Skip navigation
Criminal Legal News
The Habeas Citebook: Prosecutorial Misconduct - Header
× You have 2 more free articles available this month. Subscribe today.

Vendors Late to Recognize the Serious Threat of Cell-Site Simulators

Loaded on Feb. 15, 2024 by Michael Thompson published in Criminal Legal News February, 2024, page 49
Filed under: Commentary/Reviews, Police State-Surveillance, Cell-Phone Location/Tracking Data. Location: United States of America.

by Michael Dean Thompson

Cell-site simulators (“CSS”), also known by the brand name Stingray and more generically as IMSI Catchers, have permitted governments to spy on each other, hackers to install zero-click malware, and stalkers to track the location of their targets. They work by taking advantage of some of the inherent security flaws in the cellular telephony infrastructure.

Although CSSs have been in use for years, our government’s use of them is only just coming to light as they have fought to keep them out of the courts, even to the point of insisting cases be dismissed rather than have the technology fall under court scrutiny. Meanwhile, open-source kits have become available and cases have erupted of people sending spam, engaging in fraud, and using them to stalk others. And, despite the minimal protections in the U.S., cellphone use in another country may leave the user even more vulnerable. 

All cellular technologies are vulnerable but the easiest CSS tactic is to fake a 2G or 3G cell tower. Within the U.S., only one carrier—T-Mobile—has left its 2G and 3G infrastructure up. Nevertheless, while 2G connectivity may be common in some countries—sometimes even necessary—it is not needed in the U.S. That down-level compatibility unnecessarily leaves many domestic phones vulnerable to even the most basic cell-site simulator. Using a fake base station (cell tower) attack over a 2G connection, a CSS user has full access to the communications and can insert zero-click malware like Pegasus into a smart device undetected.

In 2021, Google added a toggle to disable access to 2G networks. If the mobile device user finds themself in a country with only 2G access, they can disable the option. Otherwise, the option should always be enabled. But that merely addresses one small part of the problem.

Google recently added a new feature that allows users to disable “null ciphers.” The more modern technologies try to encrypt conversations between the cellphone and tower. There are times, however, when the conversation cannot be encrypted. However rare, the most critical is when a phone has no SIM card installed but is being used to access emergency services. CSSs use null ciphers to force unencrypted conversations, allowing them to listen to the cellular traffic. Since policing agencies use cell-site simulators under license from the Federal Communications Commission, it is probably best to assume that modern law enforcement CSS devices have their own keys. Setting this option is doubtless still an important step in protecting a device from hackers and stalkers but likely little else. The null cipher toggle is only available on Android 14 or higher and does not appear to be available for generic Android phones.

Apple often makes strong claims about the security of their phones. One security-oriented feature is the Lockdown Mode released in iOS 16. That feature is intended to provide extra protection against malware by blocking major attack vectors. Somehow though, 2G tower connections were not included in that release. iOS 17 now offers that toggle. Even so, Apple still has not offered an option to prevent null cipher attacks. It is a tremendous oversight that needs to be addressed.

There remain many steps available to reduce the risk of base station attacks, including active CSS detection just as malware detectors attempt to sniff out malignant code. Disabling 3G would add yet another step, especially here in the U.S. Meanwhile, makers like Samsung have yet to take advantage of the fact that the 2G toggle is available on the Android Open Source Project and integrate it into their products. In fact, Samsung has so far failed to announce their intention to do so.

No phone can ever be completely secure, but consumers have a right to expect more from vendors to protect them from bad actors and warrantless invasions of their privacy.  

 

Source: EFF.org

As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.

Subscribe today

Already a subscriber? Login

More from this issue:

  1. Geofence Warrants: The Mass Location Surveillance and Privacy Threat Created by Google May Be Eliminated by Its Creator, by Anthony Accurso
  2. Minnesota Supreme Court Announces Odor of Marijuana Alone Emanating From Vehicle Insufficient for Probable Cause to Search Under Automobile Exception, by Anthony Accurso
  3. Michigan Supreme Court: Defendant’s Statements Involuntary and Inadmissible, by Douglas Ankney
  4. Tales From the ‘Tails’ of Bloodstains, by Douglas Ankney
  5. New Jersey Supreme Court Excludes CSLI Testimony Based on Agent’s ‘Rule Of Thumb’ Method for Determining Defendant’s Location, by Anthony Accurso
  6. New Night-Vision Capable Drone Marketed to Police, by Anthony Accurso
  7. Missouri Supreme Court Orders Dismissal of Pending Charges Where Trial Court Failed to Bring Prisoner to Trial Within 180-Day Limitations Period Provided for in ‘Interstate Agreement on Detainers’, by Douglas Ankney
  8. Third Circuit: Defendant Not on Rental Agreement Had Reasonable Expectation of Privacy in Car Because He Had Dominion and Control of Car Where Renter Gave Keys to Him, He Was in Possession of Them Upon Arrest, and Car Parked Nearby, by Anthony Accurso
  9. NYPD Has Spent Millions of Dollars on Social Media Analysis Tools, by Jo Ellen Nott
  10. New York Court of Appeals: Forensic Findings Establishing Possible Alternative Cause of Injuries in Sex-Crime Prosecution Admissible Under ‘Interest of Justice’ Exception to Rape Shield Law, by David Reutter
  11. The Diminishment of Miranda Is Leading to False Confessions and Conviction of Innocents, by David Reutter
  12. Fifth Circuit Announces Revocation Judgments for Violation of Supervised Release Vacated Because Underlying Sentence Vacated, by Anthony Accurso
  13. FBI Works to Expand Court Authority for Its Offensive Cyber Operations, by Anthony Accurso
  14. Third Circuit: Defense Counsel Ineffective Under Strickland Where Counsel Sat Silent After Judge Threatened to Charge Witness With Perjury Unless Testimony Changed, by Douglas Ankney
  15. Study Raises Alarms About Inaccuracies and Bias in Gun Forensics Reporting, by Jo Ellen Nott
  16. Ninth Circuit Announces District Courts Must Either Orally Pronounce All Discretionary ‘Standard’ Conditions of Supervised Release in the Presence of Defendant or Provide Conditions in Writing Prior to Sentencing, by Douglas Ankney
  17. The Problem with Some Non-Carceral Punishments, by Carlo Difundo
  18. Federal Habeas Corpus: The Savings Clause Remedy for Federal Prisoners, by Dale Chappell
  19. Researchers Find Fiber Evidence Lasts Longer Underwater Than Previously Thought, by Jo Ellen Nott
  20. Who Let the Dogs Out? Robotic Dogs Are the Newest (and Scariest) Surveillance Tech in U.S. Police Departments, by Jo Ellen Nott
  21. After Ohio Becomes 24th State to Legalize Recreational Marijuana, What Next?, by Jordan Arizmendi
  22. DHS Allows CBP and ICE Officers to Create Fake Social Media Profiles to Track Subjects of Interest and Conduct Investigations, by Jo Ellen Nott
  23. Fourth Circuit: Walking Past Unoccupied Home With Bulging Pocket and Attempting to Evade Neighborhood Tipster Insufficient for Reasonable Suspicion to Seize and Search, by Anthony Accurso
  24. DEA’s Domestic Surveillance Mission Creep: Beyond Drugs, Beyond Protests, by Jo Ellen Nott
  25. Harris County, Texas, Settles Civil Rights Case for $1.5 Million Brought by Innocent Man Shot in His Home Five Times by Trigger-Happy Deputy, by Jo Ellen Nott
  26. New Mexico Supreme Court Announces Marquez’s Holding That ‘Crime of Shooting at or From Motor Vehicle Cannot Be Predicate Felony Supporting Charge of Felony Murder’ Is New Substantive Rule and Applies Retroactively, by Douglas Ankney
  27. The Potential Privacy Threat of Generative AI, by Michael Thompson
  28. Pennsylvania Supreme Court: Testimonial References to Post-Arrest Silence Cannot Be Used Against Defendant at Trial, Pre-Arrest Harmless Error Analysis Does Not Apply, by Anthony Accurso
  29. Evidence Shows When Researchers Work Alongside Cops in the Field, De-escalation Training Is Implemented and Effective, by Douglas Ankney
  30. Data Mining: Law Enforcement Pays Cash for Your Private Data and Saves on the Hassle of Complying With the Fourth Amendment, by Douglas Ankney
  31. Sixth Circuit Announces Due Process Right to ‘Prompt’ Post-Seizure Hearing While Government Deciding Whether to Initiate Forfeiture Proceedings and Holds Wayne County’s Vehicle Forfeiture Program Violates Due Process, by Matthew Clarke
  32. Idaho Supreme Court Announces Adoption of ‘Primary Purpose’ Standard for Reviewing Police Decision to Impound Vehicles and Conduct Inventory Search to Prevent Pretextual Searches in Violation of Fourth Amendment, by Anthony Accurso
  33. Steady Improvement in Techniques for the Analysis of Degraded DNA, by Douglas Ankney
  34. Indiana Supreme Court Announces Civil Forfeiture Triggers Right to Jury Trial, by Matthew Clarke
  35. Study Finds Public Defenders’ Heavy Workloads Prevent Effective Representation, Amendments to 50-Year-Old Guidelines Recommended, by Douglas Ankney
  36. Kentucky Supreme Court: Trial Court Abused Discretion by ‘Rehabilitating’ Juror Who Indicated Could Not Be Impartial and Failing to Strike Juror, by David Reutter
  37. Identification Via DNA, Fingerprints, and 3D Scanning of Footwear, by Douglas Ankney
  38. Vendors Late to Recognize the Serious Threat of Cell-Site Simulators, by Michael Thompson
  39. Car Culture Dramatically Increases Number of Cop Confrontations, by Matthew Clarke
  40. News in Brief

More from Michael Thompson:

More from these topics:

 

 

Prisoner Education Guide side
Advertise here
Prison Phone Justice Campaign