Difference between revisions of "Detect false mobile antennas"

From Gender and Tech Resources

(What is a fake cell tower?)
(¿Cómo detectarlas?)
Line 16: Line 16:
 
Unfortunately fake cell towers are becoming easier to get and their price can be as low as $ 500. Depending on the model there is evidence that not only can intercept the traffic of a phone but also can also inject malware.
 
Unfortunately fake cell towers are becoming easier to get and their price can be as low as $ 500. Depending on the model there is evidence that not only can intercept the traffic of a phone but also can also inject malware.
  
==¿Cómo detectarlas? ==
+
'''Bold text'''==How to detect them? ==
  
Un primer paso consistiría en poder contar con una base de datos de las torres de celular "legítimas" es decir las que las compañías que proveen estos servicios reconocen  y cuentan con los permisos de operación necesarios. Existen algunas bases de datos como:
+
A first step would be to have a database of the "legitimate" cell towers and the list of legitimate companies that provide these services and have the necessary operating permits. There are some databases such as:  http://opencellid.org/
  http://opencellid.org/
+
  
 
[[File:Opencell.png|thumbnail|center|Torres en en América Latina]]
 
[[File:Opencell.png|thumbnail|center|Torres en en América Latina]]
  
También hay existe información sobre la frecuencia en la que operan:
+
There is also information about the frequencies where they should operate:
 
http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico
 
http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico
  
[[File:Frecuencia.png|thumbnail|center|Ejemplo de frecuencias en las que se opera la telefonía celular]]
+
[[File:Frecuencia.png|thumbnail|center|63/5000
 +
Example of frequencies in which cellular telephony can operate]]
  
 
+
And you can have a look at the development of the GSM network:
Y del desarrollo de la red GSM:
+
 
  http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico
 
  http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico
  
Existen también algunas aplicaciones que se pueden descargar desde el siguiente repositorio libre de apps:
+
There are also some applications that can be downloaded from the following free app repository:
 +
F-Droid is a software repository (or "app store") for Android applications, similar to the Google Play store. The main repository, hosted by the project, contains only apps which are free software. Applications can be browsed and installed from the F-Droid website or client app without the need to register for an account. "Anti-features" such as advertising, user tracking, or dependence on non-free software are flagged in app descriptions.[3] The website also offers the source code of applications it hosts as well as the software running the F-Droid server, allowing anyone to set up their own app repository.
  
F-Droid es un repositorio de software (o "tienda de aplicaciones") para las aplicaciones de Android, funciona de manera similar a la tienda de Google Play, pero sólo contiene software libre y de código abierto.1 Las aplicaciones pueden buscarse e instalarse desde la página web de F-Droid o directamente desde la aplicación (la cual no está disponible en Google Play store pero puede ser instalada mediante sideloading (transferir fichero desde ordenador a dispositivo móvil).La aplicación de F-Droid actualizará de forma automática las aplicaciones descargadas de este mismo. Además la web ofrece el código fuente de todas las aplicaciones descargables.
+
In order to detect possible false antennas, you can download from F-Droid the following applications:
 
+
Para detectar posibles antenas falsas, puedes descargar desde F-Droid las siguientes aplicaciones:
+
  
 
[http://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/ Android IMSI Catcher Detector]
 
[http://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/ Android IMSI Catcher Detector]
  
 
[[File:AIMSICD-Teaser.png|400px|thumbnail|center|AIMSICD]]
 
[[File:AIMSICD-Teaser.png|400px|thumbnail|center|AIMSICD]]
 +
 +
Android IMSI Catcher Detector attempts to detect IMSI-Catchers through detection methods such as: Check Tower Information Consistency,  Check LAC/Cell ID Consistency, check Neighbouring Cell Info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells
  
 
[https://opensource.srlabs.de/projects/snoopsnitch Snoopsnitch]
 
[https://opensource.srlabs.de/projects/snoopsnitch Snoopsnitch]
Line 46: Line 46:
 
[[File:Sc catcher hour.png|200px|thumbnail|center|Snoopsnitch]]
 
[[File:Sc catcher hour.png|200px|thumbnail|center|Snoopsnitch]]
  
Y desde Google play puedes descargar:
+
SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It requires root priviliges to capture mobile network data.
 
+
''Stingwatch'' https://www.stingraymappingproject.org/
+
 
+
https://play.google.com/apps/testing/org.stingraymappingproject.sting_watch
+
  
 
==¿Como protegerse de las torres falsas de celular?==
 
==¿Como protegerse de las torres falsas de celular?==

Revision as of 13:59, 1 February 2017

The electromagnetic spectrum

The electromagnetic spectrum or electric radio spectrum is not something material, but the space that is in the air that goes from the ground to the highest part of the sky. In this space, bands frequencies through which airplanes, wi-fi, bluetooth, walkie talkies, radios, telephones communicate are organized. The fact that our phones can be 2G, 3G, 4G means that they are using different bands of the electromagnetic space, through which the information circulates.

For more information about the electromagnetic space: https://imagine.gsfc.nasa.gov/science/toolbox/emspectrum1.html https://en.wikipedia.org/wiki/Electromagnetic_spectrum

What is a fake cell tower?

Fake cell towers (also known as IMSI catcher) are devices designed to intercept the traffic of a mobile phone and track the movements of the user's phone [1] pretending to be a "legitimate" cell tower [2].

Esquema torre falsa.
Esquema de una torre falsa de celular (modificado de Henri-Olivier).

By the way they work IMSI catcher are considered a "man in the middle" attack [3]. This is defined as an attack that acquires the ability to read, insert and modify at will, messages between two parties without any of them knowing that the link between them has been violated. The attacker should be able to observe and intercept messages between the two victims [4]

There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then massively received a text message stating "Dear subscriber, you have been registered As a participant in a mass disturbance "[5]. In Latin America, it is known that governments like Mexico and Colombia have bought such devices.

Unfortunately fake cell towers are becoming easier to get and their price can be as low as $ 500. Depending on the model there is evidence that not only can intercept the traffic of a phone but also can also inject malware.

Bold text==How to detect them? ==

A first step would be to have a database of the "legitimate" cell towers and the list of legitimate companies that provide these services and have the necessary operating permits. There are some databases such as: http://opencellid.org/

Torres en en América Latina

There is also information about the frequencies where they should operate: http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

63/5000 Example of frequencies in which cellular telephony can operate

And you can have a look at the development of the GSM network:

http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

There are also some applications that can be downloaded from the following free app repository: F-Droid is a software repository (or "app store") for Android applications, similar to the Google Play store. The main repository, hosted by the project, contains only apps which are free software. Applications can be browsed and installed from the F-Droid website or client app without the need to register for an account. "Anti-features" such as advertising, user tracking, or dependence on non-free software are flagged in app descriptions.[3] The website also offers the source code of applications it hosts as well as the software running the F-Droid server, allowing anyone to set up their own app repository.

In order to detect possible false antennas, you can download from F-Droid the following applications:

Android IMSI Catcher Detector

AIMSICD

Android IMSI Catcher Detector attempts to detect IMSI-Catchers through detection methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check Neighbouring Cell Info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells

Snoopsnitch

Snoopsnitch

SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It requires root priviliges to capture mobile network data.

¿Como protegerse de las torres falsas de celular?

Si tu teléfono lo permite puedes cambiar sus opciones de configuración para que no se conecte a todas las torres de celular disponibles. Por ejemplo en un celular con Android puedes ir a

Ajustes  
->  Conexiones inalámbricas y redes 
   -> Más ajustes -> Redes móviles 

Y en este punto debes cambiar en

-> Preferencias de red GSM/UTMS

para usar 3G o 4G si te lo permite

-> Operadores de red

Para elegir manualmente la antena a conectar

También si es necesario puedes aislar electro magnéticamente a tu celular, ver por ejemplo: Funda de Faraday para el teléfono[6].

¿Dónde puedo ver más información?

http://wiki.labomedia.org/index.php/GSM

https://quematumovil.pimienta.org/los_imsi-catchers.html
  1. https://en.wikipedia.org/wiki/IMSI-catcher
  2. https://www.eff.org/sls/tech/cell-site-simulators
  3. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
  4. https://en.wikipedia.org/wiki/IntermediateAccess
  5. https://antivigilancia.org/es/2015/06/la-vigilancia-y-la-protesta-social/
  6. https://gendersec.tacticaltech.org/wiki/index.php/Funda_de_Faraday_para_el_tel%C3%A9fono_m%C3%B3vil