Fake, phone-attacking cell-towers are all across America


The towers attack the baseband radio in your phone and use it to hack the OS; they're only visible if you're using one of the customized, paranoid-Android, post-Snowden secure phones, and they're all around US military bases.

ESD's Cryptophone 500 spotted 17 of the fake cellular towers on casual drives around the USA, including one at the South Point Casino in Las Vegas. The baseband processor, which controls the phone's radio, is notoriously insecure and vulnerable to over-the-air attacks; it can serve as a back-door to your phone's main OS. The fake "interceptor" towers force your phone to back \\down to an easy-to-break 2G connection, then goes to work:


Whenever he wants to test out his company's ultra-secure smart phone against an interceptor, Goldsmith drives past a certain government facility in the Nevada desert. (To avoid the attention of the gun-toting counter-intelligence agents in black SUVs who patrol the surrounding roads, he won't identify the facility to Popular Science). He knows that someone at the facility is running an interceptor, which gives him a good way to test out the exotic "baseband firewall" on his phone. Though the baseband OS is a "black box" on other phones, inaccessible to manufacturers and app developers, patent-pending software allows the GSMK CryptoPhone 500 to monitor the baseband processor for suspicious activity.

So when Goldsmith and his team drove by the government facility in July, he also took a standard Samsung Galaxy S4 and an iPhone to serve as a control group for his own device.

"As we drove by, the iPhone showed no difference whatsoever. The Samsung Galaxy S4, the call went from 4G to 3G and back to 4G. The CryptoPhone lit up like a Christmas tree."

Though the standard Apple and Android phones showed nothing wrong, the baseband firewall on the Cryptophone set off alerts showing that the phone's encryption had been turned off, and that the cell tower had no name – a telltale sign of a rogue base station. Standard towers, run by say, Verizon or T-Mobile, will have a name, whereas interceptors often do not.

Mysterious Phony Cell Towers Could Be Intercepting Your Calls [Andrew Rosenblum/Popular Science]

(Icon: cell tower nest, Joel Kramer, CC-BY)