JULIAN OLIVER HAS for years harbored a strange obsession with spotting poorly disguised cellphone towers, those massive roadside antennae draped in fake palm fronds to impersonate a tree, or even hidden as spoofed lamp posts and flag poles. The incognito base stations gave him another, more mischievous idea. What about a far better-disguised cell tower that could sit anonymously in office, invisibly hijacking cellphone conversations and texts?
Earlier this week, the Berlin-based hacker-artist unveiled the result: An entirely boring-looking Hewlett Packard printer that also secretly functions as a rogue GSM cell base station, tricking your phone into connecting to it rather than your phone carrier’s tower, effectively intercepting your calls and text messages.
“For quite some time I’ve had an interest in this bizarre uncanny design practice of disguising cell towers as other things like trees,” says Oliver. “So I decided to build one into a printer, the most ubiquitous of indoor flora, and have it actually antagonize people’s implicit trust in these technologies.”
Oliver’s fake printer, which he calls the Stealth Cell Tower, could potentially eavesdrop on the voice calls and SMS messages of any phone that’s fooled into automatically connecting to it. Since it sits indoors near its victims, Oliver says it can easily overpower the signal of real, outdoor cell towers. But instead of spying, the printer merely starts a text message conversation with the phone, pretending to be an unidentified contact with a generic message like “Come over when you’re ready,” or the more playful “I’m printing the details for you now.” If the confused victim writes back, the printer spits out their response on paper as a creepy proof of concept. It’s also programmed to make calls to connected phones and, if the owner answers, to play an mp3 of the Stevie Wonder song “I Just Called to Say I Love You.” After five minutes, the printer drops its connection with the phone and allows it to reconnect to a real cell tower.
Oliver’s creation isn’t intended merely to stage an elaborate office prank. He wants to demonstrate the inherent privacy flaws of the cellular connections our phones depend on. His Stealth Cell Tower, after all, is no different from the devices known as IMSI catchers, or “stingrays,” that police use to hijack cellphone connections and spy on and track criminal suspects. “GSM is so broken and phones are so desperate to get hooked up that they’ll just hop onto anything that looks like a cell tower,” Oliver says. “IMSI catchers are most commonly deployed at protests. It’s worrying, when you’re looking at activist movements organizing themselves over SMS and calls.”
Instead, he says, his mischievous printer should serve as a reminder to the paranoid to end-to-end encrypt their communications. He recommends the free encryption app Signal. “My project is intentionally built to humiliate GSM in a sense,” says Oliver. “It’s broken, and we need to encrypt our stuff end-to-end.”
Oliver built his spy printer from easy-to-buy hardware: A Raspberry Pi minicomputer, a BladeRF software-defined radio, two GSM antennae and of course, a Hewlett Packard Laserjet 1320 printer. He’s also released the code for Stealth Cell Tower on his website.
But don’t try this hacker trick at home—or at the office. Oliver admits his printer would break plenty of laws if used without certain safeguards. In the US, for instance, it likely violates the Wiretap Act and Federal Communications Commission regulations. Civil rights groups have even alleged that Baltimore Police broke the law when they used the same IMSI catching technique on criminal suspects.
Oliver says that if he eventually displays the printer in a gallery or museum, he’ll consult his lawyers and post warnings that anyone who enters the room consents to have their phone’s communications intercepted.
“The whole idea is to lure a phone over to an object in the room for this brief encounter, to create an unsettling, critical break,” says Oliver. “If you don’t want your phone to behave oddly, you should turn it off.”
Original Post by: wired.com