Think, for just a moment, about all of the personal information that you store on your smartphone or other mobile device. Not only do you have user accounts and passwords for the various services that you participate in, but you probably also have credit and debit card numbers, as well as other personal financial data. You’ve got conversations with friends and other loved ones. You probably have hundreds or even thousands of personal photographs, many of which are often personal and otherwise highly sensitive in nature.

Now, consider that even if you’re only talking about the United States, mobile hacking and cybersecurity in general is as worse as it has ever been. In 2015, for example, more than 177 million personal records were exposed across data breaches throughout the year. According to the experts at RevisionLegal, there were 89 cyberattacks all over the world during January of 2017 alone — affecting a massive 185 billion people. Not only does this indicate that the problem is as severe as it has ever been, it’s also likely one that will only get worse before it even has a chance of getting better.

Statistics like these are part of the reason that lawmakers in Washington, D.C., are so nervous about cellphone spying. But at the same time, nobody knows exactly how to address this particular problem. That, it’s safe to say, is certainly worth a closer look.

The State of Cellphone Spying Today

During a congressional hearing with a panel of cybersecurity experts that took place recently, one major theme kept rearing its ugly head again and again: There is just no easy way to detect the types of machines that hackers are using to secretly intercept calls, texts and other data coming to and going from cellphones. There were a number of recent reports that these types of devices — known as IMSI catchers — were even quietly operating near the White House, of all places.

Understanding that you have a problem is one thing. Actually doing something about it is another matter entirely. We know a great deal about the situation we now face, but until action is decided, EVERYONE’S communications are totally vulnerable.

These types of devices, also commonly referred to as StingRays or cell site simulators, essentially trick nearby cellphones into connecting to them as if they were a totally legitimate cell tower. For those unaware, as you travel across the country, your phone automatically connects to the closest tower in your area — that’s how you’re able to maintain a connection, even when you’re away from home.

The problem is that these StingRays act as a sort of “back door” into the phone, even if the device itself has not technically been compromised. That data needs to leave the phone, travel across the network and reach its intended recipient. If it does this by way of a StingRay instead of a legitimate cell tower, that device’s operator now has access to literally every kilobyte being transmitted. If that StingRay operator has malicious intentions, as most do, there’s potentially no limit to the amount of damage they can cause.

Challenges outlined at the hearing include the fact that catching an IMSI catcher — and its operator — in the act is an extremely hard thing to do, sort of by design. Equally complicating matters is the fact that all mobile users are vulnerable to these techniques — including the president of the United States. In the end, it’s determined that the best offense may actually be a good defense in this case. IMSI catchers work by forcing cellphones onto a less secure 2G network. If you take steps to disable 2G access on your phone (or own an iPhone that can’t connect in the first place), you’re more protected than you otherwise would be.

Regardless, it’s clear that one of the most important privacy battles of our time is playing out right before our eyes, and it’s one that we should all be paying as much attention to as possible for the foreseeable future.