Recently, I asked John if there was an affordable device that could detect rogue cellular network transceivers, including "Stingray" devices and other hardware used by law enforcement to surreptitiously monitor and track cell phones and users. Apparently, my wish has been granted.
At the RSA Conference in San Francisco, the network penetration testing and monitoring tool company Pwnie Express demonstrated its newest creation - a sensor that detects Stingrays and similar devices.
As Ars Technica reported, in an exclusive demonstration for Ars, Pwnie Express CTO Dave Porcello and Director of Research and Development Rick Farina showed off the company's new cell network threat detection capabilities, which integrate into Pwnie's Pulse security auditing service. The capability will give companies the ability to monitor cellular networks around them and detect anomalies caused by rogue cellular base stations, IMSI catchers, and devices used to extend cellular coverage into areas where it may not be authorized.
Of all the potential security threats to companies and individuals that have emerged over the past few years, perhaps the hardest to crack is rogue cellular base stations. Whether they're used to attack the privacy of a cell phone user's communications or as a backdoor out of places where cell phone usage is restricted, configuring unauthorized cell "towers" has become very simple. It doesn't necessarily even require law enforcement-grade hardware. Anyone with a HackRF card or other software-defined radio kit and open-source software can turn a laptop computer into a cellular network transceiver—or even a cellular jammer.
You may recall that ESD America, which manufactures the CryptoPhone secure cell phone—reported that more than a dozen rogue cell "towers" had been located in D.C. It's not clear if all of these were being operated by law enforcement or the government. In one way, I hope so.
Pwnie's cellular threat detection capability is based on FCC-certified cellular transceiver hardware, and it will be integrated into the company's Pwn Pro network sensor line (the corporate version of the Pwn Plug). A 4G cellular transceiver is integrated directly into the device.
"What we're focusing on is the malicious use of cellular—a handful of specific things we can detect passively now," said Porcello. "And there will be a lot more by the time we ship." The biggest challenge is ruling out false alerts.
Want to know how all this works? Click on the link at the beginning of the post. I think Pwnie will find a market anxious to avail itself of this new offering.
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology