone when it reports being connected to a tower has
very little to do with the location of the tower, if the only usable roads
are nowhere near the tower.

"Right on top of military bases". Hmmm. My company used to forbid ssh
sessions from leaving the premises, but allowed telnet, because that meant
that they could sniff the packets. Would said "military base" have
anything to fear from encrypted cellular calls?
--
Clarence A Dold - Hidden Valley Lake, CA, USA GPS: 38.8,-122.5
Jeff Liebermann
2014-09-05 23:19:49 UTC
Permalink
Raw Message
Post by Thad Floryan
http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls
I took another look at the screen shots (above) and noticed that quite
a bit of important information is missing. For example, the tower
number, operator ID, system number, and tower ID. If this application
really does have access to the baseband processor (which I doubt),
then such information would easily be available. Something like this:
<Loading Image...>
Basically, there's no information available with which to identify the
tower, operator, system, or location (BSlat/BSlong). For all I know,
it could be some broken Android software, or a misconfigured MVNO base
station.
--
Jeff Liebermann ***@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Thad Floryan
2014-09-05 23:41:55 UTC
Permalink
Raw Message
Post by Jeff Liebermann
Post by Thad Floryan
http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls
I took another look at the screen shots (above) and noticed that quite
a bit of important information is missing. For example, the tower
number, operator ID, system number, and tower ID. If this application
really does have access to the baseband processor (which I doubt),
<http://802.11junk.com/jeffl/crud/CDMA-data.jpg>
Basically, there's no information available with which to identify the
tower, operator, system, or location (BSlat/BSlong). For all I know,
it could be some broken Android software, or a misconfigured MVNO base
station.
I haven't been following this since the moderator of comp.dcom.telecom
and I have had a "discussion" about his refusal to allow posting the
additional URLs that I posted to c.d.t and it's likely I'll never be
posting there again. Here are the additional URLs:

http://www.sfgate.com/technology/businessinsider/article/Mysterious-Fake-Cellphone-Towers-Are-Intercepting-5731884.php

http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls

http://venturebeat.com/2014/09/02/who-is-putting-up-interceptor-cell-towers-the-mystery-deepens/

http://www.computerworld.com/article/2600348/mobile-security/are-your-calls-being-intercepted-17-fake-cell-towers-discovered-in-one-month.html

http://www.cryptophone.de/en/products/mobile/cp500/

http://arstechnica.com/tech-policy/2014/09/cities-scramble-to-upgrade-stingray-tracking-as-end-of-2g-network-looms/

http://www.technologyreview.com/news/525556/for-3500-a-spy-resistant-smartphone/

Thad
Jeff Liebermann
2014-09-06 03:35:32 UTC
Permalink
Raw Message
Post by Thad Floryan
Post by Jeff Liebermann
Post by Thad Floryan
http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls
I took another look at the screen shots (above) and noticed that quite
a bit of important information is missing. For example, the tower
number, operator ID, system number, and tower ID. If this application
really does have access to the baseband processor (which I doubt),
<http://802.11junk.com/jeffl/crud/CDMA-data.jpg>
Basically, there's no information available with which to identify the
tower, operator, system, or location (BSlat/BSlong). For all I know,
it could be some broken Android software, or a misconfigured MVNO base
station.
I haven't been following this since the moderator of comp.dcom.telecom
and I have had a "discussion" about his refusal to allow posting the
additional URLs that I posted to c.d.t and it's likely I'll never be
posting there again.
Sigh. No loss. I gave up on comp.dcom.telecom years ago, when
Post by Thad Floryan
http://www.sfgate.com/technology/businessinsider/article/Mysterious-Fake-Cellphone-Towers-Are-Intercepting-5731884.php
http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls
http://venturebeat.com/2014/09/02/who-is-putting-up-interceptor-cell-towers-the-mystery-deepens/
http://www.computerworld.com/article/2600348/mobile-security/are-your-calls-being-intercepted-17-fake-cell-towers-discovered-in-one-month.html
Three of the above URLs simply quote the original Popular Science
article and add no new information. The problems that I'm having is
with the original Popular Science article screen shots and total lack
of useful information for locating or identifying the 17 sites.
Usually, such articles select one of the sites, and provide the tower
ID, operator ID, FCC tower ID (if applicable), and information
sufficient to determine that the associated information might be for
real. That was not done here.
Post by Thad Floryan
http://www.cryptophone.de/en/products/mobile/cp500/
http://arstechnica.com/tech-policy/2014/09/cities-scramble-to-upgrade-stingray-tracking-as-end-of-2g-network-looms/
http://www.technologyreview.com/news/525556/for-3500-a-spy-resistant-smartphone/
The above URLs are all on smartphones that provide additional
encryption. While interesting, they have nothing to do with the
alleged "intercept" towers except that the software was used to
identify that the encryption may have been disabled.

The ArsTechnica article is interesting in that it discusses the
impending demise of Stingray tracking. Note that Stingray requires a
fake cell site in order to operate. Normally, this is nothing more
than a cell phone and the Stingray device driving around in a police
car in the area where the target phone is expected:
<http://blogs.wsj.com/digits/2011/09/21/how-stingray-devices-work/>
It would be inordinately difficult and expensive to equip a complete
fake cell site with Stingray devices solely to listen on a few
conversation or track a few individuals within its limited range.
--
Jeff Liebermann ***@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Steve Pope
2014-09-06 05:47:42 UTC
Permalink
Raw Message
Post by Jeff Liebermann
The ArsTechnica article is interesting in that it discusses the
impending demise of Stingray tracking. Note that Stingray requires a
fake cell site in order to operate. Normally, this is nothing more
than a cell phone and the Stingray device driving around in a police
<http://blogs.wsj.com/digits/2011/09/21/how-stingray-devices-work/>
From the above:

"Law enforcement and the military are using devices called stingrays to
track cellphones, as described in a story in todays Wall Street Journal."

Okay so far

"The government considers the devices sensitive information"

You usually don't share sensitive information with garden-variety
LEO's.
Post by Jeff Liebermann
It would be inordinately difficult and expensive to equip a complete
fake cell site with Stingray devices solely to listen on a few
conversation or track a few individuals within its limited range.
That's why you hoover up the information from low earth orbit [*], or
perhaps within dense cities from permanent covert sites. It is
incredibly inefficient to intercept signals using low-end equipment
installed in randomly cruising cop cars, especially the existence of
said equipment being something you'd don't want a random cop to know about.

The Arizona case described in the WSJ is likely an instance of
botched parallel construction.

Steve

[*] "The other LEO"
David Kaye
2014-09-06 18:51:16 UTC
Permalink
Raw Message
Post by Steve Pope
That's why you hoover up the information from low earth orbit [*], or
perhaps within dense cities from permanent covert sites. It is
incredibly inefficient to intercept signals using low-end equipment
installed in randomly cruising cop cars, especially the existence of
said equipment being something you'd don't want a random cop to know about.
Want my opinion? It's spying by the Chinese, Russian, or any take-your-pick
enemy government. Governments spy on each other's citizens all the time.
I'm reminded of an Air France matter where in-flight pillows were bugged in
order to get competitive business information about American companies for
the French government. I can't remember which industry it was but I have a
vague recollection that it had to do with banking.

Certainly, the U.S. government wouldn't need cell sites when they can
already tap into anything at any time.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

Loading...