Originally published at: https://boingboing.net/2018/04/03/theyre-just-like-us-feds-fe.html
…
3 Likes
That whole encryption thing is starting to look pretty good right about now, eh Uncle Sam?
13 Likes
Hey, why not look on the bright side? Maybe it’s the Deep State monitoring the Trump administration!
5 Likes
What’s that? Enthusiastic proponents of the surveillance state are also its unintended victims, you say?
Well…
9 Likes
8 Likes
Law enforcement:
6 Likes
This is why we should leave backdoors in systems! Yeah! Good idea!
7 Likes
Seriously? It’s radio for ghod’s sake!
Granted most of the store apps for detecting IMSI are pretty bad, but the feds should have access to a map of all the legit cell towers in an area, making the rogues stand out like a sore thumb.
4 Likes
5 Likes
And we keep our tumbril’s axels greased.
2 Likes
Sure, but after you find out that most of them are on embassy grounds, then what?
2 Likes
FWIW, you, @scottslemmons, and I all seem to have registered at BB within a week of each other .
2 Likes
Just to be clear, are we talking about actual bad dudes, or the bad dudes who tell us they’re the good dudes?
3 Likes
I lost my password for who-knows how long, so I was mostly content to read. Decided to get the account reactivated sometime last month. So most of that time I was registered was basically the account sitting there like a lump. I’ve got all these BBS badges I probably don’t deserve… 
4 Likes
Have they considered “going dark”? A variety of Very Serious Law Enforcement figures have assured me that this is a technique of such terrible power for secrecy that the laws of mathematics must be amended to compensate; so it seems like it might work.
2 Likes
Unless there are as-yet-undisclosed flaws(not exactly implausible; but not the mechanism by which known stingrays work, a phone could be induced to avoid at least some of the attacks: at least with newer standards(LTE, yes, not quite sure how far back the cutoff goes) there is a round of mutual authentication between handset and tower; so someone running a stingray without access to the telco’s keying material wouldn’t be able to pass the authentication check. To avoid this, stingrays attempt to push handsets to fall back onto one of the earlier, vulnerable, specs(and to negotiate to using no, or very weak, encryption any traffic).
By default, phones tend to be set to silently seek out a signal, just about any signal; rather thank cutting your reception or popping up a bunch of alarming error messages about the encryption the tower has suddenly decided you won’t be using. I’d assume that, for an appropriate price, you could get phones that take the opposite approach and enthusiastically freak out in the presence of anomalies and absolutely refuse all but suitably recent, properly authenticated, tower activity. Again, with appropriate motivation for cooperation, you could also presumably get a feed of up-to-date ‘this is where our towers actually are’ from the outfit you are buying phone service from.
None of that stops passive eavesdropping, if it turns out that there is a vulnerability in the encryption used by the up-to-date and legitimate towers; nor does it prevent jamming; but raising an alarm rather than failing silently would be an option.
1 Like
Disabling roaming is a start.
The current gen of public apps for detecting IMSI don’t always catch a downgrade in service, although they weren’t being tested against real IMSI box, but against a white-box IMSI built by researchers.
I find it hard to believe that there aren’t competent apps for detecting that. In any event, if all else fails, a brute-force war-drive will map all the cell towers, subtract all the real ones and look at what’s left.
3 Likes
Yeah, the commercially available options aren’t too inspiring(and the abstraction that some basebands do doesn’t help matters). I was thinking more from the perspective of the feds in this case.
They would be more likely to have the bulk-buying to decree that any handset that wants to be considered as the standard work phone shall have certain features related to allowing administrators to control and observe roaming behavior; and would be more likely to have the financial and/or legal means to obtain legitimate tower data straight from their provider, a request that smaller customers would be unlikely to have much luck with; but one that would make detecting illegitimate ones easier.
