Spoofing GSM station has been known for a while. What abt newer generation networks (3G,LTE,UMTS,etc)? Unlike GSM, these networks authenticate the station and IMSI is usually encrypted. So what is the state-of-the-art for spoofing the station, for tracking here? What are the known vulnerabilities? - does this rely on backward compatibility (i.e. phones connect to the network with stronger signal so phones can be tricked into connecting to a fake GSM station)? - does it exploit a vulnerability in authentication/hand-over of these new networks? - does it use statistical methods to infer where users are (e.g. http://www.isti.tu-berlin.de/fileadmin/fg214/Papers/UMTSprivacy.pdf)
Thanks On Tue, Jul 30, 2013 at 9:56 AM, Eugen Leitl <[email protected]> wrote: > > > http://arstechnica.com/tech-policy/2013/07/moscow-metro-says-new-tracking-system-is-to-find-stolen-phones-no-one-believes-them/ > > > Moscow Metro says new tracking system is to find stolen phones; no one > believes them > > Experts: Russians are probably using fake cell tower devices for > surveillance. > > by Cyrus Farivar - July 29 2013, 11:10pm +0200 > > On Monday, a major Russian newspaper reported that Moscow’s metro system is > planning what appears to be a mobile phone tracking device in its metro > stations—ostensibly to search for stolen phones. > > According to Izvestia (Google Translate), Andrey Mokhov, the operations > chief > of the Moscow Metro system’s police department, said that the system will > have a range of five meters (16 feet). “If the [SIM] card is wanted, the > system automatically creates a route of its movement and passes that > information to the station attendant,” Mokhov said. > > Many outside experts, both in and outside Russia, though, believe that what > local authorities are actually deploying is a “stingray,” or “IMSI > catcher”—a > device that can fool a phone and SIM into reading from a fake mobile phone > tower. (IMSI, or an International Mobile Subscriber Identity number, is a > 15-digit unique number that sits on every SIM card.) Such devices can be > used > as a simple way to see what phone numbers are being used in a given area or > even to intercept the audio of voice calls. > > The Moscow Metro did not immediately respond to our request for comment. > > “Many surveillance technologies are created and deployed with legitimate > aims > in mind, however the deploying of IMSI catchers sniffing mobile phones en > masse is neither proportionate nor necessary for the stated aims of > identifying stolen phones,” Eric King of Privacy International told Ars. > > “Likewise the legal loophole they claim to be using to legitimize the > practice—distinguishing between tracking a person from a SIM card—is > nonsensical and unjustifiable. It's surprising it's being discussed so > openly, given in many countries like the United Kingdom, they refuse to > even > acknowledge the existence of IMSI catchers, and any government use of the > technology is strictly national security exempted.” > > These devices are in use, typically by law enforcement agencies worldwide, > including some in the United States. Portable, commercial IMSI catchers are > made by Swiss and British companies, among others, but in 2010, security > researcher Chris Paget announced that he built his own IMSI catcher for > only > $1,500. Still, mobile security remains spy-versus-spy to some degree, each > measure matched by a countermeasure. In December 2011, Karsten Nohl, > another > noted mobile security researcher, released "Catcher Catcher"—a piece of > software that monitors network traffic and looks at the likelihood an IMSI > catcher is in use. > > Keir Giles, of the Conflict Studies Research Centre, an Oxford-based > Russian > think tank, told Ars that Russian authorities are claiming a legal > technicality. > > "They are claiming that although they are legally prohibited from > indiscriminate surveillance of people, the fact that they are following SIM > cards which are the property of the mobile phone operators rather than the > individuals carrying those SIM cards makes the tracking plans perfectly > legal," he said, adding that this reasoning is "weaselly and ridiculous." > > The Russian newspaper also quoted Alexander Ivanchenko, executive director > of > the Russian Security Industry Association, who pointed out that even to be > effective, such a system would need these devices every 10 meters (32 > feet). > > “It is obvious that the cost of the system is not commensurate with the > value > of all the stolen phones,” he said. “Also, effective anti-theft technology > is > already known: in the US, for example, the owner of the stolen phone knows > enough to call the operator—and the stolen device stops working, even if > another SIM-card is inserted.” > > Two major Russian mobile providers, Beeline and Megafon, have told Russian > media (Google Translate) that they are unaware of this supposed anti-theft > measure. On the other hand, BBC Russian reports (Google Translate) that the > system is due to come online in late 2013 or early 2014. > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
