In Part 2 of this blog, we’ll discuss a less publicized way in which your location can still be determined even if you’ve turned off location services, and what you can do about it.
Tower Tracking
First, you need to understand how cell phones and networks work. Cell phones use cell towers to communicate with cellular networks. These towers are not only found in urban or suburban areas of the country, but also in rural areas, though to a lesser degree.
Your phone is communicating with antennas on the towers (highlighted in red in the photos below). Each antenna usually covers roughly a 5-mile radius.
Towers can look very much like you’d expect, but more creative versions, such as towers disguised to look like pine trees, have popped up in recent years.
Fake Cell Towers or IMSI Catchers
Cybercriminals can exploit this setup by using fake cell towers, also called IMSI Catchers or Stingray devices. These devices can be purchased online or built by anyone for a relatively low cost. A fake cell tower typically works between your phone and a real tower. These devices use “man-in-the-middle” attacks because they insert themselves between you and a real tower and can allow the criminals to not only determine your location (even with location services turned off) but also hijack your phone.
These devices are surprisingly common and easily purchased online. Simply Googling “IMSI Catcher for sale” brings up pages and pages of fake towers or IMSI Catchers (see photos below) and even directions on how to make them cheaply yourself. No one knows yet how common this type of attack is, but the FCC is taking this very seriously and has established a task force to explore the issue. Hackers have certainly picked up on using this technology and there is an active community that shares information on how to make these devices easily and inexpensively.
How Does It Work?
A phone is always searching for the best signal and it will jump to the strongest tower it can find. Because a phone takes commands dictated from a tower, this is where we can run into trouble. A fake tower can tell your phone to go down to 2G (no encryption) or tell it to turn off session encryption and your phone will do it. Fake towers can also query a real tower to determine the frequency and channels the real tower’s antennas are operating on and what towers are near your phone so that the fake tower can tell your phone it has the strongest signal so that it will connect to it.
Once a phone has connected to a fake tower, it can monitor anything sent to or from a phone, such as calls, texts, and any data traffic.
A fake tower can also interact directly with your phone. It can tell your phone to “update,” and place malware on the device, giving a hacker full access to your phone. It can even be so tricky as to make you think your phone is shut off while it is gathering anything stored on the device: passwords, contact lists, banking information, photos, etc.
Fake towers can be used on a general population to attempt to grab sensitive data from anyone who passes by randomly, or an attack can be specifically targeted to a single phone or set of phones.
So what if a hacker is targeting your CFO or someone with access to your company’s sensitive information? The hacker has to get more specific. Understand that fake towers have a limited range between 1 and 5 miles unless amplification is used, and they will be grabbing everyone’s phone in that area. That could mean hundreds of thousands of phones. Parsing through all that data for one target is tedious!
This is where IMEI and IMSI come in.
The International Model Equipment Identity (IMEI) is the serial number of your phone and is specific to your device. It includes information like the make, chip model, firmware, etc. If you are interested in seeing your IMEI, type *#06# on your keypad.
The International Mobile Subscriber Identity (IMSI) is your cell phone number that can easily be tracked to the account owner and what are called call data records (CDR).
Fake towers can be set up to only target a particular IMEI and/or IMSI (your CFO’s phone, for example) and therefore do away with all the other extraneous traffic.
This is all very concerning for not only you but your business and sensitive data. Here’s what you can do:
Don’t Post Your Pattern of Life
First, don’t give away too many details about your pattern of life. Fake towers have a specific range, thus hackers will set these up near places and at times they expect you to be present. For example, if a hacker has been monitoring your social media posts and knows you always go to a certain coffee shop every Saturday morning at 11:00 AM, he/she can then setup the fake tower nearby at that time.
Learn more about how hackers take advantage of location services.
Pay Attention
Here are some unusual things to look for that could signal fake cell tower interference:
- Your phone suddenly switches from 4G to 3G or even 2G in an area where that has never happened before.
- Your battery is draining much faster than usual when you are doing nothing out of the ordinary.
- A friend gets a suspicious text message from you which shows up as a strange sequence of numbers.
- You are in a normally high signal area, but suddenly your service has degraded and you can’t make voice calls.
If you notice one or more of the above issues, discuss the best course of action with your IT Department. And if you suspect you’ve been compromised, immediately follow your incident response policy and notify your supervisor and the IT Department.
Learn more about how hackers take advantage of location services in our free video.
Photo Credits
Tower photo – http://potomaclocal.com/2013/11/29/raising-cell-phone-towers-schools-earn-cash-stafford-county/
Neat tower Josh Rios http://www.dilettantearmy.com/facts/absence-wires
By Tyler Cohen Wood
AdChoices
Do Not Sell My Personal Information