Towards the end of July, ESD America, the makers of the ultra-secure CryptoPhone, said that their engineers and customers had discovered more than a dozen rogue cell towers (also known as interceptors or IMSI catchers) around the U.S.
New information shows that the discovered towers might only represent a small fraction of the whole, and what's been discovered doesn't account for the mobile base stations that are only active on a limited basis.
Interceptors are a huge risk if used by a malicious actor. That's because once a device connects to them, the interceptor's operator can perform a number of tasks, including eavesdrop on calls or text messages, or in some cases push data (spyware for example) to the device. This is why they're only supposed to be used by law enforcement or the government.
However, that doesn't mean that the government or law enforcement haven't found themselves in the hot seat for abusing an interceptor's functionality. The potential for abuse and wide availability of the technology, including home-grown versions that work just as well as their commercial counterparts, means that the existence of unknown interceptors are a major concern.
In an interview with Popular Science last month, Les Goldsmith, the CEO of ESD America, said that it's suspicious many of the interceptors discovered in July were "on top of U.S. military bases."
"So we begin to wonder -- are some of them U.S. government interceptors? Or are some of them Chinese interceptors? Whose interceptor is it? Who are they, that's listening to calls around military bases? Is it just the U.S. military, or are they foreign governments doing it? The point is: we don't really know whose they are."
The unknown is what prompted questions from Congress, who grilled the FCC on their plans to address the interceptor issue.
The agency, responding to Congress in a letter dated Aug. 1, said that a task force had been created "in order to combat the illicit and unauthorized use of IMSI catchers."
"The mission of this task force is to develop concrete solutions to protect the cellular network systemically from similar unlawful intrusions and interceptions," the letter added.
On Tuesday, Aaron Turner, president of IntegriCell, along with Buzz Burner, director of applications at ESD America, and Goldsmith drove around Washington, D.C. in order to see if they could detect any interceptors.
The trip was a live test of sorts, as Turner's company plans to take the baseband firewall from the CryptoPhone and put it in the enterprise market. They used the CryptoPhone as their guide and discovered 15 new interceptors, including three on Pennsylvania Avenue, arguably the most famous street in the district when it comes to tourism.
In the areas where the interceptors were discovered, they generated more than 40 alerts on the CryptoPhone.