In the age of ubiquitous cameras, youtube postings and stolen photos/videos/revenge porn, the all seeing eye of big brother often overshoadows its equally terrifying but more subtle feature, the ears.
The Apple vs. FBI fight for phone security is all over headlines, at the top of every news hour and it’s even the plot of a fantastic TV show that predicted it occurring back in 2015. Mr. Robot season 2 is set to be all about the encryption and privacy debate that has been around since the 1990’s idea of inserting a ‘clipper chip‘ (8min44seconds in) in every computer to give the government a backdoor through any encrypted information. Who else is glad that it didn’t work? Getting back to Apple vs. FBI, did you know that what they’re asking for is stuff they can already do? Apparently it seems they just want a legal short cut to be able to get into any phone any time. Not just ones they physically hold in their hands. comforting right?
And it isn’t just the FBI who may be able to follow your private phone info. According to this disturbing piece from Bloomberg Business, the technology already exists (and is super cheap to buy or make) that allows law enforcement, black-hat hackers, or just your nosy neighbours. An International Mobile Subscriber Identity tracker (IMSI) acts as a fake cellphone tower to manipulate your phone into connecting with it.
The IMSI-catcher subjects the phones in its vicinity to a man-in-the-middle attack, acting to them as a preferred base station in terms of signal strength. With the help of a SIM, it simultaneously logs into the GSM network as a mobile station. Since the encryption mode is chosen by the base station, the IMSI-catcher can induce the mobile station to use no encryption at all. Hence it can encrypt the plain text traffic from the mobile station and pass it to the base station.
There is only an indirect connection from mobile station via IMSI-catcher to the GSM network. For this reason, incoming phone calls cannot generally be patched through to the mobile station by the GSM network, although more modern versions of these devices have their own mobile patch-through solutions in order to provide this functionality.
And not only is that shit scary enough, but these attacks are virtually undetectable to the victim.
“Anybody can make a StingRay [IMSI tracker] with parts from the Internet,” Rigmaiden tells me, citing a long litany of experiments over the years in which researchers have done just that. “The service provider is never going to know. There’s never any disruption. It’s basically completely stealth.” In the coming age of democratized surveillance, the person hacking into your cell phone might not be the police or the FBI. It could be your next-door neighbor.
Law enforcement around the world has been using this technology since at least the early 2000′s, and while some legal action is being taken to address what law enforcement agencies use IMSIs, for what reasons, and whether or not they should require a warrant before executing these attacks on privacy, for the most part the law man is keeping mum on the subject.
Law enforcement and intelligence agencies in Canada won’t say whether they use covert tools called International Mobile Subscriber Identity (IMSI) catchers to track the location of mobile phones and devices – even as the extent of their use by U.S. government agencies is raising serious questions among civil libertarians.
One of the biggest concerns among privacy groups, is the fact that these trackers are shotguns, not snipers. They not only collect the data of a suspect, they collect the data of everyone in the area who happens to have their phone switched on.
- As a total novice who barely understands what most of this means, my biggest concerns are: who is using this tech, can it be stopped, and where the hell can I get a Faraday cage big enough to cover my apartment?