Android security mystery – ‘fake’ cellphone towers found in U.S. By Rob Waugh posted 28 Aug 2014 - 04:38PM Android 0 tags Android cellphone 116 inShare Seventeen mysterious cellphone towers have been found in America which look like ordinary towers, and can only be identified by a heavily customized handset built for Android security – but have a much more malicious purpose, according to Popular Science. The fake ‘towers’ – computers which wirelessly attack cellphones via the “baseband” chips built to allow them to communicate with their networks, can eavesdrop and even install spyware, ESD claims. They are a known technology - but the surprise is that they are in active use. The towers were found by users of the CryptoPhone 500, one of several ultra-secure handsets that have come to market in the last couple of years, after an executive noticed his handset was “leaking” data regularly. Its American manufacturer boasts that the handset has a “hardened” version of Android which removes 468 vulnerabilities from the OS. Android Security: Towers in casinos Despite its secure OS, Les Goldsmith of the handset’s US manufacturer ESD found that his personal Android security handset’s firewall showed signs of attack “80 to 90” times per hour. The leaks were traced to the mysterious towers. Despite having some of the functions of normal cellphone towers, Goldsmith says their function is rather different. He describes them as “interceptors” and says that various models can eavesdrop and even push spyware to devices. Normal cellphones cannot detect them – only specialized hardware such as ESD’s Android security handsets. Who created the towers and maintains them is unknown, Goldsmith says. Origin of towers ‘unknown’ “Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says. “One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one at South Point Casino in Las Vegas.” Their existence can only be seen on specialized devices, such as the custom Android security OS used by Cryptophone, which includes various security features – including “baseband attack detection.” The handset, based on a Samsung Galaxy SIII, is described as offering, a “Hardened Android operating system” offering extra security. “Baseband firewall protects against over-the-air attacks with constant monitoring of baseband processor activity, baseband attack detection, and automated initiation of countermeasures”, claims the site. “What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith. “Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.” Baseband attacks are considered extremely difficult – the details of the chips are closely guarded. “Interceptors” are costly devices – and hacking baseband chips is thought to be technically advanced beyond the reach of “ordinary” hackers, ESD says. The devices vary in form, and are sold to government agencies and others, but are computers with specialized software designed to defeat the encryption of cellphone networks. The towers target the “Baseband” operating system of cellphones – a secondary OS which sits “between” iOS or Android, for instance, and the cellular network. Goldsmith says that the devices cost “less than $100,000” and does not mention what level or type of device his team has detected. Most are still out of reach of average hackers, although freely advertised. One model is the VME Dominator, which is described as, “a real time GSM A5.1 cell phone interceptor. It cannot be detected. It allows interception of voice and text. It also allows voice manipulation, up or down channel blocking, text intercept and modification, calling & sending text on behalf of the user, and directional finding of a user during random monitoring of calls.” What has come as a surprise is how many “interceptors” are in active use in the U.S., and that their purpose remains mysterious. Author Rob Waugh, We Live Security Related Articles Cybercrime: Top experts to form international crook-hunting force Week in Security: Game over in Korea, cellphone snoops and phishy Bitcoins Google dorks - FBI warning about dangerous ‘new’ search tool Data breach in South Korea hits 27 million - half the population Online fraud - POS malware has now hit 1,000 U.S. firms Follow Us FacebookYoutubeTwitterLinkedInGoogle+RSSEmail Automatically receive new posts via email: Delivered by FeedBurner 4 articles related to: Hot Topic Windigo 28 Aug 2014 read more Popular articles Tags Bitcoin wallet phishing scores unlikely hit with crypto-curious PSN hacked – Network back after cyber attack and bomb threat Surveillance fears over systems which ‘follow’ cellphone users Google Images hacked? Searches fill with morbid image Online fraud – POS malware has now hit 1,000 U.S. firms ESET Virus Radar Archives Select month
Posted on: Tue, 02 Sep 2014 12:14:43 +0000
Trending Topics
Recently Viewed Topics
© 2015