Democratization of Stingray (IMSI Catcher)

anvilfour

Just been reading this month's Cryptogram newsletter, brief summary of this rather worrying(!) article as follows:

• Stingray is the code name for an IMSI-catcher, which is basically a fake cell phone tower sold by Harris Corporation to various law enforcement agencies.
• There are dozens of these devices scattered around Washington, DC, and the rest of the country run by who-knows-what government or organization. Criminal uses are next.
• Building your own IMSI-catcher isn't hard or expensive. At Def Con in 2010, researcher Chris Paget demonstrated his homemade IMSI-catcher. The whole thing cost $1,500, which is cheap enough for both criminals and nosy hobbyists.
• It's even cheaper and easier now. Anyone with a HackRF software-defined radio card can turn their laptop into an amateur IMSI-catcher. And this is why companies are building detectors into their security monitoring equipment.
• They're used extensively in China to send SMS spam without paying the telcos any fees.
  http://www.ibtimes.co.uk/...
• The new model of the IMSI-catcher from Harris Corporation is called Hailstorm. It has the ability to remotely inject malware into cell phones.
  https://www.insidersurveillance.com/...

Full article available at : https://www.schneier.com/crypto-gram/archives/2015/0515.html#3

anvilfour

In a nutshell, it seems that any fool can build or buy one of these IMSI catchers and listen in on your phone calls or intercept SMS messages/3G traffic.

It seems that even using encrypted chat/VOIP wouldn't be a complete defence against this if it is indeed possible to inject malware into cellphones.

In my opinion, there isn't a way to secure a mobile device properly. Perhaps if you bought "burner" phones on a one use basis and had a secure way to communicate your new numbers with each other*, you can have a better chance at privacy.

Also these devices would need to be brought to somewhere quite close to you to be effective so if you made sure to make your calls from random locations at each time, you'd have a better chance.

*Of course if you have a secure channel to transmit these then why not use it to say the things you wanted to say over the phone?

Manach

Worrying in that metadata while not fully protected by US laws (a SC decision) for it to plucked from the air seems excessive. I'm right in assuming that the content data is encrypted but the traffic channel setup is in the clear for signalling ease of use which has the IMSI?

anvilfour

Manach wrote: »

Worrying in that metadata while not fully protected by US laws (a SC decision) for it to plucked from the air seems excessive. I'm right in assuming that the content data is encrypted but the traffic channel setup is in the clear for signalling ease of use which has the IMSI?

Well said Manach, let's not forget this isn't just a risk for Law Enforcement, stalker ex boyfriends, telemarketers, foreign spies, the list goes on..!

Khannie

The thing I think most people forget about with your mobile (and, weirdly I thought, something that was repeatedly pointed out about a product I worked on) is that you have to trust the hardware manufacturer and I don't, so again I assume that my phone is compromised long before hailstorm screws it.

anvilfour

Khannie wrote: »

The thing I think most people forget about with your mobile (and, weirdly I thought, something that was repeatedly pointed out about a product I worked on) is that you have to trust the hardware manufacturer and I don't, so again I assume that my phone is compromised long before hailstorm screws it.

A very good point Khannie... remember the hidden backdoor in Samsung phones?

That said, even with the best will in the world, the Police can subpoena your calls/texts at a moment's notice and also track where you are... I honestly can't see a way to communicate on it safely!

p.s Apple does not have a backdoor in its devices- no, we really don't. I use an iPod myself to store sensitive info! However I appreciate no one can take my word for that!