Interest in CryptoPhone’s secure devices has surged since Edward Snowden exposed the extent of the NSA’s mass surveillance programs. During their investigations, CryptoPhone’s mobile security team discovered and patched 468 vulnerabilities in stock Android. In one test on a Samsung Galaxy S3, the team observed the device leaking data roughly 80–90 times per hour.
One notable capability of CryptoPhone devices is detecting fake cell towers. The company has documented multiple potentially malicious towers discovered by customers; a map provided by CryptoPhone shows at least 17 such towers. When a mobile device connects to a fake tower, attackers can perform “over-the-air” exploits that range from passive eavesdropping to installing spyware that intercepts calls and messages.
Les Goldsmith, CEO of ESD America, shared an account from a customer who drove from Florida to North Carolina and encountered eight fake towers along the route. The same customer even detected a suspicious tower near South Point Casino in Las Vegas. These kinds of findings raise questions about who controls these devices and why they remain in place.
Goldsmith and others speculate that many of these towers may belong to government agencies, noting that several have been located close to U.S. military bases. Combined with Snowden’s disclosures about the NSA’s reach and technical capabilities, a government connection is a plausible explanation for at least some of these installations.
Setting up a fake tower requires specialized, costly hardware, which reduces the likelihood that casual criminals are responsible for many of the installations. Advanced systems such as the VME Dominator can intercept voice calls and text messages and even take active control of a phone. Because the equipment is expensive and technically sophisticated, state actors or well-funded organizations are more likely candidates than opportunistic attackers.
Snowden’s revelations also described the NSA’s ability to perform remote, over-the-air attacks that can control a device in ways that are invisible to the user. For example, attackers can make a phone appear switched off while keeping its microphone active so it functions as a covert listening device.
Every smartphone typically includes a baseband processor that runs its own firmware—a secondary operating environment sitting between the handset’s main operating system and the cellular network. Details about baseband chips and their firmware are often closely guarded by manufacturers, which makes auditing and securing that layer difficult. Because these baseband systems are complex and proprietary, no device can be considered completely immune to over-the-air attacks.
Given the technical sophistication required and the privacy implications, awareness and mitigation are important. Users concerned about these risks can take practical steps: minimize sensitive conversations on mobile devices, keep device software up to date, consider using end-to-end encrypted voice and messaging services where appropriate, and use hardware or software solutions designed to detect or resist IMSI-catcher-style attacks.
As surveillance techniques evolve and sophisticated interception tools remain in circulation, understanding how mobile networks, baseband firmware, and cell-site emulators work is essential for informed privacy decisions. The detection work by companies like CryptoPhone highlights both the prevalence of potentially hostile infrastructure and the importance of active defenses.
Will the risks posed by fake cell towers make you more privacy-conscious? Share your thoughts in the comments.