Beware the IMSI catcher

A while back, we posted about drones hacking into your phones.

This linked article digs into a different sort of attack, by way of a device called an IMSI catcher.

Call it the “IMSI catcher” war, with the acronym standing for International Mobile Subscriber Identity. Every device that communicates with a cell tower—mobile phone, smartphone or tablet—has one. What StingRay (manufactured by Florida-based Harris Corp.) and its competitors do is act like a cellphone tower, drawing the unique IMSI signals into their grasp. Once the device is locked onto a signal, the quarry’s data is ripe for the plucking. Major targets include people working for U.S. national security agencies, defense contractors and officials, including members of such congressional panels as the armed services and intelligence committees.

The technology was originally demonstrated several years ago. It’s now become part of the mainstream, much like ATM card sniffers.

Mike Janke, a former Navy SEAL and co-founder of Silent Circle, a company that sells state-of-the-art encryption software, says, “Defense firms in the Washington, D.C. area have found IMSI catchers attached to the light poles in their parking lots. In February, one or two were found in the parking lot of a defense contractor near Washington.”

He adds, “They’ve also been found in Palo Alto,” the capital of Silicon Valley. “The FBI has been called in, but you can’t track who has made it.”

Hard to tell if this is a real problem, or a problem invented to get people to buy encryption solutions, but certainly an interesting read.