Did you know?... hackers have gone to new levels as of late in the evil quest to steal your personal information. In a spin of the 'Man In The Middle' attack, hackers are setting up temporary powerful cell phone relays that act like a cell tower. Most phones are indiscriminate when associating to a new tower and base its connection not on trust, rather the strength and carrier the tower provides. If you think you or your phone would know the difference, think again.
If your phone connects to one of these fake towers, the attackers see all unencrypted traffic that passes over your phone. The information gleaned can be used attack your phone in a more direct manner later.
An example of this: The attacker sits in the corner of Starbucks Coffee every night. In his backpack he carries a small antennae that is throwing a powerful cell signal. To all the customers phones sitting in the cafe', that is the strongest tower around and automatically associate with it. The attacker sits quietly sipping his coffee reading a book, giving no outward sign that the small device in his backpack is snarfing gigabytes of data. Later that night he goes through the information he gathered. He prepares crafted attacks against several phones which are running services or application which put them more at risk. For several others he sees a pattern of unsafe browsing and activity, such as reading email when on public wi-fi. For those he crafts more specific attacks. Over the next week, he returns to the Starbucks, this time with laptop running a script that looks for the same cell phones. If one of the phones from the initial recon associates to his fake cell tower, or even gets on the public wi-fi, his script executes automatically and installs itself on the phone. Now that he has the phone, it will most likely move to the personal computer and any other computer to which the phone links at any point in the future.
Android developers has recognized this threat and are working on developing an app which validates the security of a tower before associating. Be sure to check for new software regularly and keep your phone and computers updated. If you have further concerns or wish to talk about implementing a BYOD (bring your own device) security policy, call us today, 719.749.1112