[HN Gopher] LTESniffer - An Open-Source LTE Downlink/Uplink Eave...
___________________________________________________________________
LTESniffer - An Open-Source LTE Downlink/Uplink Eavesdropper
Author : conductor
Score : 165 points
Date : 2023-05-15 18:08 UTC (4 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| efitz wrote:
| Um, yeah, I don't have $20k to drop on an Ettus USRP X310 and two
| daughterboards. I would have liked to have played with it but
| that is too rich for me.
| bryancoxwell wrote:
| A B210 with GPSDO is expensive, but considerably cheaper than
| $20k. Granted the functionality would be limited but it is
| possible for hobbyists to play with this.
| dylan604 wrote:
| This is usually the very inspiration for a hacker to pull out
| the soldering iron to make one themselves because the off-the-
| shelf item is too damn expensive
| [deleted]
| iaw wrote:
| Does anyone know the encryption schema of LTE? Does the key
| change with each message or is it for a longer period of time?
| I'm wondering how feasible it is for an attacker to capture and
| then break the encryption (obviously if we're talking 2048-bit
| that wont be happening anytime soon)
| sidewndr46 wrote:
| why bother? Just force the handset down to 2G and intercept
| that.
| slicktux wrote:
| 2G is deprecated so a lot of the newer phones won't even
| support that..?
| sidewndr46 wrote:
| I can't even turn off 2G on my relatively new Samsung
| handset, so I find it hard to believe it is "deprecated".
|
| There are likely zero 2G towers in my area, but that
| doesn't mean handset suppliers don't ship it still.
| ronsor wrote:
| As long as there are countries with GSM service, it's not
| going to stop being shipped.
| slicktux wrote:
| Yea relatively speaking...
| betaby wrote:
| There is nothing to intercept on 2G in Canada and USA, 2G was
| decommissioned.
| KirillPanov wrote:
| That's the towers. All the handsets still support 2G, and
| will happily let themselves be downgrade-attacked to it.
|
| 2G lacks even the most rudimentary authentication, so you
| don't even have to _try_ to look like a tower once you 've
| done this. Just say you're a tower.
| bryancoxwell wrote:
| These attacks are generally carried out by a "rogue base
| station" that simulates being a cell tower. It doesn't
| require that there be a local 2G infrastructure.
| betaby wrote:
| SIMs from my two different Canadian operator doesn't
| allow downgrade to 2G for the home networks.
| sidewndr46 wrote:
| That's pretty cool, any idea how it works?
| betaby wrote:
| Authentication profiles. Basically one can specify on the
| SIM profile that for the certain PLMN (mobile operator)
| only certain authentication methods are allowed (2G, 3G,
| 4G use different auth methods).
| dilyevsky wrote:
| It's a key set per session. See
| https://arxiv.org/pdf/1510.07563.pdf to answer your other
| question
| zitterbewegung wrote:
| This looks like a good overview of the subject.
| https://www.eecis.udel.edu/~salehi/files/asee13_lte.pdf
| JohnMakin wrote:
| The FBI got caught doing something kind of similar in a pretty
| hilarious way (the full story is nuts) using a device called a
| "stingray" - https://www.aclu.org/news/privacy-
| technology/surreal-stingra...
|
| Although in this case, they were disguising themselves as a cell
| tower and intercepting traffic that way.
| acaloiar wrote:
| If I recall correctly, what this software is capable of doing
| is not what the Stringray debacle was about.
|
| While the Stringray could also be used as a passive sniffer,
| the FBI Stringray debacle was about it being used as an active
| fake cell site, in proximity to a target, to intercept
| communications.
| yieldcrv wrote:
| Eavesdropping tool with eavesdropping name with a little
| disclaimer about not being responsible for illegal use
|
| Yeah this is the kind of repository that you clone immediately
|
| Clone, dont just Fork
| raini wrote:
| Previous discussion:
| https://news.ycombinator.com/item?id=35705683 (256 points, 55
| comments)
| nntwozz wrote:
| It is what it is, no need for posts like this.
___________________________________________________________________
(page generated 2023-05-15 23:00 UTC)