Everything You Need to Know About Fake Cell Towers

On September 2014, reports started coming out regarding certain “fake” cellphone towers that were spying on all the information we send and receive, including all the calls we engage in. This, naturally, has troubled plenty of people. We always expect our calls to have two parties, and then we get word about others infiltrating these transmissions. Who is listening, and how many towers are there? How do these towers even work? It’s time we answered these questions!

To learn how fake cell towers work, we have to have a little background on the real ones. Your service provider must authenticate your SIM card with a phone number that gives it a sort of “account.” Everything that passes through that tower is usually encrypted (depending on how the provider sets its system up) and mostly tap-proof. So, how can someone listen in on your calls simply by catching your signal? To get to your phone and listen to your calls, a fake tower must be able to imitate your provider’s handshake.

faketower-cell

In case you don’t understand what I mean by “handshake”, it’s basically a word used to describe the unique way in which your phone and your provider say “hello” to each other and determine their identities on the network. From the handshake onward, you are authenticated, which means that you and the tower you’re connected to are communicating on a “first name basis.” You’re able to place calls and ping the tower at any time. So, all a fake cell tower has to do is imitate this behavior from the provider’s side and pretend to be one of your provider’s towers during the handshake. The phone will only know how to communicate with the fake tower instead of the real one.

The fake tower must also relay your phone’s signals to the real one so that it can establish a connection with the rest of the network.

If this sounds confusing, let me make it a little simpler: A fake cell tower will imitate your provider’s behavior to you, while it also imitates your behavior to the real tower that’s supposed to be transmitting your signals.

Since your phone is now “attached” to this tower, it can now record anything from metadata to the content of your actual calls. It can also be used by scammers to send falsified text messages and phone calls your way. The latter problem has already been identified in China and reported on The Verge. Someone received a text message from their bank’s phone number, but the bank did not send it. A fake tower the phone connected to had intercepted the phone’s signal to its provider and sent the message originating from the bank’s phone number.

In the US, fake towers called Stingrays are being used by unknown entities (although some are claiming it is the government). The reason why the government is a prime suspect in this case as opposed to scammers (as we have observed in China) has to do with the fact that this particular tower is an IMSI-catcher, which basically captures the information about your phone and analyzes the data it gathers. This sounds more like a wide-scale surveillance operation than a scam project.

To be clear: It’s not known to us whether the US government is actually running these towers or whether they are listening to calls. All that is known is that the towers are collecting information related to the phones themselves. Anything else said on this subject is pure speculation and shouldn’t be taken at face value until there’s evidence to support it.

I cannot necessarily speak veritably about information regarding other countries, since such information is not present at this time. However, in the United States, there may be as many as nineteen towers, as seen in this map from ESD’s CEO:

faketower-esdmap

This is all the information we have, and it’s very likely that there may be other towers that remain undiscovered.

Theoretically, there is no surefire way to protect yourself against infiltration from fake cell towers. To protect yourself from scammers, simply call whatever number contacts you from a land line. If there’s a strong difference between the person who contacted you on your mobile and the person you contacted on a land line, then your cellphone is probably being commandeered by a fake tower.

If you have lots of money to shift around, you can throw it at a CryptoPhone. These phones are specifically built to deal with interception from fake towers. However, I must warn you that such an investment could prove useless if the people producing fake towers can circumvent the security measures that this phone takes.

What do you think should be done about fake towers? Tell us in a comment!