DoD, State Lack Ability to Flag Cell-Site Simulators
A slew of federal agency heads and the nation’s top intelligence official are being pressed to respond to what one influential senator is calling an “abysmal failure” by the U.S. government to defend its own employees from unauthorized cellphone surveillance.
“It has been a matter of public record for decades that phones can be tracked and calls and text messages intercepted using a device called a cell site simulator, which exploits long-standing security vulnerabilities in phones by impersonating a legitimate phone company’s cell towers,” Sen. Ron Wyden wrote Thursday in a letter to the director of national intelligence; heads of the FBI and CISA—the agency charged with defending critical systems; and the presumptive next chair of the Federal Communications Commission.
“While the threat posed by this technology has been clear for years,” Wyden wrote, “the U.S. Government has yet to meaningfully address it.”
Among other concerns in the letter, both the Departments of State and Defense have confirmed to Wyden’s office, he said, “that they lack the technical capacity to detect cell site simulators in use near their facilities.”
Cell-site simulators are cellphone surveillance devices that can sometimes fit in a suitcase and effectively hack phones remotely by exploiting a number of common design features. One such feature is the tendency hardcoded into a cellphone to always seek out the cell tower that’s emanating the strongest signal. While this is crucial to saving battery power and ensuring calls are properly routed, it can also be a critical weakness. By transmitting an even stronger signal—or in the case of LTE networks, on a higher priority frequency—cell-site simulators can force nearby phones to drop their connections and connect instead directly to the device.
G/O Media may get a commission
This kind of attack is not as easy as it used to be. The “handshake” between a phone and a cell tower is a multi-step protocol, which the simulator must emulate perfectly. Older…