[HN Gopher] SeaGlass: City-Wide IMSI-Catcher Detection (2017)
___________________________________________________________________
SeaGlass: City-Wide IMSI-Catcher Detection (2017)
Author : karlzt
Score : 118 points
Date : 2023-08-23 16:12 UTC (6 hours ago)
(HTM) web link (seaglass.cs.washington.edu)
(TXT) w3m dump (seaglass.cs.washington.edu)
| ta8645 wrote:
| An explanation wasn't prominently displayed on that web site, so
| from https://en.wikipedia.org/wiki/IMSI-catcher :
|
| An international mobile subscriber identity-catcher, or IMSI-
| catcher, is a telephone eavesdropping device used for
| intercepting mobile phone traffic and tracking location data of
| mobile phone users. Essentially a "fake" mobile tower acting
| between the target mobile phone and the service provider's real
| towers, it is considered a man-in-the-middle (MITM) attack.
| H8crilA wrote:
| How come the tower doesn't have to cryptographically
| authenticate with the phone? Like websites do, using TLS
| certificates.
| [deleted]
| h2odragon wrote:
| 2017, code link: https://github.com/seaglass-project/seaglass
|
| Pi connected to a Cell modem, mobile hotspot, and "bait phone"
| ... and a separate GPS.
|
| All powered by wall warts off an inverter to the car's 12v
| system.
|
| This makes me feel better about my own systems designs.
| thedougd wrote:
| Yeah. I went down the rabbit hole of ways to remove most of
| those components but I guess it's easy to instruct others on
| how to setup.
|
| Hotspots often support NEMA GPS protocol to use them as a GPS
| receiver. All those devices could be powered more efficiently
| with a DC to DC power supply.
| physhster wrote:
| I was going to mention that but you beat me to it... The power
| distribution is not very efficient, but hey, if it's stupid and
| it works, then it's not stupid.
| monocasa wrote:
| To be fair, the conversion to AC to go through a transformer
| on each wart imparts a decent amount of isolation on the
| voltage supply side.
|
| Does that actually matter? Probably not, but I find the
| comparison to Docker apropos. Sometimes it's just easier to
| add/keep abstraction/isolation simply on the small off chance
| that it's lack does get in your way as long as that
| abstraction/isloation itself doesn't get too much in your
| way.
| dylan604 wrote:
| This is the docker version of hardware prototyping.
| msla wrote:
| > if it's stupid and it works, then it's not stupid.
|
| I hate this phrase.
|
| Leaded gasoline worked, but it was so stupid it actively made
| people stupid.
|
| Storing passwords plaintext works, but the first time your
| system gets broken into it's a massive problem.
|
| Driving at 80 mph in a rainstorm is stupid and it works until
| it rather spectacularly doesn't.
| giantrobot wrote:
| The "works" part of the phrase does a lot of heavy lifting.
| Things can "work" in one dimension/context and fail in
| others. Stupid things can also "work" in several
| dimensions/contexts as well as smarter solutions.
| NietTim wrote:
| Research projects dont need to be "production ready" though
| sitzkrieg wrote:
| yeah was going to mention this, sounds like prototype is
| working with COTS parts
| callalex wrote:
| Cost of tech? sold?
| h2odragon wrote:
| Commercial Off The Shelf
| giantg2 wrote:
| If it works, it works
| morpheuskafka wrote:
| Here's something I've never understood about these: as devices
| that transmit on FCC-licensed bands, wouldn't each use of these
| require specific permission from the FCC? Especially for state
| level law enforcement and state courts, they wouldn't have the
| authority to authorize this without the federal government saying
| it's OK.
| diydsp wrote:
| I dont think they need to xmit beyond the baitphone making
| standard connections.
|
| Also there are apps for scanning and tracking celltower stength
| and mass-logging GPS data. I think that data could be the input
| to their detector... don't need a trunk full of HW.
| ajsnigrutin wrote:
| Yes, there are (eg. wigle.net, mostly based around wifi, but
| also scans cell towers), but the data is very noisy, since
| every phone is different and everyone wears it differently
| (if you wear it higher, in a shirt pocket, you'll get higher
| signal levels than if you carry it in a pants pocket, or in
| your hand, or if you have an old iphone, if you're holding it
| in your left hand instead of the right).
| diydsp wrote:
| Would anyone who downvoted this please explain why they think
| this system needs any special permission from the FCC?
| Afaict, it's simply monitoring the interactions of its bait
| phone with towers.
| 14 wrote:
| Probably downvoting your comment about not needing a trunk
| full of hardware.
|
| " These sensors have advantages over phones because they
| can contain specialized cellular scanning equipment and
| external antennas for farther reception ranges. While phone
| apps can see limited information on the tower currently
| connected to, our sensors scan the spectrum to measure
| hundreds of channels at a time and dozens of broadcast
| properties."
|
| So there is an advantage over using a regular cell phone
| and an app.
| callalex wrote:
| The discussion is about FCC approval for the police to set
| up a rogue cell site, not FCC approval for this research
| project.
| upofadown wrote:
| Last I looked at this the FCC had issued an exception to the
| normal rules against intentional interference. The resulting
| license is based on the idea that the devices will only be used
| under emergency conditions. Presumably the operators of the
| devices are having lots of emergencies.
|
| I think the problem here is that the federal law against
| intentional interference is quite definite. So this is the best
| loophole that the FCC could come up with.
| ceejayoz wrote:
| https://www.eff.org/deeplinks/2016/08/fcc-created-stingray-p...
|
| > The FCC's involvement in cell site simulators began years ago
| when it first approved commercial sales to law enforcement.
| Documents disclosed under FOIA show that the company that sells
| Stingrays had local police departments lobby the FCC close to
| ten years ago for approval.
| vngzs wrote:
| That's a question shared by several US senators [0]. Ron Wyden
| sent a similar letter in 2018, which received a response from
| an assistant attorney general, not the FCC [1].
|
| [0]:
| https://www.eff.org/files/2016/10/06/senate_letter_to_fcc_on...
|
| [1]: https://docs.fcc.gov/public/attachments/DOC-355228A2.pdf
| avg_dev wrote:
| beautiful image at the top of the page. I realize that it is a
| map, meant to convey some information. but I just like it
| ncr100 wrote:
| If I read the results correctly, weird to see a potential cell-
| catcher at the US Immigration center. Could this reasonably be
| interpreted as "someone is sniffing immigrant's cell traffic" ..
| gathering intelligence about potential candidates for
| immigration?
| ajsnigrutin wrote:
| During the "migrant waves" a few years ago (2015+, when angela
| merkel invited them, then left most of them "outside"), our
| telcos actually gave out free sim cards with a few gigs of data
| traffic as a "gift" to migrants, and there was a lot of
| complaining since noone figured out that those can be used for
| tracking those people, both in my country and also other EU
| countries, wherever they went legally or not.
| techdmn wrote:
| Just a wild guess, but If I were trying to find illegal
| immigrants, seeding a social graph with legal immigrants might
| be a good place to start. (This comment is in no way an
| endorsement of the methods or goals of ICE.)
| willcipriano wrote:
| They straight up give them cell phones when they release them
| into the interior[0]. None of that is required.
|
| This is to catch mules bringing over drugs and sex
| traffickers most likely. Once they get to the other side,
| need to call for a pick up.
|
| [0]https://apnews.com/article/immigration-covid-technology-
| busi...
| Havoc wrote:
| Pretty sure it's possible to catch some imsi 100% passive though
| during handover
| guwop wrote:
| this is from 17' does anyone know of any updated resources on
| imsi detection? perhaps some cool papers?
| notjulianjaynes wrote:
| This is no longer being maintained as of 2022, but I think is
| more recent than SeaGlass.
|
| https://github.com/EFForg/crocodilehunter
| wintermutestwin wrote:
| I always figure that the times when I have 3 bars and yet zero
| internet are when local leo is using a stingray. You would think
| cell providers would sue over the disruption of their service.
|
| /i am mostly clue free about this stuff so this post might
| include erroneous assumptions
| [deleted]
| [deleted]
| abraae wrote:
| > There are some cases where legitimate cell towers will be moved
| to deal with a temporary increase in demand, like a sporting
| event, but this is relatively uncommon.
|
| My understanding is these are quite commonly used for concerts,
| sporting events etc., Vodafone called them COWS (Cell site on
| wheels).
|
| Anecdotally when the Vodafone CEO of the time came to visit NZ,
| some lackeys were charged with staying physically close behind
| him with a COW so he would always see good reception.
| [deleted]
| dang wrote:
| Related:
|
| _SeaGlass: City-Wide IMSI-Catcher Detection (2017)_ -
| https://news.ycombinator.com/item?id=27173717 - May 2021 (55
| comments)
|
| _SeaGlass - Enabling City-Wide IMSI-Catcher Detection_ -
| https://news.ycombinator.com/item?id=14474956 - June 2017 (36
| comments)
___________________________________________________________________
(page generated 2023-08-23 23:00 UTC)