What happened to all the phone apps that made an effort to detect IMSI catchers, like SnoopSnitch, which appears to be abandoned (F-Droid reports some fishy anti-features?).
Probably removed by the respective app stores under pressure from law enforcement agencies. A lot of free “snoop” or network detection apps have been removed or paywalled.
My phone OS allows me to disable 2G, which I do because of SS7 vulnerability, but not 3G unfortunately.
Here is it working in action while law enforcement is flying a spy plane arouns a neighborhood
In case you, like me, were wondering wtf stingrays are (besides a type of fish). This is from their report :
Cell-site simulators, also known as “Stingrays” or IMSI catchers, are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower.
Cell-site simulators operate by conducting a general search of all cell phones within the device’s radius, in violation of basic constitutional protections. Law enforcement use cell-site simulators to pinpoint the location of phones with greater accuracy than phone companies. Cell-site simulators can also log IMSI numbers (unique identifying numbers) of all of the mobile devices within a given area.
…
The fact that government agencies are using these devices without the utmost consideration for the privacy and rights of individuals around them is alarming but not surprising. The federal government, and in particular agencies like HSI and ICE, have a dubious and troubling relationship with overbroad collection of private data on individuals.
Wait, people didn’t know about StingRays?
They’ve been around for like a decade now.
But uh, yeah, basically, they’re fake/spoof/honeypot cell towers that man-in-the-middle all nearby cell network traffic.
This is how they do the whole… everything dragnet, all the time, basically all cop cruisers have them in them, active all the time, this is why you just don’t bring your phone to a protest unless you really know what you’re doing.
So how do they break my SSL connections?
It’s a little less about reading what you’re saying or looking at on your phone, it’s mostly about tracking where your phone goes and figuring out who you are that way.
They don’t really need to.
They get all your phone’s metadata, and thats usually enough to plug in to a bunch of other databases that they can add you to a watchlist of some kind.
I mean really at this point we are all in a giganto mega watchlist, its just that its so big that the problem is actually sorting through that list and ‘accurately’ assigning threat levels, but thats what Palantir is for.
Like, they get your IMSI code, unless you are somehow regularly/randomly resetting that, uh, they can easily get a bunch of other info from cell providers, they just can’t (usually) specifically use that info alone to convict you of something, but…
They know who you are, roughly where you were and when.
So thats a pretty good starting point for a subsequent investigation, or just throwing it onto the dragnet data pile.
When someone finds one of these simulators, what would they do?
Whatever you do, you shouldn’t accidentally spill saltwater on it. That could destroy a very expensive piece of spying equipment, and would be a terrible, tragic accident that could interfere with the advance of nazism.
Hang on while I fly up and spill water on a fucking plane or the side of a private building.
You’re thinking of magnets. That’s how you ruin magnets.
Based on this link, the proper thing to do should be to report it to the FCC. I am not sure how much Trump’s FCC will pay attention to the report, though…
Report it to your favorite news media ig
Also alert your friends/colleagues that there are IMEI/IMSI scanners at the event, so that they can prepare accordingly by leaving their phone at home, putting it in a farraday bag, etc.
It doesn’t matter if there are IMSI catchers or not, they should be leaving their phones at home.
Or use GrapheneOS in airplane mode.
That’s probably best case scenario but I have one and left it at home last time.
Someone needs to document the event. 🙂
Find your anarchist friend with excess radio equipment and let them know.
What is the correct hardware?
Any of the 5 or 6 cheap wireless hotspots listed in the link in the article.
Is there a good one for Canada in specific though? As far as I can tell the Orbic only works in the US, and as a result I’m not sure if I can trust the other devices, even if they’re the same ITU region. Would the TP-Link work? The docs suggest it should work in the US as well as Europe.
Probably should have read the article hahahah. Thanks.
In your defense, it seems like just a link to a repository.
That’s why I don’t click it. But like. I could have. I have the power. Of click.
I’ve taken too many phishing tests. I have lost the power of clicking.
It’s been tested at actual protests FYI. It works.
Use your imagination what that means you can do when you find one.
They’ve gone on record that they have not found anything at any protests so I’m not sure what you mean by “tested”.
E: can someone explain why I’m being downvoted?
“So far Rayhunter has not turned up any evidence of cell-site simulators being used to spy on protests in the US — though we have found them in use elsewhere.”
The article does point out that there are cheaper and easier options available that might be of greater concern.
Fucking cool, and also remember to leave your phone at home, or at least on airplane mode.
In airplane mode and even while turned off, phones have been known to still transmit data via background services. Leaving it behind, or a Faraday bag are the only assured options I’m aware of
Not while turned off, generally. Screen off, sure.
Edit: apparently at least some do
Thats not correct. Iphones and androids are never truly off. There are a few privacy focused phones by small makers with hardware switches for each radio. You can run android or linux on them.
You’re a troll
I am?
There is no such thing as “off” on modern Smartphones. Even if you power it down things like the baseband prozessor and bluetooth still stay active most of the time.
If the battery is integrated into device there ist no real way to completely shut this things down.
100%. That’s why Snowden asked every visitor from the press to put their phones in the microwave before they started their interviews. Of course he didn’t turn it on, it was to function as a Faraday cage.
microwaves don’t work as faraday cages
For the curious:
The metal screen on the microwave door is designed to block the specific wavelength being used to heat your food. It isn’t a full cage and isn’t effective at blocking other frequencies.
Yes. However the frequency it blocks is ~2.45GHz which is the same frequency as WiFi, Bluetooth, etc. and used to be the only other antenna other than the cellular antenna, where the frequency ranges from 600MHz-2.5GHz.
This used to be good practice because you would first remove the sim card disabling the LTE communication, unless the hardware was compromised, and then place it in the microwave to disable all other signals.
With the introduction and proliferation of eSIM on both devices and carrier sides, removing the SIM card no longer provides much protection and the additional of many other communication methods, most notably 5GHz 802.11x, the microwave trick doesn’t really do anything either.
But it used to work.
wtf got a source on that? Sounds quite scary tbh
deleted by creator
No they don’t
Just as an example:
https://www.apple.com/icloud/find-my/
“Some devices can still send their location for up to 24 hours after they’ve been turned off or have low battery life.”
https://www.91mobiles.com/hub/exclusive-google-find-my-device-feature-phone-off
“Google began rolling out this feature as “Powered Off Finding” with the Pixel 8 series, letting users locate their phone even when it’s switched off by keeping the Bluetooth chip active.”
And those are only some of the official known possibilities
Modern phones will still ping the Bluetooth low energy networks like Find My for Apple devices even when off or on airplane mode. That’s how things like AirTags work.
defeats the whole point of a phone imo. (for me personally) i only use it for music and communication. if I didn’t want communication i would just use a desktop
I believe they meant if you’re going to protests
oh yeah in that case absolutely
I just pictured someone doing the whole smash their phone and throw it out the window thing from a spy movie, but theyre just in traffic on their way to work, and it made me chuckle.
Yes, this software was developed explicitly with protests in mind.
What if the cops have a trace buster buster?
Then you would just wanna bring along your trace buster buster buster.
Who are you calling buster, buster?
Who YOU gonna call? Trace Busters?
Hey, I’m not your buster, guy.
Who you calling “guy”, champ?
Always crazy seeing a The Big Hit reference in the wild
[Busta Rhymes enters the chat]
FLIP MODE!
PUT YA HANDS WHERE MY EYES CAN SEE
Cool
