First

An IMSI–catcher (International Mobile Subscriber Identity) is a telephony eavesdropping device used for intercepting mobile phone traffic and tracking movement of mobile phone users. Essentially a “fake” mobile tower acting between the target mobile phone(s) and the service provider’s real towers, it is considered a man-in-the-middle (MITM) attack.

Low-cost IMSI catcher for 4G/LTE networks tracks phones’ precise locations

$1,400 device can track users for days with little indication anything is amiss.

The researchers have devised a separate class of attacks that causes phones to lose connections to LTE networks, a scenario that could be exploited to silently downgrade devices to the less secure 2G and 3G mobile specifications. The 2G, or GSM, protocol has long been known to be susceptible to man-in-the-middle attacks using a form of a fake base station known as an IMSI catcher (like the Stingray). 2G networks are also vulnerable to attacks that reveal a phone’s location within about 0.6 square mile. 3G phones suffer from a similar tracking flaw. The new attacks, described in a research paper published Monday, are believed to be the first to target LTE networks, which have been widely viewed as more secure than their predecessors.

“The LTE access network security protocols promise several layers of protection techniques to prevent tracking of subscribers and ensure availability of network services at all times,” the researchers wrote in the paper, which is titled “Practical attacks against privacy and availability in 4G/LTE mobile communication systems.”

Second

ESD Overwatch:

Generate a continuously updated national situation report by means of distributed detection and localization of a multitude of baseband attacks as well as the manipulation of cellular signaling.

Detect and monitor cellular attacks in real-time

• 

  IMSI Catchers

• 

  Baseband Processor Attacks

• 

  Rogue Basestations

• 

  Cellular Jamming

Third

Suspected Hack Attack Snagging Cell Phone Data Across D.C.

Malicious entity could be tracking phones of domestic, foreign officials

FreeBeacon: An unusual amount of highly suspicious cellphone activity in the Washington, D.C., region is fueling concerns that a rogue entity is surveying the communications of numerous individuals, likely including U.S. government officials and foreign diplomats, according to documents viewed by the Washington Free Beacon and conversations with security insiders.

A large spike in suspicious activity on a major U.S. cellular carrier has raised red flags in the Department of Homeland Security and prompted concerns that cellphones in the region are being tracked. Such activity could allow pernicious actors to clone devices and other mobile equipment used by civilians and government insiders, according to information obtained by the Free Beacon.

It remains unclear who is behind the attacks, but the sophistication and amount of time indicates it could be a foreign nation, sources said.

Mass amounts of location data appear to have been siphoned off by a third party who may have control of entire cell phone towers in the area, according to information obtained by the Free Beacon. This information was compiled by a program that monitors cell towers for anomalies supported by DHS and ESD America and known as ESD Overwatch.

Cell phone information gathered by the program shows major anomalies in the D.C.-area indicating that a third-party is tracking en-masse a large number of cellphones. Such a tactic could be used to clone phones, introduce malware to facilitate spying, and track government phones being used by officials in the area.

“The attack was first seen in D.C. but was later seen on other sensors across the USA,” according to one source familiar with the situation. “A sensor located close to the White House and another over near the Pentagon have been part of those that have seen this tracking.”

The data gathered by the ESD Overwatch program indicates the U.S. cell carrier has experienced “unlawful access to their network for the purpose of large scale subscriber tracking,” according to a report prepared by ESD Overwatch, a contractor working on behalf of DHS, and viewed by the Free Beacon.

Information gathered by the program shows a massive uptick in efforts to identify and track cellphones. The third-party hacker appears to be identifying phones as they connect with local cellphone towers and recording this information.

This method of hacking could permit a malicious actor to track an individual’s cellphone and pinpoint phones that may be of importance, such as government entities.

The cellular network involved in the attack is being abused in order to track phones subscribed to the carrier, according to one source familiar with the situation.

DHS’s Office of Public Affairs confirmed that the ESD Overwatch program has been operating under a 90-day pilot program that began Jan. 18. Before the surveillance program was initiated the federal government did not have a method to detect intrusions of the nature seen over the past several months.

The attack on this network is still underway, according to sources monitoring the situation.

An official with ESD Overwatch acknowledged the existence of the DHS program, but would not comment further on the matter.

The issue of cellphone vulnerabilities has been a top concern in Congress, where lawmakers petitioned DHS on Wednesday to outline steps the government is taking to prevent foreign governments from performing the type of attacks observed by Overwatch.

“For several years, cyber security experts have repeatedly warned that U.S. cellular communications networks are vulnerable to surveillance by foreign governments, hackers, and criminals exploiting vulnerabilities in Signaling System 7,” which is used by cellular phones and text messaging applications, according to a letter set by Sen. Ron Wyden (D., Ore.) and Rep. Ted Lieu (D., Calif.).

“U.S. cellular phones can be tracked, tapped, and hacked—by adversaries thousands of miles away—through SS7-enabled surveillance,” the lawmakers write. “We are deeply concerned that the security of America’s telecommunications infrastructure is not getting the attention it deserves.”

“We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones,” the lawmakers write.

Concerns continue to mount that the government is not adequately taking steps to secure cellular networks.

The lawmakers request that DHS outline specific steps being taken to insulate networks from attacks and ensure that U.S. cell carriers are doing the same.