If the National Security Agency is capable of accessing and recording people's phone conversations, as it clearly is, then it stands to reason that other groups might have similar abilities. One of the big questions, then, is how, exactly, is it possible to do this?
Must hackers break into the systems of mobile phone carriers? Do they need legal access to phone company infrastructure? According to Andrew Rosenblum writing for Popular Science, the answer is actually much more simple: a fake cell phone towers can trick your phone into giving up its secrets, or even open a channel for hackers to plant spyware on your device.
Known as interceptors, these devices—little more than a good computer hooked up to a radio—can trick your phone into thinking it's talking to a normal cell phone tower. And according to Rosenblum, they're not all that rare, even in the U.S. In a short trip from Florida to North Carolina researchers working for a company that sells high-security cell phones found eight such interceptors. Nationally, they found at least 17.
Some interceptors are limited, only able to passively listen to either outgoing or incoming calls. But full-featured devices like the VME Dominator, available only to government agencies, can not only capture calls and texts, but even actively control the phone, sending out spoof texts, for example. Edward Snowden revealed that the N.S.A. is capable of an over-the-air attack that tells the phone to fake a shut-down while leaving the microphone running, turning the seemingly deactivated phone into a bug.
Most cell phones, says Rosenblum, show no signs whatsoever that they've been compromised. According to Rob Waugh for WeLiveSecurity, there's no reason to assume that these interceptors are static cell towers. Instead, he says, “it's far likelier that they are mobile installations of the kind used not only by law enforcement and government agencies, but also by scammers and other criminals.”
A basic interceptor can be had for around $1,500, says Wired.