πŸ” Smartphone: "IMSI Catchers" (Mitigati ...

πŸ” Smartphone: "IMSI Catchers" (Mitigation + Thoughts)

Jun 21, 2022

Hey friends, πŸ˜€

Today a bit about what are commonly referred to universally as: "Stingrays", and for Pinephone / Linux phone users, a small service for the Pinephone / Linux phones (try here).

Including info for Android users in this post. iPhone, not having as many options, does carry a 4G Only app.


Cell Site Simulators (examples: "Stingrays", "IMSI Catchers"): False Cell Towers appeal as "strongest signal in the area" for phones in nearby area (ex: 10,000 phones per device in some cases). Once connected, phone location can be tracked, and on lower security (ex: 2G), SMS / calls can be more easily compromised.



SUMMARY: most Cell Site Simulators rely on downgrade attacks causing your phone to connect to less secure 2G services (other times 3G). We talk about small steps towards mitigation.


INTRODUCTION

Video (couple years old) introduces an Android tool for detection and mitigation of "cell site simulators".

A basic introduction to what these devices are designed to do (mimic cell towers), and what various models may look like (including homemade), from the smallest (fitting in the palm of the hand), to the flying...

Watch Here:

https://youtu.be/w8reJoOl5fM


RELATED VIDEO: Top 11 Android Privacy Tips


Tracking With Cell Site Simulators

Essentially functioning as false towers.

If You Have A Phone...

it will eventually connect...

These devices can scoop all phones in the area. Some have capability to handle 10,000 phones in vicinity, simultaneously.

Worth noting 4G is blocked during many protests, whether this relates, unknown (examples, further down).

We all deserve the right to privacy in our homes, and personal devices.

Privacy represents the most fundamental Human Rights (no right guaranteed without right to privacy)

Companies producing Cell Site Simulators have:
non-disclosure agreements


SIM CARDS: SILENT SMS + MORE

While we are talking smartphones, it's best to include SIM cards in the mix.

Did you know your SIM card carries its own microcomputer, runs its own OS and browser, and accepts hidden binary text messages?

You can learn more about this on our video, here:

https://youtu.be/U4h6YuDxmLo


CELL SITE SIMULATOR

Downgrading phones to 2G service makes content easier to intercept (ie: calls and SMS txt, due to weak security in the 2G).

4G Cell Site devices being more expensive (comparing to 2G / 3G), generally offering location tracking.

Previously, price quotes (released a couple years back) marked "Hailstorm" devices for over $450,000.


See: here, here, and here examples where 4G was blocked during protest.


SYMPTOMS (Then Again... There Aren't Always Signs)

  • Quicker than normal battery drain (push max battery usage)

  • High power usage forced on phones (amplification can allow farther operation distances)

  • Downgraded service to 2G, 3G (from stable 5G, 4G)

  • Service disruptions (problems sending SMS txt, calls, internet)


    We should ask ourselves: Why is there no proper authentication, to protect our phones from these devices?


Why Do Downgrade Attacks From 4G To 2G, 3G Happen?

Downgrade attacks occur to move the phone to a more 'receptive' environment.

  • 4G Cell Site Simulators, expensive

  • 2G, 3G offers lower security capabilities (ie: receiving calls / SMS txt)


Use To Our Advantage?

Since said false malicious cell spy towers utilize downgrade attacks to force all phones in the area to connect to their malicious cell site simulator...

We can mitigate downgrade attacks by forcing 4G only (keep in mind not all settings are saved after reboot (unless you have it saved for persistence / use 4G-only service).


ANDROID USERS: 4G / LTE ONLY

  • Open Dialpad

  • Dial: * # * # 4 6 3 6 # * # * (this opens testing window)

  • Go into "Phone Information"

  • Set Your Preferred Network Type To LTE Only for 4G only (keep in mind this settings holds until reboot)


iPhone Users: 4G / LTE Only There is a reported 4G only app.

You can also access iPhone service options by following this page.


Apps like Android's "Cell Spy Catcher": take 24hr to map out all current cell towers (and locations), alerting you to towers which move or behave suspiciously, such as changing tower information, and location (ie: true cell towers are not moving around, changing location 😀)


RELATED STORY: In some areas, attacks could even be of foreign interests, even criminal networks.

See Example: IMSI Catchers found planted on Whitehouse grounds
(said to be of foreign origin - details in article)

Mitigation (For Most Cases / Devices): Force 4G Only.

Linux

Settings in the Gnome / Phosh allow you to set 4G only (though this won't save on its own), it resets to allow 2g, 3g, 4g next boot.

Service sets 4G only persistence. Meaning as long as the 4g-only.service is running, 4G will be the only service allowed.

If you run into service issues for 4G, using commandline use, you can allow for 3G at anytime by running:

4g-only reset

Setting Up 4g-only Service

Simply download / clone package from Gitea onion (use torify git clone, or Tor Browser to view and download), and run the install.sh script (using sudo). This moves everything where it belongs, making a new command in our execution path, and enabling the service (by default starting 1st on your next reboot).

If you would like the service to start right away, you can run the command installed:

sudo 4g-only

Or (once running install.sh), you can start the service without reboot by issuing:

sudo systemctl start 4g-only.service

To avoid having to reboot.

What Does It Do?

Detects current modem location (does change), sets "4G / LTE Only" for that modem, on boot.

Running:

sudo 4g-only

forces 4g-only from the commandline.

If you need access to 3G as well, there is a single argument:

sudo 4g-only reset

Checking Status Of 4g-only.service

Once installed (after a reboot), you can check the status of 4g-only.service.

sudo systemctl status 4g-only.service

Once running sudo install.sh, should have 4g only every single boot 100% of the time.

If you need access to 4G + 3G (not recommended for most areas), I added the ability in the systemctl 'stop' command of the service.

And so:

sudo systemctl stop 4g-only

Won't just allow 3G, it keeps 4G preferred (by default 4g only allowed).

But for myself, and most people, I do recommend leaving the service as is, allowing 4G Only (not including 3G), if you wish to mitigate downgrade maximally.

If you notice service disruptions on 4g Only, this could be a sign of downgrade attacks. That alone IMHO, can be useful to know.

Will share more options as tested in future (check back).

Hope you find useful. ❀️ πŸ“± 🐧


NOTE: "4G only" may not be not for everyone. If you notice service disruptions, disable (for Linux phones) if you like with:

systemctl disable 4g-only.service


Another Idea: considering working on a privacy focused server solution to this to allow visitors and organize things a bit more (over 181 videos). I know it will be a great deal of work, and time management has been difficult lately. Stay tuned.


πŸ”— πŸ™Œ Thanks For Sharing posts (Reddit, Telegram, Social Media)

Enjoy this post?

Buy πŸ₯· (RTP) Privacy Tech Tips πŸ“‘ a coffee

More from πŸ₯· (RTP) Privacy Tech Tips πŸ“‘