First time I’ve ever heard about this. Must I carry my cell phone in my Faraday cage everywhere I go now? Jeepers Creepers…
It works as a man in the middle type of attack.
If your phone sees a tower it will try and connect to it. They have their own “tower” which will act like a cell phone tower and is hooked up to the network (sometimes) in order to make it seem legit.
It doesn’t always work 100% - I was at a security conference where someone was demonstrating an open source version of one. It basically used a “flaw” in the GSM protocol - in that there is a requirement that all towers support encryption, but doesn’t require it be enabled. Also it wouldn’t work with all phones.
Not much is known about the devices used by law enforcement, but in at least some cases they need to compromise the handset. In the case I read about before - it was a verizon data card for a laptop and the FBI/Verizon people did a firmware “update” to include the tower ID of the fake tower in the list of acceptable cell sites so that the card would connect to it.
Here is a good article on the Verizon story I mentioned:
http://www.wired.com/2013/04/verizon-rigmaiden-aircard/all/
It has links to other related cases you might find interesting
Wowie Zowie DataX, thanks for the link. So it spoofs. And, from the link, “Verizon responded by supplying the government with information that included the latitude and longitude coordinates for five cell sites in San Jose and Santa Clara cities, in the heart of Silicon Valley.”
This is in my neighborhood. I have nothing to hide yet I feel strangely annoyed :dubious:
Your cell phone is a promiscuous whore and is always looking for new towers. It will interface to the strongest “cell tower” it encounters that speaks its language.