The inherent insecurity of mobile phones

I’ve had some interesting conversations since my article on kill switch technology was published.  One thing has come up a couple of times – the general sentiment of “people are really going to set up devices that pretend to be AT&T cell phone towers?  That sounds ridiculous/farfetched/like a movie plot, etc.”

Well, you don’t have to spoof an AT&T cell phone tower at all – just create your own!  By their very nature, cell phones are very “chatty” devices – they are constantly sending out signals to figure out where the nearest tower is, and whether they should change towers.  This is why your cell phone works while you’re walking down the street (or driving, but you shouldn’t be doing that anyway).

A cell phone does not need to authenticate to any particular type of tower; it essentially trusts any tower that promises to transmit data.  This fundamental technological flaw (or “feature”, depending on your viewpoint) allows for just about anyone to create a working cell phone tower – and these towers can be used to track individuals when they come within range because they will connect to your tower.

It should be noted that the above-linked slide is from 2008, when this technology cost $40,000, but is built for far less money today (unless you’re buying from Harris).

In this video (spoiler alert: it’s also an ad), we can see a Raspberry Pi ($35) acting as a controller for the Ettus Research USRP B100 (possibly discontinued; Ettus suggests the B200 for $675).  Or in this (quite boring) video, we see the USRP N210 ($1,700) used in conjunction with Linux and OpenBTS.  Together, they are used to transmit a signal  – in this case, a text message – to a cell phone.

So the reason I’m strongly opposed to this proposed law?   Just imagine if he had sent a “kill” signal to that phone instead of a text message.  From my understanding, that phone would not be able to talk to *any* cell tower after coming in contact with this rogue tower.  Worse than that, I believe the proposed federal bill wants the capability to not only disable a phone but also to wipe data from the hard drive.

Communications technology is about enabling people to talk to each other.  Legislating a technology into existence which intentionally limits the ability to communicate is immoral, especially in a democracy which requires open communication between citizens.  And if you don’t think cell phone carriers can already disable your phone, try not paying your bill for a couple of months (which will surely happen for those MN legislators living on minimum wage).

Leave a Reply

Your email address will not be published. Required fields are marked *