The U.S. government has publicly acknowledged for the first time there are devices in Washington, D.C., that foreign spies and criminals can use to track cellphones, eavesdrop on calls, and plant malware on cellphones, the AP reports.

Why it matters: This can leave cellphones, even if they are using encrypted methods of communication, vulnerable to eavesdropping. And it may be a national security threat, per Christopher Krebs, the DHS official who heads up the National Protection and Programs Directorate and who drafted the letter.

• In 2014 during a sweep, these spying devices were found near the White House, the Pentagon, the Supreme Court, and the Commerce Department. But Krebs wrote the DHS lacks the funding and equipment to detect Stingrays.

How we know the government is acknowledging: The AP obtained a letter and documents the Department of Homeland Security sent to Sen. Ron Wyden Mar. 26 acknowledging it knew of the existence of the devices, known as Stingrays, last year.

• The unknowns: DHS had not yet determined the kind of devices in use, who operates them, how many there are, and where they are.

How they work:

• Stingrays are cellphone-site simulators that trick cellphones into locking onto the devices instead of onto cell towers, which reveals the cellphone’s location. Some other sophisticated versions can eavesdrop on calls by bringing cellphones down to unencrypted 2G wireless technology. Other versions try to plant malware.
• They are about the size of a briefcase and can be placed near a government building or a car. Some can be deployed in aircraft.

Background: The FCC began authorizing these devices to local, state, and federal law enforcement in 2011. A task force operating through the Federal Communications Commission (FCC) used to meet four years ago, but it no longer meets regularly and it never produced a report on this spying.