Everything You Need to Know About Fake Cell Towers

On September 2014, reports started coming out regarding certain “fake” cellphone towers that were spying on all the information we send and receive, including all the calls we engage in. This, naturally, has troubled plenty of people. We always expect our calls to have two parties, and then we get word about others infiltrating these transmissions. Who is listening, and how many towers are there? How do these towers even work? It’s time we answered these questions!

How A Fake Cell Tower Works

To learn how fake cell towers work, we have to have a little background on the real ones. Your service provider must authenticate your SIM card with a phone number that gives it a sort of “account.” Everything that passes through that tower is usually encrypted (depending on how the provider sets its system up) and mostly tap-proof. So, how can someone listen in on your calls simply by catching your signal? To get to your phone and listen to your calls, a fake tower must be able to imitate your provider’s handshake.


In case you don’t understand what I mean by “handshake”, it’s basically a word used to describe the unique way in which your phone and your provider say “hello” to each other and determine their identities on the network. From the handshake onward, you are authenticated, which means that you and the tower you’re connected to are communicating on a “first name basis.” You’re able to place calls and ping the tower at any time. So, all a fake cell tower has to do is imitate this behavior from the provider’s side and pretend to be one of your provider’s towers during the handshake. The phone will only know how to communicate with the fake tower instead of the real one.

The fake tower must also relay your phone’s signals to the real one so that it can establish a connection with the rest of the network.

If this sounds confusing, let me make it a little simpler: A fake cell tower will imitate your provider’s behavior to you, while it also imitates your behavior to the real tower that’s supposed to be transmitting your signals.

What Fake Towers Can Do

Since your phone is now “attached” to this tower, it can now record anything from metadata to the content of your actual calls. It can also be used by scammers to send falsified text messages and phone calls your way. The latter problem has already been identified in China and reported on The Verge. Someone received a text message from their bank’s phone number, but the bank did not send it. A fake tower the phone connected to had intercepted the phone’s signal to its provider and sent the message originating from the bank’s phone number.

In the US, fake towers called Stingrays are being used by unknown entities (although some are claiming it is the government). The reason why the government is a prime suspect in this case as opposed to scammers (as we have observed in China) has to do with the fact that this particular tower is an IMSI-catcher, which basically captures the information about your phone and analyzes the data it gathers. This sounds more like a wide-scale surveillance operation than a scam project.

To be clear: It’s not known to us whether the US government is actually running these towers or whether they are listening to calls. All that is known is that the towers are collecting information related to the phones themselves. Anything else said on this subject is pure speculation and shouldn’t be taken at face value until there’s evidence to support it.

How Many Are There?

I cannot necessarily speak veritably about information regarding other countries, since such information is not present at this time. However, in the United States, there may be as many as nineteen towers, as seen in this map from ESD’s CEO:


This is all the information we have, and it’s very likely that there may be other towers that remain undiscovered.

How You Can Protect Yourself

Theoretically, there is no surefire way to protect yourself against infiltration from fake cell towers. To protect yourself from scammers, simply call whatever number contacts you from a land line. If there’s a strong difference between the person who contacted you on your mobile and the person you contacted on a land line, then your cellphone is probably being commandeered by a fake tower.

If you have lots of money to shift around, you can throw it at a CryptoPhone. These phones are specifically built to deal with interception from fake towers. However, I must warn you that such an investment could prove useless if the people producing fake towers can circumvent the security measures that this phone takes.

What do you think should be done about fake towers? Tell us in a comment!

Miguel Leiva-Gomez Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.


  1. “Theoretically, there is no surefire way to protect yourself against infiltration from fake cell towers”
    Practically, there is a surefire way, don’t use a cell phone. It may be impractical for all the cell phone addicts out there, but it works.

    1. For some, it is practically impossible to stop using a cell phone, though. To give myself as an example, I am often contacted when I’m not home by people who have emergencies I am the only person they can count on to solve. This is one reason why I forward my office number to my cell line while I’m out, and why I keep my VoIP line on my HSDPA+ mobile connection. I’d be nowhere without cellular technology.

      Come to think of it, it’s incredible how dependent we are on cellular phones. Imagine what would happen if a gigantic EMP hit a populated city. It would be apocalyptic until people figure out how they should get along without electricity. They’d be back in the Victorian era, at best.

      1. “For some, it is practically impossible to stop using a cell phone”
        How well I know. If the technology was there, many people would have phones permanently implanted and wired into their bodies.

        “I’d be nowhere without cellular technology.”
        I’m sure you would manage and your life would be much less rushed. The world managed without instant access for thousands of years.

        “Imagine what would happen if a gigantic EMP hit a populated city. ”
        I don’t need to imagine. I remember very well the days before pagers, beepers and cell phones. How did we ever not only survive, but managed to conduct world-wide business?! :-)

  2. America is a sick and rotten totalitarian state where people have no value at all. ‘Land of the free’ is the biggest hoax in history.

    “The law is meant to be my servant & not my master.” James Baldwin, 1966

    1. Really! America? You think America is the only place this is happening? Or do you think we are pioneering it? Either way, I doubt it.

  3. What actual proof is there that these fake towers exist? Show us the proof, otherwise it just looks like another case of scaremongering to me.

    1. There have been numerous instances where evidence from fake cell towers has been introduced in court and where it has been contested.

  4. Is there a way to detect if you phone has been intercepted by one of these towers, such as software/app or even within the network dignos tools that exist within the OS level?

      1. You might look into a follow up story I swear I read an article about a way to tell some time back but was not able to find it with a quick search. Just a thought thanks for the article.

        1. I promise that as soon as I have veritable information regarding the detecting of these cells, I will have a story running on it. Sometimes, there are people trying to help, but their suggestions just don’t add up or demonstrate working knowledge of how these things actually work.

      2. Yes. I’m drawing a blank on the term right now, but normally your cell phone will transmit encrypted data on level 3 or 4. A fake cell tower will force your phone to level 2, which is unencrypted. Level 2 is the fallback.

    1. Great question. They can jimmy up some hardware and make it act like a cell tower. It’s not ideal, but could exploit vulnerabilities found in some phones. The Stingray-series tower is much more sophisticated and can exploit a wider range of phones. This one, however, costs around $150,000.

    2. In a normal country with a normal government you have to get permission to raise a tower and tell the planned use of it.
      Towers are commonly very expensive. The price Miguel states is very low if you include the equipment needed. specially when they have to be connected to the normal network. If not, you will notice directly that you cannot make a call and know you are on a fake tower.

      Towers can, however, be shared by “operators” and in that case they only need to place some antennas and equipment and don’t need a license.

      Governments do not place out fake towers. The cooperate with the existing providers and you will never ever know your data has been traced and recorded. But they only use it to find terrorists. So you don’t need to worry.

      1. “Governments do not place out fake towers”
        You’re right, they use real towers.

        “But they only use it to find terrorists.”
        If you believe that, I have a nice selection of bridges I can sell to you for a very low price.

        “So you don’t need to worry.”
        When somebody says that, then I know I have to worry.

        1. To be fair, they are only called “fake” because they don’t perform their intended function (i.e. facilitate the transmission and reception of voice communications and data across multiple networks). Instead, they “listen” to transceiver units (cell phones) that are trying to connect to a legitimate network, imitate the network, then relay whatever information is necessary to make the end user oblivious to what is going on.

          The only substantiated and well-documented discoveries of “fake” towers are those used by scammers to send fake texts and phone calls originating from authentic phone numbers in China. As far as government use is concerned, the evidence isn’t sufficiently substantial for me to say wholeheartedly that I believe that the government is involved in mass cellular surveillence to this level.

          Also, the towers that have been detected so far through methods unknown have been capturing meta data, not necessarily listening to calls or capturing the actual data being transmitted across wide-access networks. All I can say about government involvement in surveillance of full calls and data transmission is “I’m unsure”.

          1. “they are only called “fake” because they don’t perform their intended function ”
            They do “facilitate the transmission and reception of voice communications and data across multiple networks” except the recipients are not the individuals we intend or expect. :-)

            NSA is known to be collecting any and all electronically transmitted data, which includes cell phone transmissions, for the purpose of detecting terrorists and their dastardly plots.

  5. Is there an easy visual way to look @ a tower & determine whether it is fake? Any external hardware characteristics?

    1. Excellent question. Despite the word “tower” being used to describe them, they are anything but actual towers. You could get satisfactory coverage (near-area) by using a portable cell relay. These things can be so small, you can hold one in your hand. Usually, these are owned (allegedly, not confirmed) by certain government projects.

    2. “Is there an easy visual way to look @ a tower & determine whether it is fake?”
      As Miguel says, “tower” is just a convenient catch-all description. The transceiver can be placed just about anywhere – tree, utility pole, church steeple, antenna tower, roof, etc.

  6. The easy way to tell if it is a fake tower, especially if being run by the government: Approach the door. If you are met by a guy with a gun, its probably the government ;)

  7. Well people could do what was done during WWII, become a “Code Talker” for sensitive information. Invent your own language then at least they won’t know what you are talking about. It’ll keep them busy trying to decode it!

  8. While the intercept of voice is wrong for private citizens (non criminal). where does this leave web activity through the phone for commercial use?
    Is SSL also being comprised?

    Personally, I don’t care if they listen to me, I will bore them to death and solve the problem that way.

  9. I like this article:


Comments are closed.