zlacker

[parent] [thread] 18 comments
1. kennxf+(OP)[view] [source] 2020-06-02 14:25:46
Is there a way of legitimately detecting Stingrays? I understand this is the kind of situation where they are actively deployed despite all the social awareness.
replies(5): >>krageo+W >>swebs+s6 >>millzl+08 >>oasisb+18 >>LinuxB+mi1
2. krageo+W[view] [source] 2020-06-02 14:31:18
>>kennxf+(OP)
You can look up where the towers are and perform triangulation on the ones that you are connected to given multiple antennae. It'll cost you some hardware and you'll probably be writing some software also.

Another option can be just seeding a few phones around the area and have them report moving (or transient) towers.

3. swebs+s6[view] [source] 2020-06-02 15:01:16
>>kennxf+(OP)
I guess if you were to build a map of static cell towers, it would be easy to see if a new one suddenly pops up.
replies(1): >>jackha+1k1
4. millzl+08[view] [source] 2020-06-02 15:10:16
>>kennxf+(OP)
I remember a few apps that you could watch the towers in your area and be alerted or warned when new ones popped up. But one app needed to be trained to remember the towers in your area.

Something like this maybe? https://f-droid.org/en/packages/info.zamojski.soft.towercoll...

5. oasisb+18[view] [source] 2020-06-02 15:10:19
>>kennxf+(OP)
University of Washington researchers are working on this, their technique has used roaming car sharing vehicles and anomaly analysis:

https://seaglass.cs.washington.edu/

6. LinuxB+mi1[view] [source] 2020-06-02 21:06:25
>>kennxf+(OP)
Sweet talk a cellular network engineer into giving you the engineering firmware for your phone and a list of all the cell ID's.
replies(1): >>gruez+2k1
◧◩
7. jackha+1k1[view] [source] [discussion] 2020-06-02 21:17:48
>>swebs+s6
additional temporary "towers" are sometimes added when very high but transient network loads are anticipated (such as a music festival, or county fair, etc.). not all new towers are sniffers.
replies(1): >>g_p+nJ1
◧◩
8. gruez+2k1[view] [source] [discussion] 2020-06-02 21:17:52
>>LinuxB+mi1
stingrays can't spoof cell ids?
replies(1): >>LinuxB+mk1
◧◩◪
9. LinuxB+mk1[view] [source] [discussion] 2020-06-02 21:20:44
>>gruez+2k1
They can and do, but they and the other cell sites can't up and move around. All cell sites have multiple transceivers that are directional. Each site has a unique cell ID and each transceiver has a unique ID. Your phone has GPS. If you drive around, you can find out who doesn't belong. Be careful about publicly disclosing this information.
replies(2): >>ISL+Tp1 >>callal+rq1
◧◩◪◨
10. ISL+Tp1[view] [source] [discussion] 2020-06-02 21:51:40
>>LinuxB+mk1
The disclosure of facts is protected by the First Amendment.
replies(5): >>lawnch+bs1 >>elihu+kt1 >>vertex+1u1 >>gruez+Ev1 >>ceejay+tA1
◧◩◪◨
11. callal+rq1[view] [source] [discussion] 2020-06-02 21:54:33
>>LinuxB+mk1
>Be careful about publicly disclosing this information.

Why, what do I have to fear about that in the United States?

replies(2): >>LinuxB+Rr1 >>MertsA+PG2
◧◩◪◨⬒
12. LinuxB+Rr1[view] [source] [discussion] 2020-06-02 22:03:02
>>callal+rq1
I suppose that depends on your tolerance for drama and legal cartooney. One of my former employers and a three letter agency would go after people publicly disclosing such things and the people always backed down. The cooperation between nations can blur the lines depending on what nation you are in. That said, I am not a lawyer so it is probably best to get their input rather than mine.
◧◩◪◨⬒
13. lawnch+bs1[view] [source] [discussion] 2020-06-02 22:04:43
>>ISL+Tp1
There are sometimes non-legal reasons to be careful.
◧◩◪◨⬒
14. elihu+kt1[view] [source] [discussion] 2020-06-02 22:12:15
>>ISL+Tp1
That isn't universally true.
◧◩◪◨⬒
15. vertex+1u1[view] [source] [discussion] 2020-06-02 22:16:28
>>ISL+Tp1
I dunno if you noticed, but the law doesn't always exactly mean much in terms of what actually happens.
◧◩◪◨⬒
16. gruez+Ev1[view] [source] [discussion] 2020-06-02 22:24:22
>>ISL+Tp1
Does that work for DRM encryption keys? I think sony went after a few people who leaked either the blu-ray encryption keys, or the signing keys for one of their consoles.
◧◩◪◨⬒
17. ceejay+tA1[view] [source] [discussion] 2020-06-02 22:51:04
>>ISL+Tp1
https://en.wikipedia.org/wiki/Illegal_number
◧◩◪
18. g_p+nJ1[view] [source] [discussion] 2020-06-02 23:59:45
>>jackha+1k1
If anyone is interested in trying to work around this, I have a few ideas for how to try distinguish a real and fake cell. Temporary event "pop-up" networks should announce valid neighbouring cells.

Your baseband (radio) might expose neighbour cell data - iPhone field test menu shows the announced neighbour data.

Hypothesis is that a rogue tower will not have valid neighbour cells announced. They could try listen in for valid ones and advertise those.

A lot of the ways to detect will depend on the generation of network being spoofed - 4G networks will also advertise signalling for legacy 2G and 3G circuit switched networks. Rogue sites might not.

◧◩◪◨⬒
19. MertsA+PG2[view] [source] [discussion] 2020-06-03 09:49:07
>>callal+rq1
The creator of CryptoCat was targeted by the FBI. Not because he was suspected of committing a crime, just because they didn't like him creating open source encryption software. They actually had Hector Monsegur (Sabu) try to entrap him multiple times to try and come up with some trumped up reason to convict him.

https://nadimkobeissi.tumblr.com/page/29

Moxie Marlinspike can't even fly domestically without jumping through hoops and travelling internationally means they try to seize his electronics and demand the passwords.

[go to top]