Mobile phone fraud and interception is becoming an ever-increasing headache for businesses.
Interception has been an issue since day one, with the technology to achieve it becoming more advanced in order to keep up with the frantic evolution and capability of cellular devices.
Many businesses are reliant on mobile phones, for not only conversations and text messaging, but also emails, remote network access, even banking. This information makes the ability to intercept and take control remotely of another mobile phone an extremely lucrative pastime.
This article will focus primarily on the interception of cellular traffic, how it is achieved and what can be done to protect yourself or your company from an attacker.
How is it done?
The UK has mobile phone towers distributed all over to allow coverage wherever you travel. As you move around your mobile phone will be communicating with these towers to ensure that it is always connected to the one with the strongest signal, or the available capacity to handle the requirements of the cellular device. Each mobile phone tower has a unique identifier so the phone knows which one it is talking to and will hand over to the next tower when the signal diminishes. Fake towers will mimic this identifier, effectively cloaking the genuine one thereby invisible on the network.
If a fake / spoofed mobile phone tower pops up and provides the strongest signal your phone may jump onto that tower and begin transmitting your calls, texts and data through this illicit tower. The fake tower will be able to listen into your calls and read your texts as they pass through, and perhaps worse has the capability to emulate your phone and send malicious messages or calls pretending to be you. This can be exploited in an endless number of ways, for example; the illicit tower could;
- message your boss letting saying you’d like to resign
- message employees explaining they must attend a meeting, thereby leaving the attacker free to take advantage of unattended areas/reports, etc
- message people requesting information they are likely to give to someone (they think) they know
How to protect yourself and your company.
Fake mobile phone towers cause latency on the network. This may mean that you notice your phone is taking slightly longer to connect or, due to less expensive transmitters and receivers, the quality of your call may be affected. Some smart phones will allow you to identify which towers are supporting your network by showing you the unique identifiers. It is possible to notice a difference in tower number or even a change in your usual signal strength.
The best accurate and reliable method would be to utilize equipment such as an AIDA. This will monitor all cell towers in the area. Should a new tower be detected it will not only alert you that a possible threat is out there but it will also calculate it’s precise location and allow you to neutralize the threat.
Esoteric can assist in any questions or concerns you may have regarding this.