Earlier this week, we reported about how rogue mobile phone towers all over the US could be intercepting phone calls and loading malware on devices. The good news: There's a firewall that identifies these towers and alerts you instantly. The bad news: You need a $US3500 device to use it.
Wired has an interesting article explaining how these phony towers work. Interceptors, says Wired, force a phone to connect to them by emitting a stronger signal that the legit towers around them. Once your phone connects, they can not only track you in real time, they can also stealthily pass on your signals to an actual tower so that you still have service.
If you have a CryptoPhone, a $US3500 device sold by a company named ESD America, the device's built-in firewall monitors all connections to the phone's baseband. Here's how it keeps you safe:
[The firewall] checks whether a particular cell tower lacks an ID like its neighbouring towers -- for example a name that identifies it as an AT&T or Verizon tower -- whether it has a different signal strength, and whether the tower is operating as expected or trying to manipulate phones.
It will also alert you when the mobile network's encryption has been turned off or when the phone has suddenly switched from using a 3G or 4G to a 2G network -- a less secure network that doesn't authenticate cell towers and makes it easier to decrypt communication. IMSI catchers will often jam 3g and 4G signals to force a phone to use the less secure 2G network, and the CryptoPhone firewall will alert users when this occurs.
CyrptoPhone's firewall also does cool things like alerting you whenever a rouge interceptor sends a message to your phone to launch the camera, or the microphone, and allows you to flag suspicious connections that occurred when you weren't using the phone at all.
Sadly, the firewall is only available only for enterprise and government customers using Cryptophones. It is possible to have it as a consumer-level app on regular phones, but there are no plans to release it that way. Too bad. [Wired]