Lawyers are responsible for maintaining the confidentiality of their clients, but does that extend to scanning for IMSI-catchers in the vicinity of their offices? A press release from privacy-conscious comms business Efani suggests it does.
“Imagine setting up an IMSI catcher outside a law firm that handles acquisitions and mergers to track who enters the building,” asks Mark Kreitzman, General Manager of Efani. IMSI catchers are cell tower spoofing devices that can identify mobile device information, record cellular phone calls, capture SMS, and more, and do it without being detected. Mark adds, “These hacking devices are illegal but nearly impossible to identify the hacker, and it could be an insider as seen in TV shows like Mr. Robot where they used a cell tower spoofer to spy on the FBI.”
I like privacy as much as the next man, but this sounds unusually paranoid. And what exactly should lawyers do about protecting themselves from IMSI-catchers?
Efani crowdsourced the solution design from their existing law customers. Efani provides a standard mobile service they call the SAFE plan, which comes with SIM swap security and insurance. The second component is the new Efani Black Seal data-only plan which comes with detection and protection against cell tower spoofing, DNS hijacking, and more. The third component is their VoIP app which will provide a second mobile number for encrypted voice and messaging. The VoIP part of the solution can be used for the law office to communicate internally with fully encrypted voice and messaging end to end, as well as extend the VoIP app to their high-profile customers where data privacy and security are required.
The details are often vague, but the more I read about Efani’s approach, the more it sounds like the kind of privacy tech used by organized criminals to prevent the police from snooping on their messages. Efani has previously focused on making sales to cryptocurrency investors worried about SIM swaps. When they promise protection from the kinds of snooping methods usually deployed by state-backed hackers, or by fictional characters in Mr. Robot, it suggests that either they believe the US authorities do not respect the law, or they are looking for customers who feel the same way.
But perhaps Efani are right to be concerned about surveillance using IMSI-catchers. A recent audit by the Department of Homeland Security found that several US agencies had illegally used IMSI-catchers to gather information.
