Researchers Build System to Detect Cell Phone Hacking
Security researchers at the University of Washington (UW) have developed a new system called SeaGlass to detect anomalies in the cellular landscape that can indicate where and when cell phone surveillance devices are being used.
Described in a paper published in the June 2017 issue of Proceedings on Privacy Enhancing Technologies, the system was deployed during a two-month period with SeaGlass sensors installed in ride-sharing vehicles in Seattle and Milwaukee, resulting in the identification of dozens of anomalies consistent with patterns one might expect from cell-site simulators.
Cell phones are vulnerable to attacks from rogue cellular transmitters called International Mobile Subscriber Identity (IMSI) catchers, also known as cell-site simulators or Stingrays, surveillance devices that can precisely locate mobile phones, eavesdrop on conversations or send spam.
“Up until now the use of IMSI-catchers around the world has been shrouded in mystery, and this lack of concrete information is a barrier to informed public discussion,” co-lead author Peter Ney, a doctoral student at the Allen School of Computer Science & Engineering at the UW, was quoted as saying in a news release.
“Having additional, independent and credible sources of information on cell-site simulators is critical to understanding how – and how responsibly – they are being used.”
Cell-site simulators work by pretending to be a legitimate cell tower that a phone would normally communicate with, and tricking the phone into sending back identifying information about its location and how it is communicating.
The portable surveillance devices now range in size from a walkie-talkie to a suitcase, and in price from several thousand to hundreds of thousands of U.S. dollars.
While law enforcement teams in the United States have used the technology to locate people of interest and to find equipment used in the commission of crimes, cyber criminals are deploying them worldwide, especially as models become more affordable.
To catch these IMSI-catchers in the act, SeaGlass uses sensors built from off-the-shelf parts that can be installed in vehicles, ideally ones that drive long hours and to many parts of a city, such as ridesharing vehicles.
The sensors pick up signals broadcast from the existing cell tower network, which remain fairly constant. Then SeaGlass aggregates that data over time to create a baseline map of “normal” cell tower behavior.
The research team from the UW Security and Privacy Research Lab developed algorithms and other methods to detect irregularities in the cellular network that can expose the presence of a simulator.
These include a strong signal in an odd spot or at an odd frequency that has never been there before, “temporary” towers that disappear after a short time and signal configurations that are different from what a carrier would normally transmit.
For instance, around an immigration services building south of Seattle, the largest city in Washington state, run by the U.S. Department of Homeland Security, SeaGlass detected a cell tower that transmitted on six different frequencies over the two-month period.
That was notable because 96 percent of all other base cell towers broadcast on a single channel, and the other 4 percent only used two or three channels.
In addition, the team detected an odd signal near the Seattle-Tacoma International airport with suspicious properties that were markedly different from those normally used by network providers.
Those patterns would make sense if a mimicking cell-site simulator were operating in those areas, the researchers noted.
“In this space there’s a lot of speculation, so we want to be careful about our conclusions. We did find weird and interesting patterns at certain locations that match what we would expect to see from a cell-site simulator, but that’s as much as we can say from an initial pilot study,” said co-lead author Ian Smith, a former Allen School research scientist.
“But we think that SeaGlass is a promising technology that – with wider deployment – can be used to help empower citizens and communities to monitor this type of surveillance.”