Originally published at: https://boingboing.net/2018/11/16/grgsm_livemon.html
…
What kind of shenanigans could I get up to with this?
Is this really all the functionality that the cops get with Stingrays?
Is doing this illegal? It seems like it would be, but I don’t know. You’re not really doing anything except catching unencrypted radio waves.
You’re doing a little more than that.
If it works like a Stingray, then the cell phone connects to it and disconnects from the real cell phone tower. At that point, the phone can’t send or receive over the cell channel. While not exactly the same thing, this feels a little like a jammer in that it interferes with the ability of the cell phone to function.
Unless I’m missing a step, this isn’t a DIY Stingray. As it doesn’t have a transmitter, this is more of a IMSI sniffer than a catcher. An IMSI-catcher acts as fake cell phone tower to “catch” phones.
Essentially a “fake” mobile tower acting between the target mobile phone and the service provider’s real towers, it is considered a man-in-the-middle (MITM) attack.
Going that extra, but illegal, step from this probably isn’t a major problem.
I agree. The BB headline is misleading.
A fully implemented Stingray creates a functioning cell site that carries traffic to and from a target device. The target can retain functionality, but the Stingray user can read all the data, messaging, location info, and hear all the calls that are made on traffic carried through the Stingray.
If a full blown Stingray is equivalent to a phone & data tap then grabbing IMSI out of the air is more akin to a pen register with additional wardriving capabilities.
Not that people couldn’t get up to mischief with it.
Much like scanners back in the day, I’m sure lawmakers will jump into action and … make SDRs illegal or something.
I was going to express surprise that full-duplex sdrs were so much cheaper than when I last checked, but it sounds like they went receive only. Still, you could replicate a stingray for about $300, and that has been the case for years.
If I wanted to make the IMSI-catcher a bit more portable, I could theoretically run it on a Raspberry-Pi, a miniature computer you can buy for as little as $30 or cheaper, depending on what model you need. Note that the IMSI-catcher would still need to have Ubuntu on the Pi, which it is not traditionally designed for, but it is likely possible. I would also need to make sure the SDR is receiving enough power from the USB port.
Ubunto is definitely possible. (Although, so would moving a python program to Raspbian.)
For the power draw, have a decent power supply, and add max_usb_current=1
in /boot/config.txt
and that should be good. Make sure the red power LED stays on during operation.
Target a few senator’s families, and this gets fixed fast.
If the port can’t handle it you could add a USB power injector.
(Sorry for the double reply, just found this link worth sharing.)
Or maybe not use that tube-version SDR?
A RPI3 should deliver 1.2A with the current limit off, and I can’t imagine the SDR that would draw more. (I’ve never had any luck directly driving HDs. They probably have spiky transients.)
If by “fixed” you mean you get thrown in jail for doing it to someone who’s not little people.
often wondered if they use these for searching for missing hikers and the like. fly a helicopter over the area with something that can measure the signal from a person’s phone.
Who cares?
The feds don’t follow the law either.
Just don’t get caught!
No way!
This topic was automatically closed after 5 days. New replies are no longer allowed.