[HELLO] Fighting Government Sponsored Cellphone Interception
.. works well for the voyeur next door as well
Right this moment someone might be intercepting your calls (that’s to begin with) using a selfie-stickesque phony GSM DIY-tower. Such home-brewed cellphone interceptors masquerade as a normal tower to an average mobile phone. However, once the phone hooks on to this fake tower; doors to an array of “over-the-air” attacks open up. The attacks fall in the Man-In-The-Middle genre and can vary from mere eavesdropping on calls to silently pushing sophisticated zero-day exploits to your device.
Just to put things in perspective; interceptors are radio-equipped computers with software that can use covert cellular network protocols and defeat the contemporary encryption on your device. Irrespective of the OSes that we know of that is — Android or iOS, the present day smartphones run a second operating system on a part of your phone called a Baseband Processor. The baseband processor interfaces phone’s primary operating system (android/ios/whatever) and the cell towers. Finding one’s way around these processor is quite some challenge to an average hacker.
“The baseband processor is one of the more difficult things to get into or even communicate with, because my computer doesn’t speak 4G or GSM, and also all those protocols are encrypted. You have to buy special hardware to get in the air and pull down the waves and try to figure out what they mean. It’s just pretty unrealistic for the general community.”
— Mathew Rowley, Matasano Security
For a college-dropout hacker treading this baseband processor territory is a costly preposition but for governments or the Biggies, rigging up a sophisticated interceptor is a routine errand — and pretty yielding one at that.
Scalpel-Neat Anesthetic Attack
Well that’s how an interception-attack like this feels. The targets are completely unaware of the misery they are being put through. So don’t expect flashing red lights or hooting alarms while someone is making merry on your hind side.
What Can You Do About It
There’s this app called AIMSICD which can be used to detect IMSI-Catchers. IMSI-Catchers are false mobile towers (base stations) acting between the target mobile phone(s) and the real towers of service providers. As such they are considered a Man-In-The-Middle (MITM) attack. The app installation would require you to enable installation of third party apps probably.
Once installed, this app keeps track of the tower you latch on and the neighboring towers around. It applies various routines involving parameters like Tower Information Consistency, LAC/Cell ID Consistency, Neighbouring Cell Info, Silent app installations, Signal Strength, Silent SMS etc to identify phony towers from real ones. The app sits in your notification drawer and informs you of any phony towers by vibration alert and color coded icons
However, it needs to be understood that this app DOESN'T PREVENT SUCH ATTACKS. So if the app alerts you, just switch the phone to AIRPLANE MODE and GET MOVING.
