Rogue cell phone surveillance gives rise to mobile threat defense

From ComputerWorld: Researchers have created a device using off-the-shelf components that can sniff out controversial cell phone surveillance devices, known as IMSI-catchers or StingRays, used by federal and state law enforcement as well as hackers.

The International Mobile Subscriber Identity-catchers have not only been used to locate mobile devices but also to sometimes eavesdrop on users, send spam or upload malware, according to University of Washington (UW) security researchers.

"The threats remain the same when looking at enterprises: tracking and, under certain circumstances, eavesdropping are possible through this attack," said Dionisio Zumerle, a Gartner research director for Mobile Security. "The attack requires technical expertise and equipment that was once hard to find; today it is easier and that is the main source of concern."

IMSI-catchers or cell-site simulators work by pretending to be a legitimate cell tower that a smartphone would typically use. The catchers trick the cell phone into sending identifying information about its location and how it is communicating. The portable surveillance devices range in size from a walkie-talkie to a suitcase and in price from several thousand to hundreds of thousands of dollars, according to UW.

View: Article @ Source Site