I imagine a big problem would be that, once you find one, it could be quite difficult to establish who put it there - it could easily be another law enforcement group (who might not be so willing to disclose that fact, depending on who it is).
While passive listening operations are a favorite for embassies, I suspect that operating unlicensed transmitters would be a diplomatic no-no.
Quick fix: on a utility pole just off embassy grounds, mount a box that simulates thousands of cell phones flooding their their IMSI catcher with mad passionate connection requests.
Without studying the problem, I assume that those IMSI catchers require some kind of real cell access in order to pretend to be a cell tower. If they’re not hacking access, then probably an account on a burner SIM. Burn those accounts, and keep burning them.
This calls for the cone of silence!
Yeah, dropping a strike team in quinjets, only to be intercepted by their quinjets, so embarrassing!
Well, spying on each other should tie up some of the TLAs resources, so we have got that going for us.
I simply assume that ‘they’ have plenty of resources and that nothing is being tied up nor slowed down. It seems a safe assumption.
when we worry about it it’s unfounded paranoia, however…
Why not close down their embassy and remove the device? I mean we are talking about blatant interference with domestic communications after all. No need for the kidd gloves.
Mozilla Location Service has all this data already, and likely many copies over time (there are people like me that run Mozilla Stumbler daily whenever they go somewhere) so that the comings and goings of rogue towers should be there for whoever can get them to part with the data.
A user-supported distributed war-drive is even better, but that’s a last resort if the Stingrays were perfect mimics, which I don’t think is possible.
It’d be nice to know which of those detector apps have been fixing their bugs since that test last year. (It must be a pain to do a proper QA cycle when you don’t have your own IMSI to test against.)
The best solution would be an open source app that has the option of reporting the location of IMSI hijack attempts, and build a plague map of locations.
The best that could come out of this would be for industry to adopt, or the Feds to mandate, real, provably secure connections between wireless carriers and their devices.
Then again…
I must be missing something or are cell towers not authenticated by their network?
According to NIST(hopefully not the same part that handled standardizing backdoored encryption) (section 3.6 “Backhaul Security” starting on page 26; and 4.2 “Rogue Base Stations” on page 30) authentication between the towers and the core is supposed to happen; but with some caveats that are probably used as brood lairs by the devils that inhabit the details: eg.
“According to the LTE technical specifications 33.401, confidentiality protection is also optional between eNodeBs and the Evolved Packet Core S1 interface. 3GPP specifies that the use of IPsec in accordance with 3GPP TS 33.2104 NDS/IP should be implemented to provide confidentiality on the S1 interface but the specification goes on to note that if the S1 interface is trusted or physically protected, confidentiality protection is an operator option. ‘Trusted’ or ‘physically protected’ are not further defined within the 3GPP specification.”
Those quotation marks around ‘Trusted’ and ‘physically protected’ are technically valid since the writer is quoting from another standards document; but you can practically see the writer making the scare-quotes gesture and then sighing resignedly as they note ‘are not further defined’.
Snark aside, the TL;DR is “the towers are supposed to use IPSec; hopefully they keyed them with due care”
(edit: speaking of heavy authorial sighing: " LTE specifies a ciphering indicator feature in 3GPP TS 22.101 [6]; this feature is designed to give the user visibility into the status of the access network encryption. Unfortunately, this feature is not widely implemented in modern mobile phone operating systems. " Dropping an overt value judgement into a summary of a set of standards documents is, given genre conventions, getting pretty worked up.)
thank you.
Didn’t one of Grimm’s fairy tales kind of cover the same ground (except involving a cat and a mouse)?
Cones? A case of the prop-makers not being on the same page as the writers.
Probably. I’ve heard three or four different variations.
This topic was automatically closed after 5 days. New replies are no longer allowed.