While the press is abuzz with stories of Chinese technology theft and Russian hacking, there is a hole that has gotten too little attention. “When Trump phones friends, the Chinese and the Russians listen and learn,” the New York Times reported, exposing a huge lapse of national security. In fact, those nations are listening in on cell phone calls across the country through cell site simulators, often known as stingrays, dirtboxes, and international mobile subscriber identity catchers that mimic towers to trick cell phones into transmitting information. They are commonly used to identify the location of a cell phone in order to track the owner. They can also be used to eavesdrop on conversations and intercept texts.
The Homeland Security Department last year found “anomalous activity“ consistent with use of cell site simulators near the White House and other sensitive buildings. Driving tests suggest that cell site simulators are positioned near the buildings of federal agencies and high technology defense contractors. Foreign intelligence services are presumed to be responsible. Yet the Homeland Security Department said it does not have the technical expertise or resources to find these cell site simulators.
Cell site simulators also raise Fourth Amendment concerns because law enforcement agencies use them domestically. Historically, these agencies have concealed their use of cell site simulators, claiming they did not require a warrant. In 2015, the Justice Department and Homeland Security Department changed their policies to require that a search warrant be obtained first, making it consistent with recent Supreme Court rulings establishing Fourth Amendment rights for certain cell phone data. Many state and local law enforcement agencies unfortunately continue to rely on a relevance standard that is considerably lower than the probable cause needed for a search warrant and falls short of the Supreme Court precedent, according to a House committee report.
Cell site simulators are also a threat in the hands of criminals who use them to commit fraud and other crimes. International mobile subscriber identity catchers are available for sale online or they can be constructed at home by any criminal with a few thousand dollars to purchase off the shelf components and the patience to assemble these devices. The open source software and “do it yourself” instructions necessary to do so are available on the internet. No programming skills are needed for this.
4G LTE was supposed to protect us from such snooping by fixing the security problems with 2G and 3G. But researchers demonstrated that 4G is also vulnerable to cell site simulator attacks using the same techniques that made 3G devices vulnerable by jamming preferred frequencies to force the target cell phone to use a lower frequencies. Law enforcement agencies, foreign spies, and criminals all exploit such weakness in our wireless service. There are several common sense measures that should be taken, including vigorous enforcement of laws on the books, the enactment of new laws, and better detection of cell site simulators.