NEW YORK (MainStreet)You take all the mobile phone security precautions. You PIN protect the device, you encrypt your data, you don't jailbreak phones, and you download apps only from the main app stores. Guess what: you still have enormous vulnerability, because, suddenly, crooks are unleashing what amounts to carrier-level attacks designed to gain access to all data and voice calls and, right now, there is very little you can do to protect yourself. Two big threats are literally challenging just about every assumption about cellphone security.
Meet the first threat: a security firm executive was in an airline lounge at Kennedy Airport when he noticed something strange occurring to his phone. The signal had plummeted from fast 4G to barely moving 2G on the GSM network, and then it dawned on him: his phone was being redirected to a rogue cellphone tower that had been set up to grab all the data and voice traffic from phones in that lounge. It dialed down to 2G, because at that speed the rogue tower can simply turn off any encryption applied by the device, meaning the traffic is all in the clear.
Don't dismiss this as geek paranoia. As far back as 2010, a security researcher demonstrated a home brewed device that could mimic cell towers.
That nightmare is coming true: suddenly crooks are erecting bogus cellphone towers. "It shouldn't cost more than $1500," said Phil Lerner, a vice president at security company Stonesoft.
And price are dropping. "This is a growing issue," said Tom Eston, an executive with SecureState. "This is going to get worse."
Experts said plug and play kits - assembled in Eastern Europe - now are starting to show up for sale in online criminal bazaars. So the required technical skill levels are dropping along with the prices.