This month, FCC Chairman Tom Wheeler revealed, in response to a letter from Congressman Alan Grayson, that his agency is assembling a task force “to combat the illicit and unauthorized use of IMSI catchers.” Often known as the brand-name “StingRay,” these are surveillance devices that impersonate legitimate cell towers, enabling them to covertly identify and locate nearby cell phones and, in some cases, to intercept the content of calls or text messages those phones send or receive.
A Stingray does this by exploiting a persistent vulnerability in the 2G protocol: telephones operating in 2G cannot authenticate cell towers, which means that a rogue tower can appear to be part of a legitimate cellular network. Although 3G and 4G networks have addressed this vulnerability, these networks can be jammed, forcing nearby phones to communicate using the vulnerable 2G protocol. As long as phones include the capability to communicate using 2G—a useful thing when 2G remains widespread in rural areas—the latest smartphones will remain vulnerable to decades old security flaws. Moreover, IMSI catchers remain essentially invisible, since their operation can only be detected in real time with rarely used counter-surveillance equipment.