The technology can be as small as a suitcase, placed anywhere at any time, and it's used to track cell phones and intercept calls.
The News4 I-Team found dozens of potential spy devices while driving around Washington, D.C., Maryland and Northern Virginia.
"While you might not be a target yourself, you may live next to someone who is. You could still get caught up," said Aaron Turner, a leading mobile security expert.
The device, sometimes referred to by the brand name StingRay, is designed to mimic a cell tower and can trick your phone into connecting to it instead.
[[482974551, R,310,413]]
The News4 I-Team asked Turner to ride around the capital region with special software loaded onto three cell phones, with three different carriers, to detect the devices operating in various locations.
"So when you see these red bars, those are very high-suspicion events," said Turner.
U.S. & World
Stories that affect your life across the U.S. and around the world.
If you live in or near the District, your phone has probably been tracked at some point, he said.
A recent report by the Department of Homeland Security called the spy devices a real and growing risk.
And the I-Team found them in high-profile areas like outside the Trump International Hotel on Pennsylvania Avenue and while driving across the 14th Street bridge into Crystal City. The I-Team got picked up twice while driving along K Street — the corridor popular with lobbyists.
"It looks like they don't consider us to be interesting, so they've dropped us," Turner remarked looking down at one of his phones.
Every cellphone has a unique identifying number. The phone catcher technology can harness thousands of them at a time.
DHS has warned rogue devices could prevent connected phones from making 911 calls, saying, "If this type of attack occurs during an emergency, it could prevent victims from receiving assistance."
"Absolutely. That's a worry," said D.C. Councilwoman Mary Cheh, adding that the spy technology should be a concern for all who live and work in the District.
The I-Team's test phones detected 40 potential locations where the spy devices could be operating, while driving around for just a few hours.
[[482974891, C]]
"I suppose if you spent more time you'd find even more," said Cheh. "I have bad news for the public: Our privacy isn't what it once was."
Especially in her ward, where many of the streets are lined with embassies.
"They're doing the interrogation, or [checking] who we are, and then the white bar represents when they release us," Turner said as he demonstrated his technology.
The phones appeared to remain connected to a fake tower the longest, right near the Russian Embassy.
The I-Team got picked up twice off of International Drive, right near the Chinese and Israeli embassies, then got another two hits along Massachusetts Avenue near Romania and Turkey.
All of those countries have the phone catcher technology, Turner said.
[[482974501, C]]
"You know governments do this to each other all the time and laws-schmaws," said Cheh.
Which is a problem.
The spy technology poses a risk to national and economic security, but there's little our government can do to stop devices located on foreign soil.
"A law that we had could not tell these embassies what they can and cannot do," said Cheh.
The phone catchers can also be combined with other technology to listen-in or grab data from phones that are connected, Turner said.
"Most people don't know about it," said Alan Butler, senior counsel for the Electronic Privacy Information Center.
"There's no magic software or setting that protects you from these," Butler said.
Butler is also a D.C. resident.
"There's a lot to be concerned about," he said.
Particularly since DHS hasn't disclosed how many devices it found or where. The agency also said it did not determine who was operating them, which Butler finds unacceptable.
"I think they should be taking the time and investing the resources to identify them and to flag them to the carriers and find ways to either have them taken down or have them blocked," he said.
Turner said cell carriers can't completely secure our phones because they have to allow for law enforcement access. Plus, even the oldest phones must be able to reach 911, so low-tech vulnerabilities can't be closed.
"I don't think there's a magic fix here," said Turner. "I don't think Congress can mandate anything to say, Hey, carriers do this right now."
The good news is about half the devices the I-Team found were likely law enforcement investigating crimes or our government using the devices defensively to identify certain cellphone numbers as they approach important locations, Turner said.
The I-Team test detected devices in operation near Langley, the Pentagon and Fort Myer, but also found them in residential areas like Bethesda's Kenwood neighborhood, near Palisades in DC and along Old Dominion Drive in McLean, which Turner said raised questions.
"Maybe someone is involved in high-level negotiations on a business deal, or maybe it's a government employee involved in a regulatory ruling," he said, adding that he's heard of the devices being used in a corporate espionage situation, which is illegal under United States law.
You can't control which tower your phone attaches to, Turner said, so you can't avoid being caught by a device.
So if you've ever wondered why you just can't make a call from inside your home or office: "It could be why," said Turner. "[It's] a good reason to have a land line."
But you can protect your calls and texts by downloading free calling and texting apps that use encryption instead of using the standard ones that come installed on your cellphone, he said.
Reported by Jodie Fleischer, produced by Rick Yarborough, and shot and edited Jeff Piper.