The Growing Cellphone Eavesdropping Threat

Because of the nature of cellphones, and the means in which they connect and authenticate with cell phone towers, the threat of cell phone tapping is a real one, and one that continues to grow in scale.

Cell phone surveillance devices known as ‘International Mobile Subscriber Identity (IMSI) catchers,’ send out signals like cell phone towers, mimicking cell tower signals, and tricking phones into connecting to them in place of legitimate cell sites. The IMSI catchers then collect all kinds of information transmitted from the phone including conversations, messages, and identifying information1 without disrupting those communications and while remaining imperceptible to the target.

‘StingRay,’ the name of a widely known IMSI catcher manufactured by the Harris Corporation, is named for the stingray fish that sweeps the bottom of the ocean floor without notice from other fish; analogous to the StingRay device that sweeps up conversations without awareness of either the target or the cellphone carrier. The term Stingray has also become a generic term to describe IMSI catchers.

It is commonly assumed that intrusive cell eavesdropping technology is widely used in China, Russia, Eastern Europe, Latin America, the Middle East and elsewhere. Naively, we tend to feel more assured in the United States and in Western Europe. However, it has been widely covered that IMSI catchers were found all over the US including New York, Washington, California, Texas, Florida, and Illinois. As recently as last week it was reported that more than 20 were discovered in the UK.

It is now known publicly that IMSI catchers, or Stingrays are widely available. These devices continue to grow smaller and have become less expensive. Today, they are as small as suitcases and are commercially available for less than $2,000. As a result, the growth in the use of these devices continues to accelerate. People with nefarious intentions procure and use them, and Stingrays are no longer the exclusive domain of law enforcement.

Once someone – anyone – sets up an IMSI catcher, they can collect all sorts of communications, putting people’s security and privacy at risk – without the targets ever being aware that they are at risk.

From a practical perspective this means that when you are on your mobile phone, conducting a conversation with your significant other, boss, colleague, or collaborator, someone can very well be listening in – either intentionally tapping your phone, or listening to other conversations in the same area where yours is picked up as well. This tapping can easily be done – without you ever being aware of it.

Protecting your Communications

Frequently, rather than putting sensitive information in an email – whether the confidential information is business, personal, or subject to compliance – we pick up our mobile phones and call to make sure never to leave sensitive information in writing. We think of our cellphones as an extension of our direct communication, and speak freely to the person on the other end, not concerned about the path in between. Rarely do we hesitate before making a phone call to consider whether anyone other than the person on the other side of the call will have access to the information.

While we cannot prevent our phones from falling prey to IMSI catchers, we can prevent the hackers from collecting any meaningful information by encrypting our mobile communications and ensuring that our conversations and messages cannot be tapped.

The only way to completely secure mobile communications is by encrypting them. Encrypted phone calls and messages are never available to anyone other than the intended recipients. Should the call or message be hacked, or intercepted by a stingray or any other technology, only encrypted communications can be accessed. Unencrypted, perceptible communications can never be accessed by a third party.

KoolSpan provides an easy-to-use mobile communications encryption solution, ensuring calls and messages are encrypted end-to-end, and only accessible to the intended recipients. KoolSpan solutions are available for download from app stores including Google Play and Apple and are supported on Android and iPhone.

For more information on securing your mobile communications, contact KoolSpan.

1 https://www.emsec.rub.de/media/crypto/attachments/files/2011/04/imsi_catcher.pdf

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.