By pure chance, I had a lengthy conversation at this year’s Mobile World Congress with a man whose previous job had granted him intimate knowledge of the venue and what is involved in erecting and tearing down a vast number of exhibition stands within just a few days. This started me thinking about how easy it would be to use an event of this type to spy upon elite decision-makers. I was already annoyed by the inconsistent policy towards security; why would I be carrying a bomb on the second morning when nobody bothered to check the contents of my bag the day before? Do the staff who perform these searches even know what they are supposed to be looking for? A portable base station can look like a bomb to the untrained eye and there will be lots of equipment at an event like MWC whose purpose will be a mystery to most of the public. Meanwhile, a rogue base station used for espionage would not even need to be brought inside; it could just be driven around the perimeter.
We know that Europe has a growing problem with rogue base stations, though much of the problem is that telcos and police forces are not trying to find them. No SMS blasters have been reported in Spain so far, while neighboring France has only just completed a legal process that began with the police accidentally discovering an SMS blaster in late 2022. The two leaders of that French SMS blaster gang received 5-year prison sentences for orchestrating the transmission of millions of smishing messages, while a Chinese salesman received a 4-year sentence for supplying four SMS blasters. However, the advantage with hunting SMS blasters is that they draw attention to themselves by sending messages to members of the public who may report them. More proactive methods are needed to protect against rogue base stations that covertly collect data. So I asked my friends at NeoSoft AG, one of the exhibitors at MWC, to perform a quick experiment. NeoSoft is a Swiss firm that sells software and equipment to identify and pinpoint rogue base stations like SMS blasters and IMSI-catchers. I asked them if they would do a quick check to see if there were any unexplained radio telecommunications signals emanating from within the exhibition hall. The experiment was successful, in the sense that it only took a few minutes for them to hunt down a mystery device. They kindly provided a video to illustrate how their handheld detector measured the strength of radio signals as they walked around; you can see it below.
Nobody is suggesting any laws or rules were broken by the device that NeoSoft located. However, I hope the video does make people think about privacy. More and more people are arguing that we need more software on phones to listen to calls and to read messages, more global databases to monitor the reputation of phone numbers and to track who is calling whom. None are serious about vetting the people with access to this data, or are putting the necessary effort into setting enforceable limits to prevent these developments being abused. But as I said to Neosoft when discussing different kinds of customers for their products, there are even people who will pay to ensure there are no IMSI-catchers spying upon them.
One of the challenges with maintaining Commsrisk’s global SMS blaster map involves evaluating claims made the authorities about whether a rogue base station is being used to disseminate scams or to threaten security in a different way, such as interference by a foreign power in democratic elections. Not many people within the comms industry care about the potential abuses of comms equipment, so long as the regulatory ‘burden’ is always minimized, which is rather like another industry not caring how many children get shot while attending school, so long as nothing inhibits the sale of guns and ammunition. The difference is that an increasing number of guns encourages more people to buy guns to protect themselves, while the increasing abuse of comms services discourages people from using their phones. A little bit of regulatory ‘burden’ would slow the decline of telco revenues by curbing the worst abuses by the worst abusers, but there are so many inherently abusive telcos that it is difficult to reach consensus on even the most minimal standards for consumer protection.



