At the RSA Conference in San Francisco today, the network penetration testing and monitoring tool company Pwnie Express will demonstrate its newest creation: a sensor that detects rogue cellular network transceivers, including "Stingray" devices and other hardware used by law enforcement to surreptitiously monitor and track cell phones and users.
In an exclusive demonstration for Ars, Pwnie Express CTO Dave Porcello and Director of Research and Development Rick Farina showed off the company's new cell network threat detection capabilities, which integrate into Pwnie's Pulse security auditing service. The capability will give companies the ability to monitor cellular networks around them and detect anomalies caused by rogue cellular base stations, IMSI catchers, and devices used to extend cellular coverage into areas where it may not be authorized.
Of all the potential security threats to companies and individuals that have emerged over the past few years, perhaps the hardest to crack is rogue cellular base stations. Whether they're used to attack the privacy of a cell phone user's communications or as a backdoor out of places where cell phone usage is restricted, configuring unauthorized cell "towers" has become increasingly simple. It doesn't necessarily even require law enforcement-grade hardware. Anyone with a HackRF card or other software-defined radio kit and open-source software can turn a laptop computer into a cellular network transceiver—or even a cellular jammer.