

Mysterious Phony Cell Towers Could Be Intercepting Your Calls - revscat
http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls

======
jpatokal
Cripes, what a breathlessly clueless article. This has fuck all to do with
"Android security": the towers are MITMing _GSM_ , and the tech to do this has
been around in some form since 2003.

[https://en.wikipedia.org/wiki/IMSI-
catcher](https://en.wikipedia.org/wiki/IMSI-catcher)

[https://en.wikipedia.org/wiki/Stingray_phone_tracker](https://en.wikipedia.org/wiki/Stingray_phone_tracker)

~~~
schoen
Slate reported last year that IMSI catchers or similar technologies were "in
the hands of the feds since about 1995 [...] widely deployed since the mid
'90s".

[http://www.slate.com/blogs/future_tense/2013/02/15/stingray_...](http://www.slate.com/blogs/future_tense/2013/02/15/stingray_imsi_catcher_fbi_files_unlock_history_behind_cellphone_tracking.html)

Wikipedia does suggest it was "first commercialized" from 2003, but that
doesn't mean that the technology wasn't around even earlier. (Ross Anderson
has referred to interference from governments in the security design of GSM,
and the possibility of fake towers could well have been one of several things
those responsible for the interference had in mind.)

------
GrinningFool
Here's the original article instead of the blog:

[http://www.popsci.com/article/technology/mysterious-phony-
ce...](http://www.popsci.com/article/technology/mysterious-phony-cell-towers-
could-be-intercepting-your-calls)

It's equally devoid of content that doesn't consist of telling us how
CryptoPhone 500 [tm?] is awesome because it can detect these false towers.

~~~
aftbit
What does the proprietary secure phone do to detect these things? Can I get an
app to alert me if I connect to a stingray-type device?

~~~
lgierth
I don't know what the secure phone does, but something like the IMSI Catcher
Catcher [1] comes to mind.

[1] [http://www.sba-research.org/wp-
content/uploads/publications/...](http://www.sba-research.org/wp-
content/uploads/publications/AdrianDabrowski-IMSI-Catcher-Catcher-
ACSAC2014-preprint-20140820.pdf)

~~~
arecurrence
Nice, more interesting than the article. :)

Thanks for the link!

------
CPAhem
Support the EFF - they are helping develop a false tower detector:
[http://secupwn.github.io/Android-IMSI-Catcher-
Detector/](http://secupwn.github.io/Android-IMSI-Catcher-Detector/)

~~~
schoen
We've been invited to collaborate with that project in some way (and it "aims
to be recommended by" EFF in the future), but I'm not aware of any announced
collaboration between AIMSICD and EFF so far.

------
ChuckMcM
Interesting question, perhaps the best way to figure out who owns these would
be to destroy one and set up a camera trap to see who comes out to fix it. I'm
sure that with a little creativity it would be possible to 'fake' a fault (my
favorite being the apocryphal tale of shooting frozen pigeons out of an air
cannon to knock microwave towers out of alignment).

------
johnny5
Those are just stingrays though, right? It's unclear as the article says
towers but doesn't say whether anyone has actually seen a tower, only that
they've detected attacks through their secure android phones.

If this is just a report of stingray use it should come as no surprise that
they are in widespread use & that non-targeted phones latch on to the signals.

~~~
deathhand
At any rate if the FCC doesn't get involved we know who to point the finger
to.

------
blindfly
That entire article reads like an advertisement for a renamed Android rom.

~~~
scintill76
But it has 468 vulnerabilities patched! I wonder how they inflated this
number. I'd bet a lot of it comes from Samsung customizations, meaning you get
pretty good protection just by flashing an Android build that's closer to
Google releases. Also, if there are serious vulnerabilities among that number,
it's a bit disappointing that they took an open-source project (well, such as
Android is) and horde their fixes under this license.[1] It sounds like they
don't even permit you to flash your own build ("to compile it solely for the
purpose of comparing the compiled version to the binary code provided by
GSMK")

[1] [http://esdcryptophone.com/background/source-
code/license](http://esdcryptophone.com/background/source-code/license)

------
degtech
Funny to read this here. Just read about it last week in a mayer german tech
magazine. Now everybody can buy the imsi cacher for less then 1500 usd.
[http://www.heise.de/ct/artikel/Digitale-
Selbstverteidigung-m...](http://www.heise.de/ct/artikel/Digitale-
Selbstverteidigung-mit-dem-IMSI-Catcher-Catcher-2303215.html)

------
neotek
Christ Popsci is a terrible site to try and use from Australia. Trying to
access any URL just gives a lazy redirect to the front page of popsci.com.au,
with the helpful error message "Oops! Something went wrong. Please scroll down
to find your content."

------
dang
Url changed from [http://www.welivesecurity.com/2014/08/28/android-
security-2/](http://www.welivesecurity.com/2014/08/28/android-security-2/),
which points to this.

------
gnu8
Important questions that should be put to Apple and Google loudly and
frequently: Why don't we have baseband transparency to know what our phones
are connected to? Why don't we have baseband firewalls?

