WASHINGTON, DC — Think your cellular use is safe from prying eyes who that haven’t obtained a warrant up front?Think again.
On Tuesday, the American Civil Liberties Union revealed it has obtained documents indicating the FBI has been engaging in wholesale cellular phone tracking without judicial oversight or operator complicity. The practice is facilitated by powers granted the FBI under the Foreign Intelligence Surveillance Act.
Using a technology called Triggerfish — which has nothing to do with colorful marine life — federal agents establish base stations that mimic cellular service providers’ signals, thereby tricking nearby handsets into identifying themselves. Even more chilling: a Triggerfish deployment can be set to screen for particular handset characteristics or just grab every piece of data within grabbing range and analyze it all later.
What makes all this amazingly simple snooping amazingly simple is that when the GSM cellular standard — upon which most U.S. networks rely — was developed, designers didn’t consider two-way authentication necessary. Evidently, the notion that someone might create a fake base station and use it to invade subscribers’ privacy didn’t occur to them. Even worse, there’s a gaping loophole in the GSM’s security protocol that allows Triggerfish deployments to request unique subscriber ID codes, called IMSIs, and actually receive them, thereby walking all over privacy and information security understandings subscribers have with their providers.
The 3G GSM standard, currently beginning deployment, requires base stations to authenticate themselves, so 3G phones on 3G networks are not subject to Triggerfish assault.
