How Qualcomm Wants to Protect Against Robbers … and Cops

Are you sure your phone isn't fooling you? Spoof cell sites can now be run on small, widely available boxes that pass bad data and phishing messages, Qualcomm said at its Snapdragon Summit today. Otherwise known as “Stingrays,” these faux cells can be run by criminals, law enforcement, or security agencies to collect your personal data without your permission.

At its summit, Qualcomm showed off the new anti-spoofing technology built into its X65 modem. That modem is part of its new Snapdragon 8 Gen 1 chipset, and will probably also be used in the iPhone 14.

Stingrays rely on an initial login phase between phones and cell towers that doesn't have any authentication involved, according to Wired. Mattias Huber, a senior software engineer at Qualcomm, says that while carrier authentication does eventually kick in, a lot of mischief can be made (and data collected) before it does.

Spoof cells can now be run on $1,000 boxes easily available in China, and criminals there use them to trap phone users, pass them fake messages, and steal money, Huber says. For example, a criminal gang could plant a fake cell at the edge of a small airport. When travelers turn off airplane mode after landing, phones attach to that cell, which would pass them a fake SMS from “their bank” to harvest their login information before handing them over to a “real” cell.

The anti-spoofing tech runs entirely on the modem, never even going out to other parts of the chipset, and it uses heuristics to find what it considers suspicious activity coming from a cell. For instance, a cell that tries to drop a phone from 4G to 2G and then pass an SMS before proper authentication may be suspicious. Those cells then either get deprioritized, so your phone tries to use absolutely any cell before that one, or barred entirely.

While previous modems had this technology for up to 4G connections, the X65 extends anti-spoofing to 5G, Huber says.

An evil cell (detected at right) tries to pass evil SMS messages (at left.)

How About the Cops?

Stingrays are also commonly used by government security services to keep tabs on people. Huber says they're frequently found at airports and borders, sucking up identifying data on phones entering a country. These Stingrays are generally more passive—they won't try to phish you—but that's not out of the question, especially in espionage or anti-dissident scenarios.

Stingrays are commonly used by law enforcement in the US and don't require a warrant to use, although a new bill may change that, BuzzFeed reported earlier this year. The bill is stuck in committee.

If the government in question has obtained security keys from local wireless carriers, there's not much Qualcomm can do, Huber says. The X65's anti-Stingray tech relies on cells not having the authentication keys that tie them to wireless carriers' SIM cards. Criminals with retail units won't have those; a national government's security service probably will. (The security service can probably also just surveil the data within a carrier's core network, reducing the need for Stingrays.) Local cops? Not sure.

5G anti-spoofing tech needs to be configured by phone makers as well, Huber points out. It will be available as an option on 2022 flagship phones, if phone makers choose to enable it.