What happened to all the phone apps that made an effort to detect IMSI catchers, like SnoopSnitch, which appears to be abandoned (F-Droid reports some fishy anti-features?).
Probably removed by the respective app stores under pressure from law enforcement agencies. A lot of free “snoop” or network detection apps have been removed or paywalled.
My phone OS allows me to disable 2G, which I do because of SS7 vulnerability, but not 3G unfortunately.
Here is it working in action while law enforcement is flying a spy plane arouns a neighborhood
Damn… I happen to have an Orbic hotspot. I know what I’m doing instead of being productive this week.
In case you, like me, were wondering wtf stingrays are (besides a type of fish). This is from their report :
Cell-site simulators, also known as “Stingrays” or IMSI catchers, are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower.
Cell-site simulators operate by conducting a general search of all cell phones within the device’s radius, in violation of basic constitutional protections. Law enforcement use cell-site simulators to pinpoint the location of phones with greater accuracy than phone companies. Cell-site simulators can also log IMSI numbers (unique identifying numbers) of all of the mobile devices within a given area.
…
The fact that government agencies are using these devices without the utmost consideration for the privacy and rights of individuals around them is alarming but not surprising. The federal government, and in particular agencies like HSI and ICE, have a dubious and troubling relationship with overbroad collection of private data on individuals.
Wait, people didn’t know about StingRays?
They’ve been around for like a decade now.
But uh, yeah, basically, they’re fake/spoof/honeypot cell towers that man-in-the-middle all nearby cell network traffic.
This is how they do the whole… everything dragnet, all the time, basically all cop cruisers have them in them, active all the time, this is why you just don’t bring your phone to a protest unless you really know what you’re doing.
So how do they break my SSL connections?
It’s a little less about reading what you’re saying or looking at on your phone, it’s mostly about tracking where your phone goes and figuring out who you are that way.
They don’t really need to.
They get all your phone’s metadata, and thats usually enough to plug in to a bunch of other databases that they can add you to a watchlist of some kind.
I mean really at this point we are all in a giganto mega watchlist, its just that its so big that the problem is actually sorting through that list and ‘accurately’ assigning threat levels, but thats what Palantir is for.
Like, they get your IMSI code, unless you are somehow regularly/randomly resetting or spoofing that, uh, they can easily get a bunch of other info from cell providers, they just can’t (usually) specifically use that info alone to convict you of something, but…
They know who you are, roughly where you were and when.
So thats a pretty good starting point for a subsequent investigation, or just throwing it onto the dragnet data pile.
So good I need not fear about all this, because I said a very rare bunch of people to kick rocks (not directly, not knowing who they are, just in response to their words relayed anonymously by another person, and technically more rude, but I was told it was translated this way), and expressed my opinion about the current regime in my country with its leader’s biological daughter (by no measure the only one) in the room (also I was trying to fsck her), using prison castes’ names, and also my dad probably had ties to security services, making it almost certain I’m already as tagged as tagging goes personally and not by some combination of coefficients. There’s even a little probability that this has already saved my life once or twice.
Can’t recommend it.
I… uh… … what?!
You told off the leader of your country, to his daughter, in person, while apparently trying to fuck/date her, intentionally using some kind of insulting language variant I don’t think I fully understand…
… and your dad is in or connected to some kind of intelligence service.
Assuming you aren’t bullshitting and I am not misunderstanding what you said…
I would be fucking disappearing myself, and telling your dad to get the fuck out as well, if I was in that uh, situation.
… I don’t mean to be rude but this sounds like a movie plot.
… I have once actually met and had a short friendship with a man who claimed he was an exiled, ex-yakuza, who uh, lets say, demonsrated proof of this to an extent that I as another practicioner of Japanese martial arts uh, found convincing…
And I have had some… other encounters with people in my life that 99% of people would not believe actually took place…
So I am not totally discounting the validity your story here…
…but seriously?
Good fucking luck!
You told off the leader of your country, to his daughter, in person, while apparently trying to fuck/date her, intentionally using some kind of insulting language variant I don’t think I fully understand…
Thought she’s a daughter of some intelligence worker. I started accepting the thought like 10 years after the events, still not sure, a half-niece thrice removed perhaps.
Nah, I was talking more generally, not even sure if that was the reason.
Just that such an encounter is already enough visibility to get on many lists.
… and your dad is in or connected to some kind of intelligence service.
Kept some acquaintances, not the kind of connection.
I would be fucking disappearing myself, and telling your dad to get the fuck out as well, if I was in that uh, situation.
I said\did things she deemed loyalty\idiocy later. Also in “that, uh, situation” you wouldn’t have the opportunity to disappear.
Assuming you aren’t bullshitting and I am not misunderstanding what you said…
It appears she was less offended at me than those she pranked. Meaning that it may be the opposite.
Ok, thank god, I vastly misunderstood your first comment.
Nonetheless, seems like you’re in a very authoritarian, monarchichal (?) area… but… glad she found the joke endearing… I guess…
I would say though that there are always ways to disappear… if one is willing to lose/risk everything.
When someone finds one of these simulators, what would they do?
Based on this link, the proper thing to do should be to report it to the FCC. I am not sure how much Trump’s FCC will pay attention to the report, though…
Whatever you do, you shouldn’t accidentally spill saltwater on it. That could destroy a very expensive piece of spying equipment, and would be a terrible, tragic accident that could interfere with the advance of nazism.
Hang on while I fly up and spill water on a fucking plane or the side of a private building.
You’re thinking of magnets. That’s how you ruin magnets.
Report it to your favorite news media ig
Also alert your friends/colleagues that there are IMEI/IMSI scanners at the event, so that they can prepare accordingly by leaving their phone at home, putting it in a farraday bag, etc.
It doesn’t matter if there are IMSI catchers or not, they should be leaving their phones at home.
Or use GrapheneOS in airplane mode.
That’s probably best case scenario but I have one and left it at home last time.
Someone needs to document the event. 🙂
Find your anarchist friend with excess radio equipment and let them know.
It’s been tested at actual protests FYI. It works.
Use your imagination what that means you can do when you find one.
They’ve gone on record that they have not found anything at any protests so I’m not sure what you mean by “tested”.
E: can someone explain why I’m being downvoted?
“So far Rayhunter has not turned up any evidence of cell-site simulators being used to spy on protests in the US — though we have found them in use elsewhere.”
The article does point out that there are cheaper and easier options available that might be of greater concern.
Fucking cool, and also remember to leave your phone at home, or at least on airplane mode.
In airplane mode and even while turned off, phones have been known to still transmit data via background services. Leaving it behind, or a Faraday bag are the only assured options I’m aware of
Not while turned off, generally. Screen off, sure.
Edit: apparently at least some do
Thats not correct. Iphones and androids are never truly off. There are a few privacy focused phones by small makers with hardware switches for each radio. You can run android or linux on them.
There is no such thing as “off” on modern Smartphones. Even if you power it down things like the baseband prozessor and bluetooth still stay active most of the time.
If the battery is integrated into device there ist no real way to completely shut this things down.
100%. That’s why Snowden asked every visitor from the press to put their phones in the microwave before they started their interviews. Of course he didn’t turn it on, it was to function as a Faraday cage.
microwaves don’t work as faraday cages
For the curious:
The metal screen on the microwave door is designed to block the specific wavelength being used to heat your food. It isn’t a full cage and isn’t effective at blocking other frequencies.
Yes. However the frequency it blocks is ~2.45GHz which is the same frequency as WiFi, Bluetooth, etc. and used to be the only other antenna other than the cellular antenna, where the frequency ranges from 600MHz-2.5GHz.
This used to be good practice because you would first remove the sim card disabling the LTE communication, unless the hardware was compromised, and then place it in the microwave to disable all other signals.
With the introduction and proliferation of eSIM on both devices and carrier sides, removing the SIM card no longer provides much protection and the additional of many other communication methods, most notably 5GHz 802.11x, the microwave trick doesn’t really do anything either.
But it used to work.
wtf got a source on that? Sounds quite scary tbh
deleted by creator
No they don’t
Just as an example:
https://www.apple.com/icloud/find-my/
“Some devices can still send their location for up to 24 hours after they’ve been turned off or have low battery life.”
https://www.91mobiles.com/hub/exclusive-google-find-my-device-feature-phone-off
“Google began rolling out this feature as “Powered Off Finding” with the Pixel 8 series, letting users locate their phone even when it’s switched off by keeping the Bluetooth chip active.”
And those are only some of the official known possibilities
You’re a troll
I am?
Modern phones will still ping the Bluetooth low energy networks like Find My for Apple devices even when off or on airplane mode. That’s how things like AirTags work.
defeats the whole point of a phone imo. (for me personally) i only use it for music and communication. if I didn’t want communication i would just use a desktop
I believe they meant if you’re going to protests
oh yeah in that case absolutely
I just pictured someone doing the whole smash their phone and throw it out the window thing from a spy movie, but theyre just in traffic on their way to work, and it made me chuckle.
Yes, this software was developed explicitly with protests in mind.
What if the cops have a trace buster buster?
Then you would just wanna bring along your trace buster buster buster.
Who are you calling buster, buster?
Who YOU gonna call? Trace Busters?
Hey, I’m not your buster, guy.
Who you calling “guy”, champ?
[Busta Rhymes enters the chat]
FLIP MODE!
PUT YA HANDS WHERE MY EYES CAN SEE
Always crazy seeing a The Big Hit reference in the wild
What is the correct hardware?
Any of the 5 or 6 cheap wireless hotspots listed in the link in the article.
Probably should have read the article hahahah. Thanks.
In your defense, it seems like just a link to a repository.
That’s why I don’t click it. But like. I could have. I have the power. Of click.
I’ve taken too many phishing tests. I have lost the power of clicking.
Is there a good one for Canada in specific though? As far as I can tell the Orbic only works in the US, and as a result I’m not sure if I can trust the other devices, even if they’re the same ITU region. Would the TP-Link work? The docs suggest it should work in the US as well as Europe.
Cool
