Spoofed cellular towers spotted at casino and military base

Spoofed cellular towers spotted at casino and military base
Spoofed cellular towers spotted at casino and military base
Next time you make a mobile phone call, are you sure that your call is being handled by a legitimate cellular carrier?

According to research carried out by ESD America - and the company behind the secure CryptoPhone - there's a chance that a rogue base station may process the call.

The firm discovered the existence of large numbers of fake base stations along the Eastern seaboard of the US, as it attempted to field-test its secure and hardened Android handset, the CryptoPhone 500.

Les Goldsmith, ESD America's CEO and his team claim to have discovered dozens of fake cellular base stations that did not belong to a cellco, but were processing cellular phone calls, allowing the base station owner to intercept calls and even remotely push spyware to the device.

Interestingly, ESD says that one of the rogue base stations was apparently being operated by a casino in Las Vegas, but many were found at military bases and government facilities.

Creating a rogue 3G or 4G base station takes a lot of money and resources, but creating a 2G rogue base station is something that Nigel Stanley, practice director for cyber security at OpenSky UK, claims can be carried out for under £1,000.  

This perhaps explains why ESD found that many of the rogue base stations it encountered forced calls down to 2G, spoofing a legitimate cellular tower in the process.

According to Popular Science, which interviewed Goldsmith and his team, a total of 17 rogue cellular base stations - which Goldsmith calls Interceptors - were seen on the team's travels, many of which were staging IP attacks against the user's smartphone as many as 90 times an hour.

Goldsmith says that cellular interceptors vary widely in expense and sophistication - "but in a nutshell, they are radio-equipped computers with software that can use arcane cellular network protocols and defeat the onboard encryption."
Page 1 of 2