Who's Catching Your Cellphone Conversations?
With the right equipment, people can hijack your cellphone, listen to your calls and read your texts, alarming privacy rights advocates and tech experts alike.
We know the eavesdropping is happening, but we don't know much about who's doing the listening. The police and other law enforcement agencies do it, but they have been restricted by the FBI from telling us about it. Beyond the police, the listeners could be the U.S. government, corporate spies or even foreign intelligence agencies.
The devices, known as IMSI catchers or by a brand name, Stingray, used to be expensive, bulky and hard to purchase. Now they can be bought online for as little as $1,800 and can be as small as a briefcase.
"Today, a tech-savvy criminal or hobbyist can even build one using off-the-shelf equipment," writes Stephanie Pell, a cyberethics fellow at the Army Cyber Institute at West Point.
IMSI catchers trick cellphones into thinking they're connected, as normal, to a network like Verizon or AT&T. But the devices hijack the phone's signal, and in some cases, intercept the contents of calls and texts. The IMSI catchers take advantage of a vulnerability built into the system. Phones using 3G or 4G technology can authenticate cell towers, but phones on older 2G systems cannot tell between real and fake towers.
An IMSI catcher blocks the smarter 3G and 4G signals, forcing phones in the area to switch to the unsecured 2G service — something that phones also do routinely in more rural areas, where 2G service is widespread. The IMSI catcher then poses as a tower and "catches" signals.
IMSI catchers — the letters stand for International Mobile Subscriber Identity, a code unique to each phone — have gotten little media attention. But in August, Popular Science published a map showing the locations of a large number of IMSI catchers, or interceptors, spread throughout the U.S.
Now, there's an arm's race on between the technology used to intercept cellphone calls and the technology used to detect that technology.
The map was made by a company that sells a device, called a GSMK CryptoPhone, that can detect the interceptors — known as an IMSI catcher-catcher. ESD America says that it and its customers have used the CryptoPhone to find some 500 of the fake cell towers.
"Interceptor use in the U.S. is much higher than people had anticipated," ESD CEO Les Goldsmith told Popular Science. "One of our customers took a road trip from Florida to North Carolina and he found 8 different interceptors on that trip."
The CryptoPhone, which sells for $3,500, is built onto a Samsung Galaxy SIII phone.
In September, another CryptoPhone marketing executive drove around Washington, D.C., looking for signs of IMSI catchers. He said he found 18 in less than two days.
The map of those locations is unnerving. "It looks," writes Ashkan Soltani of The Washington Post, "like a primer on the geography of Washington power, with the surveillance devices reportedly near the White House, the Capitol, foreign embassies and the cluster of federal contractors near Dulles International Airport."
Granted, these executives will profit from sales of the CryptoPhone. Some security experts are skeptical that the CryptoPhone can pinpoint with accuracy the location of the IMSI catchers.
But there's enough evidence to alarm others, including the Federal Communications Commission, which set up a task force in August "to combat the illicit and unauthorized use of IMSI catchers." Set up in response to congressional questioning, the task force will study the extent of IMSI catcher use by criminal gangs and foreign intelligence services.
Pell, of the Army Cyber Institute, says the real issue is the cell system's underlying vulnerability. She sees it as a threat to national cybersecurity.
"Whatever effective monopoly the U.S. government once had over the use of IMSI catchers is now gone," Pell writes in Wired. Fixing that flaw would hinder some law enforcement efforts, but that cost is outweighed by the benefit of knowing no foreign elements are listening in on government officials' conversations, she says.
We know more about police using Stingrays — often from the trail of objections by privacy rights advocates — but we still don't know much.
The FBI, Secret Service, National Security Agency and at least nine other national agencies use IMSI catchers, according to the American Civil Liberties Union.
Some 46 local agencies in 18 states use the technology — but because most acquire Stingrays secretly, that number "dramatically underrepresents the actual use of stingrays by law enforcement agencies," the ACLU says.
Local police acquire Stingrays secretly, an FBI requirement. Before using the technology, police departments must sign nondisclosure agreements promising not to release Stingray details to the public, according to documents obtained in September by the website MuckRock under a Freedom of Information Act request.
The Florida-based Harris Corp., maker of the Stingray, notifies the FBI and FCC when police request the technology, and the FBI then requires the nondisclosure agreement. The arrangement is a condition of Harris' FCC equipment authorization, explains Nathan Wessler, an attorney with the ACLU.
That secrecy — along with grants from the Department of Homeland Security — has allowed police to get and use Stingrays without local approval or oversight, he says. When the ACLU sued the Tucson, Ariz., police for Stingray records, an FBI agent invoked the FBI nondisclosure agreement as a reason to keep the information secret, Wessler says.
When police use them against potential suspects, they can sweep up information from the cellphones of dozens or even hundreds of bystanders. They do these sweeps without warrants and without telling the public how much information they keep or for how long, Wessler says.
"I do think the average person should be concerned about this," he says.
"Information about where we are and where we go over the course of time can reveal sensitive information about our lives," he says. "Whether we visit a psychologist, go to an AA meeting, stop off at a liquor store after work, who we spend time with: That information should be private."
Copyright 2021 NPR. To see more, visit https://www.npr.org.