Let’s talk about some recent headlines for a minute. Recently, the company ESD America has been publishing a list of rogue network cells, in the US, discovered with their $3500 secure phone.
Phone Firewall Identifies Rogue Cell Towers Trying to Intercept Your Calls (wired.com)
Fake cell phone ‘towers’ may be spying on Americans’ calls, texts (rt.com)
I have been off and on about getting too involved in the hype around this since it was an NDA type of thing, so then ESD America published this information and that was enough to get me thinking about the WHOLE issue.
Firstly, in review, surely we are aware that people have great interest in either taking short cuts, like in the cases of industrial espionage. There’s the governmental type of monitoring for the ‘greater good.’ We have those that want to just take what’s yours, like hacker gangs that break and enter online and sell data like credit card information for resale. There’s the ever intriguing quasi-governmental groups that have been hacking into other country’s online resources, for example like those behind the intrusions in infrastructure and then we have, surprisingly, those more sophisticated credit card breeches at POS terminals.
That last one is pretty amazing to me, that another government actively explores these avenues. No bullets. I digress.
I’m not going to go down all the paths and rabbit holes of internet hacking. What’s even more intriguing to me is the wireless attack space that have been starting to really ramp now.
There’s a lot of motivations, as I mentioned above, for parties to want to get involved here. What I cannot fully understand is why wireless?
My reasoning is like so:
We communicate wirelessly, say by voice over 3G (not IP) then most of the popular flavors such as WCDMA/CDMA etc.. encrypt the voice and send it to the core. From the core, if it’s a mobile to mobile call then it goes out again. Ok, within that path there are many many other interception points that take less energy. Why try to intercept a wireless call in air, decrypt it and then do something with it?
The time savings is negligible as compared to a wire tap at the core so it can’t be to be faster to react to X. Another problem is logistics…According to physics the (EM wave theory) signal strength degrades as a function of distance so one has to be physically close in proximity, either directly or by proxy. (Example of by proxy could be a remote receiver.) One scenario for the greater good would be to use the proximity to take action, for example a bad guy says a magic phrase and then can be apprehended, there’s indeed some sort of benefit, but it’s marginal at best. They could still have a wiretap and just another proximity entity to do the action.
So it doesn’t make sense for a time standpoint, and the attackers are willing to be physically in proximity, then maybe we can assume the parties don’t have any way to make wiretaps and the greater value is not the actual content of the communications they are intercepting but the context in which they receive it. So as a thought example, you go to a big box store and the store has receivers that intercepts the calls, if they decode signaling then they could potentially put your picture/video location and your ‘identity’ gained through the phone snoop to make a record. The value to the location owner is obvious, contact and marketing. This is not something that a wiretap will necessarily be very good at.
Ok, I didn’t have to stretch hard to come up with that example because after I wrote it I thought of the movie Minority Report. OK.
To intercept wireless signals, your wireless signals, there’s different levels of tools.
- The tools used in the ESD America’s report are actually mobile basestations based on a small transmitter/receiver setup that actually communicates with wireless devices. It spoofs a cell tower from the point of view of the client. These are most costly but only on par with the expense of a couple of laptops.
- The network tester level tools are ever smaller and more mobile, these tools allow decoding on the fly, in proximity. Coming down in price.
- Wireless peers can always be turned into interception tools, such as smartphones or USB dongles and embedded wireless. Cheap! Everywhere! More Coming!
Very much like at the same point of the explosion of internet hacking, today there are so many sophisticated wireless tools readily available. That’s a problem that needs to be dealt with.
Yes, this (transmitting) is all illegal if the spectrum owner does not allow this use of their spectrum but today, networks are not set up to detect these very low power transmitters rapidly. Receiving (only) is not illegal in the US, in some cases.
On the right you can see a small Software Defined Radio (SDR) set up with a laptop and antenna, and of course, you can assume that it’s so easy a caveman can do it.
Here is a photo of a GSM Interceptor/IMSI Catcher/Phony Cell Tower.
Photo credit: gsminterceptor.com
So to ESD America’s credit, they are taking some action here, however self serving, to make folks aware that there are choices to just being spoofed. It’s not spoof proof, just
water spoof resistant.
The image shown from their device shows that their software raises user awareness that encryption is not in effect etc and they have a ‘firewall’ with some KPIs to enhance awareness of the general security.
These are good things and I
hope expect Apple and then Google to incorporate aspects of this into their future software for the rest of us.
Note, reason I said, “…then Google” is not a reference to copying etc, it’s because their whole purpose is to gain information and market to you, protecting your identity and information is a conflict with that purpose therefore it takes them more time to meet both standards. Nothing bad on Google, it’s just a company like Daimler-Benz whom produces fine automobiles that (will) achieve the same results for the same purposes.
From the ESD America data, let’s have a quick look at the map they published.
It’s not hard to spot the trends from a networking point of view. Pretending I don’t see any trend, then let’s see, that map looks like it covers most of the ‘NFL’ cities (professional football in US.) We could make guesses based on Google searches as to the overlap to certain venues, stores etc and eventually come up with some sort of high overlap. I’ll let you have that fun.
Instead, the point (finally!) is we should be hardening our networks to such non-sanctioned surveillance possibilities. From an consumer’s point of view, this will be a long time cat/mouse game, however, by raising the bar high enough only that well defined actors can engage in the game, we have weeded out the common criminal and the next level allows us to take the Matrix’s approach at that point to future monitoring and our wireless identity. The Matrix approach? You can choose the red pill or the blue pill, ignorance or knowledge.
(from Wiki…”the choice between embracing the sometimes painful truth of reality (red pill) and the blissful ignorance of illusion (blue pill)”
From a network operator’s point of view, precautions should be taken as to not be the one that loses the public trust by inaction, nor do you want to erode further into being just the ‘dumb pipe’ by having this Over The Top activity going at your expense.
Let me know if you are ready to take the red pill.