recentpopularlog in

pierredv : imsi-catchers   13

Israel accused of planting mysterious spy devices near the White House - POLITICO, Sep 2019
"The U.S. government concluded within the past two years that Israel was most likely behind the placement of cellphone surveillance devices that were found near the White House and other sensitive locations around Washington, according to three former senior U.S. officials with knowledge of the matter."

"Washington is awash in surveillance, and efforts of foreign entities to try to spy on administration officials and other top political figures are fairly common. But not many countries have the capability — or the budget — to plant the devices found in this most recent incident, which is another reason suspicion fell on Israel."
cyber-spectrum  IMSI-catchers  spying  surveillance  Israel  Politico 
16 days ago by pierredv
City-Wide IMSI-Catcher Detection - SeaGlass
"SeaGlass is a system designed by security researchers at the University of Washington to measure IMSI-catcher use across a city."

"For more details on the SeaGlass sensors, data collection system, detection algorithms, and results see our technical paper published at Privacy Enhancing Technology Symposium 2017" https://seaglass-web.s3.amazonaws.com/SeaGlass___PETS_2017.pdf
UW  surveillance  cellular  security  cyber-spectrum  IMSI-catchers  StingRay 
16 days ago by pierredv
[1510.07563] Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems, Aug 2017
Altaf Shaik, Ravishankar Borgaonkar, N. Asokan, Valtteri Niemi, Jean-Pierre Seifert

Abstract

Mobile communication systems now constitute an essential part of life throughout the world. Fourth generation "Long Term Evolution" (LTE) mobile communication networks are being deployed. The LTE suite of specifications is considered to be significantly better than its predecessors not only in terms of functionality but also with respect to security and privacy for subscribers.
We carefully analyzed LTE access network protocol specifications and uncovered several vulnerabilities. Using commercial LTE mobile devices in real LTE networks, we demonstrate inexpensive, and practical attacks exploiting these vulnerabilities. Our first class of attacks consists of three different ways of making an LTE device leak its location: A semi-passive attacker can locate an LTE device within a 2 this http URL area within a city whereas an active attacker can precisely locate an LTE device using GPS co-ordinates or trilateration via cell-tower signal strength information. Our second class of attacks can persistently deny some or all services to a target LTE device. To the best of our knowledge, our work constitutes the first publicly reported practical attacks against LTE access network protocols.
We present several countermeasures to resist our specific attacks. We also discuss possible trade-offs that may explain why these vulnerabilities exist and recommend that safety margins introduced into future specifications to address such trade-offs should incorporate greater agility to accommodate subsequent changes in the trade-off equilibrium.
IMSI-catchers  StingRay  4G  LTE  cyber-spectrum  Arxiv 
16 days ago by pierredv
China Arrests 1,500 People for Sending Spam Text Messages from Fake Mobile Base Stations, Mar 2014
"Chinese authorities have detained a total of 1,530 suspects in a crackdown on spam text messages being sent by illegal telecoms equipment, according to Chinese news agency ECNS. Over 2,600 fake mobile base stations were seized and 24 sites manufacturing illegal telecoms equipment shut down as part of a massive nationwide operation involving nine central government and Communist Party of China departments."
spam  spoofing  IMSI-catchers 
21 days ago by pierredv
Protecting 5G against IMSI catchers - Ericsson Jun 2017
"IMSI catchers are devices used to intercept wireless traffic and trace subscribers by their long-term identifiers (IMSIs). While the phenomenon is often exaggerated, IMSI catchers do pose a threat to subscriber privacy. On-going 5G standardization done in 3GPP is a golden opportunity to improve subscribers’ privacy by constructing a protocol architecture that protects against IMSI catchers."

"The mobile device needs to transmit its long-term identifier IMSI to the network at times. The concept we propose builds on an old idea that the mobile device encrypts its IMSI using home network’s asymmetric key before it is transmitted over the air-interface."
Ericsson  cyber-spectrum  5G  IMSI-catchers  spoofing 
may 2019 by pierredv
Fighting IMSI catchers: A look at 5G cellular paging security - Ericsson May 2019
"The latest 5G standard includes several new privacy safeguards against IMSI catchers or Stingrays. By design, the new standard protects against privacy attacks in the UPLINK (through a concealed long-term identifier called SUCI). In addition, it also ensures the privacy of paging message distribution in the DOWNLINK. This latest built-in privacy enhancement is the joint effort of many working groups across 3GPP and mitigates the risk of the newest 5G-capable devices being identified or tracked via, for example, side-channel information in 5G cellular paging protocol."

"In one of our earlier blog posts, we wrote about protecting 5G against IMSI catchers, which is a significant privacy enhancement introduced for the 5G standard in the UPLINK direction. . . . In this blog post, we introduce the 5G standard's DOWNLINK privacy enhancements, specifically in the 5G cellular paging protocols."

"While in 4G paging timing was determined based on a long-term identifier (called IMSI), now in 5G they are determined based on a temporary identifier (called 5G-S-TMSI). . . . The effect of this change is that it becomes infeasible for an over-the-air attacker to deduce information about a device's long-term identifier by monitoring the air interface and detecting which paging occasions the device is monitoring. "

"While in 4G, the paging identifier could be either a long-term or a temporary identifier, on 5G networks, it can only be a temporary identifier."

"While in 4G, it is optional to refresh the temporary identifier - the S-TMSI - after paging, on 5G networks it becomes compulsory to refresh the 5G-S-TMSI. "
Ericsson  5G  cyber-spectrum  IMSI-catchers  surveillance  cybersecurity 
may 2019 by pierredv
New security flaw impacts 5G, 4G, and 3G telephony protocols | ZDNet, Jan 2019
"A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards."

"Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols."

According to "a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year. ..., the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks."

"Instead of intercepting mobile traffic metadata, this new vulnerability reveals details about a user's mobile activity, such as the number of sent and received texts and calls, allowing IMSI-catcher operators to create profiles for each smartphone holder."

"For example, two other academic studies from French and Finnish researchers also found that IMSI-catcher attacks are still possible against the upgraded 5G-AKA protocol, despite 3GPP's claims."
ZDNet  cyber-spectrum  cybersecurity  spectrum-vulnerability  3G  4G  5G  StingRay  IMSI-catchers  3GPP 
february 2019 by pierredv
New App Detects Government Stingray Cell Phone Trackers - Slashdot - Jan 2015
"SnoopSnitch scans for radio signals that indicate a transition to a stingray from a legitimate cell tower. "SnoopSnitch collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates." say German security researchers Alex Senier, Karsten Nohl, and Tobias Engel, creators of the app which is available now only for Android. The app can't protect people's phones from connecting to stingrays in the first place, but it can at least let them know that there is surveillance happening in a given area."
SDR  hacking  cellular  IMSI-catchers  Stingray  Slashdot 
august 2016 by pierredv
How To Detect And Find Rogue Cell Towers | Hackaday Aug 2016
"From what we saw at HOPE in New York a few weeks ago, we’re just months away from being able to put a femtocell in a desktop computer for under $3,000. In less than a year, evil, bad hackers could be tapping into your cell phone or reading your text message from the comfort of a van parked across the street. You should be scared, even though police departments everywhere and every government agency already has this capability."
"For the last few months [Eric Escobar] has been working on a simple device that allows anyone to detect when one of these Stingrays or IMSI catchers turns on. With several of these devices connected together, he can even tell where these rogue cell towers are."
"To build his rogue-cell-site detector, [Eric] is logging this information to a device consisting of a Raspberry Pi, SIM900 GSM module, an Adafruit GPS module, and a TV-tuner Software Defined Radio dongle."
SDR  Hackaday  cellular  IMSI-catchers  Stingray  hacking 
august 2016 by pierredv
Hacker Spoofs Cell Phone Tower to Intercept Calls | WIRED Jul 2010
"A security researcher created a cell phone base station that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear."
Only works for 2G GSM
SDR  cellular  IMSI-catchers  Stingray  Wired  GSM  hacking 
august 2016 by pierredv
This machine catches stingrays: Pwnie Express demos cellular threat detector | Ars Technica Apri 2015
At the RSA Conference in San Francisco today, the network penetration testing and monitoring tool company Pwnie Express will demonstrate its newest creation: a sensor that detects rogue cellular network transceivers, including "Stingray" devices and other hardware used by law enforcement to surreptitiously monitor and track cell phones and users.
ArsTechnica  cellular  hacking  IMSI-catchers  Stingray 
august 2016 by pierredv

Copy this bookmark:





to read