[HN Gopher] LTESniffer - An Open-Source LTE Downlink/Uplink Eave... ___________________________________________________________________ LTESniffer - An Open-Source LTE Downlink/Uplink Eavesdropper Author : conductor Score : 165 points Date : 2023-05-15 18:08 UTC (4 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | efitz wrote: | Um, yeah, I don't have $20k to drop on an Ettus USRP X310 and two | daughterboards. I would have liked to have played with it but | that is too rich for me. | bryancoxwell wrote: | A B210 with GPSDO is expensive, but considerably cheaper than | $20k. Granted the functionality would be limited but it is | possible for hobbyists to play with this. | dylan604 wrote: | This is usually the very inspiration for a hacker to pull out | the soldering iron to make one themselves because the off-the- | shelf item is too damn expensive | [deleted] | iaw wrote: | Does anyone know the encryption schema of LTE? Does the key | change with each message or is it for a longer period of time? | I'm wondering how feasible it is for an attacker to capture and | then break the encryption (obviously if we're talking 2048-bit | that wont be happening anytime soon) | sidewndr46 wrote: | why bother? Just force the handset down to 2G and intercept | that. | slicktux wrote: | 2G is deprecated so a lot of the newer phones won't even | support that..? | sidewndr46 wrote: | I can't even turn off 2G on my relatively new Samsung | handset, so I find it hard to believe it is "deprecated". | | There are likely zero 2G towers in my area, but that | doesn't mean handset suppliers don't ship it still. | ronsor wrote: | As long as there are countries with GSM service, it's not | going to stop being shipped. | slicktux wrote: | Yea relatively speaking... | betaby wrote: | There is nothing to intercept on 2G in Canada and USA, 2G was | decommissioned. | KirillPanov wrote: | That's the towers. All the handsets still support 2G, and | will happily let themselves be downgrade-attacked to it. | | 2G lacks even the most rudimentary authentication, so you | don't even have to _try_ to look like a tower once you 've | done this. Just say you're a tower. | bryancoxwell wrote: | These attacks are generally carried out by a "rogue base | station" that simulates being a cell tower. It doesn't | require that there be a local 2G infrastructure. | betaby wrote: | SIMs from my two different Canadian operator doesn't | allow downgrade to 2G for the home networks. | sidewndr46 wrote: | That's pretty cool, any idea how it works? | betaby wrote: | Authentication profiles. Basically one can specify on the | SIM profile that for the certain PLMN (mobile operator) | only certain authentication methods are allowed (2G, 3G, | 4G use different auth methods). | dilyevsky wrote: | It's a key set per session. See | https://arxiv.org/pdf/1510.07563.pdf to answer your other | question | zitterbewegung wrote: | This looks like a good overview of the subject. | https://www.eecis.udel.edu/~salehi/files/asee13_lte.pdf | JohnMakin wrote: | The FBI got caught doing something kind of similar in a pretty | hilarious way (the full story is nuts) using a device called a | "stingray" - https://www.aclu.org/news/privacy- | technology/surreal-stingra... | | Although in this case, they were disguising themselves as a cell | tower and intercepting traffic that way. | acaloiar wrote: | If I recall correctly, what this software is capable of doing | is not what the Stringray debacle was about. | | While the Stringray could also be used as a passive sniffer, | the FBI Stringray debacle was about it being used as an active | fake cell site, in proximity to a target, to intercept | communications. | yieldcrv wrote: | Eavesdropping tool with eavesdropping name with a little | disclaimer about not being responsible for illegal use | | Yeah this is the kind of repository that you clone immediately | | Clone, dont just Fork | raini wrote: | Previous discussion: | https://news.ycombinator.com/item?id=35705683 (256 points, 55 | comments) | nntwozz wrote: | It is what it is, no need for posts like this. ___________________________________________________________________ (page generated 2023-05-15 23:00 UTC)