Fake mobile phone 'towers' dotted across the US could be listening in on unsuspecting smartphone users according to recent reports. And -- tin foil hats on, everyone -- nobody knows who's behind them.
Security company ESD America discovered 17 of the fakes called 'interceptors' whilst testing its secure Android phone. The towers can attack devices via the baseband chips that allow them to communicate with their networks and can, says ESD, eavesdrop or even install spyware.
These fakes use known technology and have existed in China for several years according to 360 Safe which has uncovered fakes masquerading as carriers, banks and other organizations to send SMS messages.
ESD America CEO Les Goldsmith told Popular Science magazine, "Interceptor use in the US is much higher than people had anticipated," Goldsmith says. "One of our customers took a road trip from Florida to North Carolina and he found 8 different interceptors on that trip".
The technology used targets the 'baseband' of the phone which sits in between the cellular network and the phone's OS. Baseband attacks are difficult to carry out as the technical details of the chips are closely guarded and the equipment needed is relatively expensive -- around $100,000.
"What we find suspicious is that a lot of these interceptors are right on top of US military bases." Says Goldsmith. "Whose interceptor is it? Who are they, that's listening to calls around military bases? Is it just the US military, or are they foreign governments doing it? The point is: we don't really know whose they are".
Documents leaked by Edward Snowden have revealed that the NSA has the ability to carry out baseband attacks to, for example, remotely activate a device's microphone. A similar type of attack is used by the 'stingray' devices employed by law enforcement agencies.
So, should you be worried that your weird neighbor is building a 50ft mast in his backyard? Maybe, although it's likely that these fake towers aren't permanent physical installations but something more mobile.
At the moment no one knows who's behind the fakes and the cost of something like a GSMK Cryptophone needed to detect them is thought to be around $3,500 dollars.
It's perhaps best just to assume, as many of us have been doing for years, that nothing you do on a mobile device is ever completely secure. In the meantime your conspiracy theories about who might be behind these fake towers are welcome below.
Image Credit: mikeledray / Shutterstock