BlackBerry – which stopped making smartphones in 2017 – is now focusing on developing software for “government-grade” communications and says hackers are using devices that emulate an antenna or a tower to intercept cellular messages.

Texas-based Zimperium – which has built a mobile threat defence shield in Canberra – has also warned of the new hacking method which it has detected at various locations around Australia, including airports.

Zimperium has also warned that hackers are also using a simple device that can be bought on eBay for $20, to create fake Wi-Fi networks to steal data to stage Medibank-style breaches, detecting hundreds of attacks across Australia each day.

David Wiseman, head of BlackBerry’s secure communications unit, said like fake Wi-Fi networks, setting up an impostor cellular network was relatively cheap.

“It’s actually not that hard to have a fake cellular network. For a few thousand you have a box in the back of a car that’s going to intercept cellular messages and cellular calls,” Mr Wiseman said.

“It’s basically emulating an antenna or a tower for a couple of hundred metres. And that’s one of the reasons why people also need to think about how they protect their communications as well as the device.”

What is a dirtbox?

Fake cellular towers have been used to hack communications for some time – not just by bad actors but also governments to spy on their citizens.

The US Justice Department has used devices known as “dirtboxes” fitted on planes that mimic cell towers to scoop up data from thousands of mobile phones.

The Wall Street Journal revealed in 2014 that the US Marshals Service program operated Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the US population, according to people familiar with the program.

Mr Wiseman said government and corporate users often use software to encrypt their communications. But he said the metadata – “the fact that you and I are communicating” – also needs to be encrypted.

“There’s a lot that can be learned from an intelligence perspective just from the metadata, and so we actually embed that into our encrypted tunnels as well, along with all the continuous identity checks.”

BlackBerry is also using artificial intelligence to fight AI-based attacks as well as “mobile fortification” to provide security on devices “wherever people are working”.

“We’re in our sixth generation of our AI machine learning based model for malware. So we have billions of examples of malware that we’ve used to train that model, and so we’re actually able to stop attacks, even if it’s something that the first time it’s ever been seen.

“Some of the new attacks that come out today, we’ll test them with our engine from 2015 and it stops them as well.”

According to BlackBerry’s latest quarterly global threat report, it stopped 67,001 attacks in Australia, and the nation ranked fourth globally in the amount of new and novel malware detected.

What to look out for

Zimperium regional sales manager Simon Scaife said most users would not know they were connected to a fake cellular tower, underlining the need for malware detection software.

“Once you see your phone connecting, whether it’s Telstra, Optus, Vodafone or it doesn’t matter which telco, but it’s somebody who is rebroadcasting that signal using cellular equipment,” Mr Scaife said.

“Your phone believes it is the correct network. The phone is not set up to detect that.

“It’s effectively that man in the middle so they can then intercept communications at a cellular level, much like they do with Wi-Fi.”

But there could be some subtle signs.

“There might be things,” Mr Scaife said.

“If your call is dropping out abnormally in an area that typically has good signal reception … and assuming you’re taking a look at the phone, you’re looking at the signal strength, you’re looking at the carrier.

“Potentially you could see it, but you’d have to be monitoring it closely.

“So there might be things that you think ‘maybe I stood in a dark spot, or maybe there was something abnormal that happened. But people wouldn’t typically pick it up without detection software on that device.”

Originally published as Criminals hacking into phones using ‘dirtboxes’ in backs of cars to create fake mobile towers