Send to

The spyware that enables mobile phone snooping

Dec. 2, 2013 - 19:39 By Yu Kun-ha
Thanks to ever-improving technology for intercepting phone calls and text messages, it’s getting easier for U.S. companies’ competitors, both foreign and domestic, to engage in corporate espionage through remote wiretapping. Such activity, which has been widespread in India for years, could be thwarted if U.S. wireless carriers would upgrade their network infrastructure and encryption practices.

However, the federal authorities who are in a position to require this seem more interested in keeping such technology secret than in protecting the privacy of companies and citizens.

The technology involved is called cellular interception. The active variety of this, the “IMSI catcher,” is a portable device that masquerades as a mobile phone tower. Any phone within range (a mile for a low-grade IMSI catcher; as much as 100 miles for a passive interception device with a very large antenna, such as those used in India) automatically checks to see if the device is a tower operated by its carrier, and the false “tower” indicates that it is. It then logs the phone’s International Mobile Subscriber Identity number ― and begins listening in on its calls, texts and data communications. No assistance from any wireless carrier is needed; the phone has been tricked.

Because the security hole that allows for this snooping is associated with 2G mobile networks, any 2G phone can be fooled by an IMSI catcher. To bring in newer phones, corporate spies and other criminals can easily jam nearby 3G, 4G and long-term evolution, or LTE, networks so that phones associated with them “think” they have to fall back on 2G networks. All phones, no matter how modern, continue to work in 2G mode, because carriers are reluctant to make the investments required to move up from 2G networks nationwide.

Cellular interception technology, both active and passive, can be useful to law enforcement and national security operations. It can be used to detect the phones that are in a given place at a given time or are entering the protective bubble around a public official, for example. They can also locate a specific phone being carried by a suspect, even when it isn’t being used. Also, the devices can listen in on calls, which is beneficial for almost any kind of operation.

Although the details are murky, law enforcement at every level of government appears to be using cellular interception technology for these purposes. Earlier this year, the federal government conceded that its use of an IMSI catcher in an Arizona case amounted to a search and seizure under the Fourth Amendment but argued that a judge had authorized it. The Electronic Frontier Foundation and the American Civil Liberties Union have warned that police are routinely misleading judges about the scope of IMSI catchers’ powers.

Concern for law enforcement operations is probably what has led the Federal Communications Commission, in authorizing the sale of high-grade versions of these devices, to keep all information about them secret. Its rationale: Why publicize technology that is used mainly for public safety? But this assumes that the devices are too expensive for ordinary private snoops.

While that might have been true in the past, all technology has a way of getting cheaper, and better, over time. IMSI devices that once cost $50,000 to $100,000 can now be created by hobbyists or bought from any number of online vendors for a few thousand dollars, according to a law review article by privacy researchers Christopher Soghoian and Stephanie Pell that is set to be published next year. And “network extender” devices ― personal mobile-phone towers ― sold by the carriers themselves, often called femtocells, can be turned into IMSI catchers.

The threat of this technology being employed for private espionage would go away if wireless carriers would decommission voice services over 2G networks and invest in their networks so that 4G/LTE services would be available everywhere and femtocells would rarely be needed. They should also allow everyone to use more secure, Internet-based applications such as Skype, FaceTime and Google Hangouts without penalty, slowdown or blocking.

As things stand, U.S. mobile networks can easily be exploited by criminals and by foreign governments. Just because law enforcement authorities are also fond of the gadgets that carry out this snooping doesn’t mean they should be so easy for anyone to use.

By Susan Crawford

Susan Crawford, a professor at the Cardozo School of Law and a fellow at the Roosevelt Institute, is the author of “Captive Audience: The Telecom Industry and Monopoly Power in the New Gilded Age.” Follow her on Twitter at @scrawford. ― Ed.