Until now it was thought that the newest 5G technology would fix a flaw that exposes devices to Stingray Attacks, but it was revealed today, that is not the case.This security weakness affects 3G, 4G, and 5G wireless technologies and enables high level spying on your device/s.
What is does the 'G' mean:
The G stands for the ‘next generation’ of wireless technology. Provided by your service provider/cell service, It's how your devices access the internet, how your information is sent to and from your device and basically indicates how fast your internet speed is. Each generation is faster,better and more secure than the previous so 5G would offer better wireless technology than 4G, and so on.
The security flaw:
There is a complicated system in place which enables your device to communicate securely with your network/cell service provider. Known as Authentication and Key Agreement (AKA), this system requests certain information to confirm the identity of the device in order to keep the connection secure. It is within this system that the weakness has been found, and leaves your device vulnerable to spying and specifically a stingray type attack.
What is at risk;
Without a fix for the security flaw in the AKA system, your device and privacy is open to a Stingray attack. I have included more information about a Stingray attack below, but ultimately it can access all kinds of information on your device, even track you right down to your specific location, and even block your service. In some cases, it can load the device with spy software and can access everything on your device.
What is a Stingray Attack:
Stingrays is a term used for equipment that is used for spying on mobile devices. Officially called International Mobile Subscriber Identity-catcher or IMSI they act as a fake base station/cell tower. Devices search for and use the strongest signal so Stingrays are positioned close to the target devices and trick the devices into thinking the Stingray is their network tower. Once the device is connected to the Stingray the attacker can run a number of simple attacks to access your device, load it with software and spy on you.
How you you protect yourself:
You don’t. You can’t. That’s the scary part, once your device has connected to Stingray the attacker has access, and it is entirely dependant on their ability and intention what they do to your device and what information they access. We are currently working on a solution for this and hope to release it really soon, but in the meantime;
Firstly, there are a few things to remember:
Stingray attacks are illegal and usually reserved for law enforcement agencies as: They require legal consent from Government Authorities, The require very expensive equipment, It is notoriously difficult to buy the equipment if you are not a Government Agency
Anyone within the range of the Stingray ‘Fake Tower’ is vulnerable to attack as they indiscriminately intercept communications from all devices in the target area.
Anyone with deep enough pockets can get their hands on Stingray equipment but equipment is becoming more affordable with basic kits starting at around USD$1500
What can you do?
Look out for tell tale signs like being forced onto a 2G connection. The better the wireless technology, the harder it is to crack. So 3G would be difficult, 4G more so and 5G very difficult requiring the most sophisticated, latest and expensive Stingray technology. So usually attackers force the devices onto a lower G connection to make it easier to intercept the device.
Force your device to only use the 3G or higher.
Use a Cryptophone, they have firewalls that can detect an attack.
Use a VPN for online traffic, communications via the VPN should be protected by unbreakable encryption. Then use Skype/Whatsapp etc for messaging
If you think your device is being accessed cut off your network connection immediately
Buy a new sim card, it will have a new identification number which is what they use to target your device.
Don’t use mobile devices for sensitive communications.
**There are apps that claim they protect you against these attacks but most of them don’t and those that do offer some level of protection are easily bypassed.
All the best,
Incognito - Privacy Care Team
Join our community of over 4 million happy people.
Use the Sign Up form below to join our community and we will notify you every time we have a new Privacy Tip.
Please Share this tip with your family and friends and let them know we can help.
Install - If you are an Android user why not install Incognito and allow us to keep you safe from commercial spyware. Incognito is easy to use and extremely effective at finding and removing spyware. Just tap the 'Get it on Google Play' button below.
If you are happy with Incognito and its service please leave us a Review on the Play Store.