[HN Gopher] SeaGlass: City-Wide IMSI-Catcher Detection (2017) ___________________________________________________________________ SeaGlass: City-Wide IMSI-Catcher Detection (2017) Author : karlzt Score : 118 points Date : 2023-08-23 16:12 UTC (6 hours ago) (HTM) web link (seaglass.cs.washington.edu) (TXT) w3m dump (seaglass.cs.washington.edu) | ta8645 wrote: | An explanation wasn't prominently displayed on that web site, so | from https://en.wikipedia.org/wiki/IMSI-catcher : | | An international mobile subscriber identity-catcher, or IMSI- | catcher, is a telephone eavesdropping device used for | intercepting mobile phone traffic and tracking location data of | mobile phone users. Essentially a "fake" mobile tower acting | between the target mobile phone and the service provider's real | towers, it is considered a man-in-the-middle (MITM) attack. | H8crilA wrote: | How come the tower doesn't have to cryptographically | authenticate with the phone? Like websites do, using TLS | certificates. | [deleted] | h2odragon wrote: | 2017, code link: https://github.com/seaglass-project/seaglass | | Pi connected to a Cell modem, mobile hotspot, and "bait phone" | ... and a separate GPS. | | All powered by wall warts off an inverter to the car's 12v | system. | | This makes me feel better about my own systems designs. | thedougd wrote: | Yeah. I went down the rabbit hole of ways to remove most of | those components but I guess it's easy to instruct others on | how to setup. | | Hotspots often support NEMA GPS protocol to use them as a GPS | receiver. All those devices could be powered more efficiently | with a DC to DC power supply. | physhster wrote: | I was going to mention that but you beat me to it... The power | distribution is not very efficient, but hey, if it's stupid and | it works, then it's not stupid. | monocasa wrote: | To be fair, the conversion to AC to go through a transformer | on each wart imparts a decent amount of isolation on the | voltage supply side. | | Does that actually matter? Probably not, but I find the | comparison to Docker apropos. Sometimes it's just easier to | add/keep abstraction/isolation simply on the small off chance | that it's lack does get in your way as long as that | abstraction/isloation itself doesn't get too much in your | way. | dylan604 wrote: | This is the docker version of hardware prototyping. | msla wrote: | > if it's stupid and it works, then it's not stupid. | | I hate this phrase. | | Leaded gasoline worked, but it was so stupid it actively made | people stupid. | | Storing passwords plaintext works, but the first time your | system gets broken into it's a massive problem. | | Driving at 80 mph in a rainstorm is stupid and it works until | it rather spectacularly doesn't. | giantrobot wrote: | The "works" part of the phrase does a lot of heavy lifting. | Things can "work" in one dimension/context and fail in | others. Stupid things can also "work" in several | dimensions/contexts as well as smarter solutions. | NietTim wrote: | Research projects dont need to be "production ready" though | sitzkrieg wrote: | yeah was going to mention this, sounds like prototype is | working with COTS parts | callalex wrote: | Cost of tech? sold? | h2odragon wrote: | Commercial Off The Shelf | giantg2 wrote: | If it works, it works | morpheuskafka wrote: | Here's something I've never understood about these: as devices | that transmit on FCC-licensed bands, wouldn't each use of these | require specific permission from the FCC? Especially for state | level law enforcement and state courts, they wouldn't have the | authority to authorize this without the federal government saying | it's OK. | diydsp wrote: | I dont think they need to xmit beyond the baitphone making | standard connections. | | Also there are apps for scanning and tracking celltower stength | and mass-logging GPS data. I think that data could be the input | to their detector... don't need a trunk full of HW. | ajsnigrutin wrote: | Yes, there are (eg. wigle.net, mostly based around wifi, but | also scans cell towers), but the data is very noisy, since | every phone is different and everyone wears it differently | (if you wear it higher, in a shirt pocket, you'll get higher | signal levels than if you carry it in a pants pocket, or in | your hand, or if you have an old iphone, if you're holding it | in your left hand instead of the right). | diydsp wrote: | Would anyone who downvoted this please explain why they think | this system needs any special permission from the FCC? | Afaict, it's simply monitoring the interactions of its bait | phone with towers. | 14 wrote: | Probably downvoting your comment about not needing a trunk | full of hardware. | | " These sensors have advantages over phones because they | can contain specialized cellular scanning equipment and | external antennas for farther reception ranges. While phone | apps can see limited information on the tower currently | connected to, our sensors scan the spectrum to measure | hundreds of channels at a time and dozens of broadcast | properties." | | So there is an advantage over using a regular cell phone | and an app. | callalex wrote: | The discussion is about FCC approval for the police to set | up a rogue cell site, not FCC approval for this research | project. | upofadown wrote: | Last I looked at this the FCC had issued an exception to the | normal rules against intentional interference. The resulting | license is based on the idea that the devices will only be used | under emergency conditions. Presumably the operators of the | devices are having lots of emergencies. | | I think the problem here is that the federal law against | intentional interference is quite definite. So this is the best | loophole that the FCC could come up with. | ceejayoz wrote: | https://www.eff.org/deeplinks/2016/08/fcc-created-stingray-p... | | > The FCC's involvement in cell site simulators began years ago | when it first approved commercial sales to law enforcement. | Documents disclosed under FOIA show that the company that sells | Stingrays had local police departments lobby the FCC close to | ten years ago for approval. | vngzs wrote: | That's a question shared by several US senators [0]. Ron Wyden | sent a similar letter in 2018, which received a response from | an assistant attorney general, not the FCC [1]. | | [0]: | https://www.eff.org/files/2016/10/06/senate_letter_to_fcc_on... | | [1]: https://docs.fcc.gov/public/attachments/DOC-355228A2.pdf | avg_dev wrote: | beautiful image at the top of the page. I realize that it is a | map, meant to convey some information. but I just like it | ncr100 wrote: | If I read the results correctly, weird to see a potential cell- | catcher at the US Immigration center. Could this reasonably be | interpreted as "someone is sniffing immigrant's cell traffic" .. | gathering intelligence about potential candidates for | immigration? | ajsnigrutin wrote: | During the "migrant waves" a few years ago (2015+, when angela | merkel invited them, then left most of them "outside"), our | telcos actually gave out free sim cards with a few gigs of data | traffic as a "gift" to migrants, and there was a lot of | complaining since noone figured out that those can be used for | tracking those people, both in my country and also other EU | countries, wherever they went legally or not. | techdmn wrote: | Just a wild guess, but If I were trying to find illegal | immigrants, seeding a social graph with legal immigrants might | be a good place to start. (This comment is in no way an | endorsement of the methods or goals of ICE.) | willcipriano wrote: | They straight up give them cell phones when they release them | into the interior[0]. None of that is required. | | This is to catch mules bringing over drugs and sex | traffickers most likely. Once they get to the other side, | need to call for a pick up. | | [0]https://apnews.com/article/immigration-covid-technology- | busi... | Havoc wrote: | Pretty sure it's possible to catch some imsi 100% passive though | during handover | guwop wrote: | this is from 17' does anyone know of any updated resources on | imsi detection? perhaps some cool papers? | notjulianjaynes wrote: | This is no longer being maintained as of 2022, but I think is | more recent than SeaGlass. | | https://github.com/EFForg/crocodilehunter | wintermutestwin wrote: | I always figure that the times when I have 3 bars and yet zero | internet are when local leo is using a stingray. You would think | cell providers would sue over the disruption of their service. | | /i am mostly clue free about this stuff so this post might | include erroneous assumptions | [deleted] | [deleted] | abraae wrote: | > There are some cases where legitimate cell towers will be moved | to deal with a temporary increase in demand, like a sporting | event, but this is relatively uncommon. | | My understanding is these are quite commonly used for concerts, | sporting events etc., Vodafone called them COWS (Cell site on | wheels). | | Anecdotally when the Vodafone CEO of the time came to visit NZ, | some lackeys were charged with staying physically close behind | him with a COW so he would always see good reception. | [deleted] | dang wrote: | Related: | | _SeaGlass: City-Wide IMSI-Catcher Detection (2017)_ - | https://news.ycombinator.com/item?id=27173717 - May 2021 (55 | comments) | | _SeaGlass - Enabling City-Wide IMSI-Catcher Detection_ - | https://news.ycombinator.com/item?id=14474956 - June 2017 (36 | comments) ___________________________________________________________________ (page generated 2023-08-23 23:00 UTC)