he says… on the internet.
2 Likes
so what you’re saying is that you don’t know. got it.
may i point out the irony of your wanting the FCC to do what you want, independent of the letter of the law, in order to protect you from the government?
1 Like
I wonder how these towers compare to boosters/repeaters that you can buy for your home or workplace to improve signal. Does the firewall know the difference?
We have an internal GSM network here at work for customers and employees, especially since everyone seems to use the company corporate discount with AT&T and the buildings really attenuate the signal from the outside towers. They have legit-sounding names when you burrow down into the Android settings on my phone and appear as normal cell towers.
From my understanding of the microcells you get for home use must be explicitly told it which devices may use the service so your neighbors don’t leech off your internet bandwidth to use their cell phone. I would probably have some firsthand experience with those if AT&T hadn’t finally put a new tower about a quarter mile from our house.
With regards to the whole topic at hand, my wife and I take a lot of cruises, and visit a lot of the same ports. One particular trip in Grand Cayman at the cruise terminal and port the cell service dropped from “3G” to “G” and when I dug into my phone (then, a Galaxy Nexus) the WAP I was connected to had only “X1” for a name. There were other WAPs I could see, but this one was the strongest. Once we got away from the port on our excursion, both of our phones went back to normal 3G/H service there. We went back again in March and nothing similar happened (still didn’t have LTE that trip, though).
Reading this makes me wonder who was in the port area that day and who they were interested in. There was a lot of traffic in the port that day, loads of cruise and merchant ships, and easy access to a metric ton of banks. (We used to joke with people that we took cruises so we could check on our bank accounts in the Caymans.)
the firewall checks for features and protocols offered by the base tower, fairly aggressively (i.e. it probes the logic, and doesn’t just trust the flags). so it comes down to whether the repeater offers these features. i suspect that most of them don’t. you could give your own repeater a unique name and (probably) whitelist it, if you’re cool with that.
this is exactly why i asked if it actually is an offense to run an unsecure cell tower. i doubt that it is.
At the very least they’re probably in violation of airspace agreements. Basically they’re squatting on frequencies that are technically owned by someone else. This is the sort of thing that the FCC might actually get involved with, but it requires that someone make a complaint first. The FCC only operates on complaints.
I am also completely unsurprised by this revelation. Baseband is written by hardware manufacturers and then locked away from the public and runs completely independently of the OS on the phone. It’s pretty much guaranteed to be a security nightmare.
1 Like
Dumb question: does the lack of response from the iPhone mean iOS is more, or less, secure?
Less. The point is that the baseband is insecure, so you want your phone to notify you when something suspicious is going on. The iPhone fails to do this.
Good toy, I approve.
What about an Android app that would crowdsource the locations and signal strength (and crypto features) of towers, and alert users to any anomalies? I can see the map produced, as a set of colored blobs with color assigned to tower ID and intensity/transparency to signal strength. Points from individual phones would then make fairly detailed maps. (The data would have to be anonymized, to preserve the privacy of the subscribers. Maybe pseudonymized, with time-limited randomly assigned nyms, to allow filtering of malicious actors?)
There will be false alarms in places with high concentration of people (sport events, etc.) where operators routinely set up mobile BTS stations, which naturally do not appear on “legitimate” maps obtained during “standard conditions”. Signal-strength tracking will however be able to pinpoint their location. We have to count with those. Especially in case of protests/demonstrations a good will of the carriers may be misinterpreted as bad acting of the law enfarcement. (Or vice versa.) Luckily there are likely more behavioral signatures of the rogue nodes (names, frequencies, crypto…?) that we could detect and leverage.
For experiments with one’s own hostile BTS, there’s the OpenBTS project out there, leveraging software-defined radio. (And if it would be happy enough with half-duplex, the $300 HackRF thingy should be sufficient for it.)
i don’t know about that. i thought that the whole point of cell towers was that they were kind of an ad-hoc network; anyone could build and maintain one, and it would sync with neighboring towers, whence the name “cellular”. having strong “airspace agreements” seems weakly incompatible with this setup, which is why i am very suspicious about the claim that it’s illegal to offer crappy cell service. maybe it should be, but some operators (who are offering shoddy but legitimate cell service to rural areas), and their customers could be seriously inconvenienced or ruined.
Anybody can set up a tower, but if you’re going to broadcast over the air you need to license the spectrum. The FCC holds spectrum auctions from time to time, a tiny slice in a good neighborhood (like 700Mhz) will go for a few billion dollars–insuring that only big abusive carriers get to play.
There are regional bandwidth auctions that are a fair bit cheaper, but still not something any random Joe Blow can afford. If you are off on some weird piece of spectrum then phones won’t see your tower and won’t use it.
But like I said, the FCC’s enforcement division operates entirely on complaints, and if nobody knows their phone is being hacked then they won’t complain.
1 Like
so, what is the incentive to run these pirate towers? are they all nefarious, and if so, how do they profit on the evil? or are they sketchy deals by municipalities who don’t mind flagrantly violating federal law?
These are probably being run for nefarious purposes.
However, I wouldn’t count out simple misconfiguration for some of them. Cell companies are made up of people, and sometimes people just suck at their job and/or don’t care. It’s not impossible that some of the towers are simply malfunctioning too, like its configuration information is corrupt and it’s running in a default mode that is insecure. I don’t know enough about the towers to know if this is a legitimate possibility, but it doesn’t seem crazy on its face.
1 Like
unreasonable search and seizure having mostly to do with legal admissibility., when there is no intent to build a case with the information I rather suspect those ‘rights’ of ours go immediately out the window faster than you can say waterboard.
I am sure the DoD finds that idea quaint.
What I am saying is that the government very much so digs into your phone while on base, at least one I know of for certain. e.g. the Naval War College, which is one of the facilities which operates false-towers such as this. Granted, a huge number of the attendees there are from away. But I am equally sure that the FCC does not have much authority on those grounds.
stringent regulations and surveillance on a military base. shocking, really.
btw, the “attack the baseband radio in your phone and use it to hack the OS” bit is pure Doctorowian hyperbole; i hope you’re not taking it too seriously. you can’t magically haxx0r a phone through the radio anymore than you can through the wifi, bluetooth, or usb.
That depends, on the architecture of the interconnection between the baseband processor and the main CPU. Some phone models apparently have these two chips wired to share too much of resources (memory? flash?), and/or the baseband procesor has ability to access some of the shared resources in a way that can facilitate injection of malicious code. Think about them like two computers on the same LAN, with mutual trust assumption. Compromise one and, if the architecture is not secured against this kind of exploits, you are on the way to compromise the other.
And there are exploits to inject through the USB. Beware of malicious charging stations.
Then there’s the old art of bluejacking/bluesnarfing/whatever are the newer methods called, for guess what.
And then there’s the family of wifi-based attacks. Not sure how it goes with attacking the phone itself (depends on what apps listen on what ports, if any), but you can do a mighty MITM and then you have all the vulnerability landscape of at least the browser.
So, it is kind of complicated…
1 Like
There’s no meaningful irony - it’s like the “irony” of wanting cops to catch robbers - the fact that you are asking men (cops) to stop men (robbers) has little irony, and it’s no different when both hacker and ombudsman are government, wanting an agency to reign in an agency. Part of the purpose of government is muscle, and part of the purpose is protection. Carry a big stick, and have checks and balances.
retchdog:
so, what is the incentive to run these pirate towers?
The article implies that they are simply dragnets, scooping up all the activities of any passing phones and collecting the results for their shadowy masters.
The specific interests would vary depending on who the masters are. Some may have an interest in the internal affairs of other peoples corporations, others may monitor employee traffic to check for disloyal attitudes or activities, others may be collecting identities to use to create professional quality fake ids, and there are of course your run of the mill blackmail, parallel construction, and financial theft.
