Difference between revisions of "Detect false mobile antennas"
From Gender and Tech Resources
(4 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
== The electromagnetic spectrum == | == The electromagnetic spectrum == | ||
− | The electromagnetic spectrum or electric radio spectrum is not something material, but the space | + | The electromagnetic spectrum or electric radio spectrum is not something material, but the air space that goes from the ground to the highest part of the atmosphere. In this space, frequency bands are organized, through which airplanes, wi-fi, bluetooth, walkie talkies, radios, telephones communicate, for example 2G, 3G, 4G phone networks use different bands of the electromagnetic space, through which data is transmitted. |
For more information about the electromagnetic space: | For more information about the electromagnetic space: | ||
Line 7: | Line 7: | ||
== What is a fake cell tower?== | == What is a fake cell tower?== | ||
− | Fake cell towers (also known as IMSI | + | Fake cell towers (also known as IMSI catchers) are devices designed to intercept the traffic of a mobile phone and track the movements of the user's phone <ref>https://en.wikipedia.org/wiki/IMSI-catcher </ref> pretending to be a "legitimate" cell tower <ref>https://www.eff.org/sls/tech/cell-site-simulators </ref>. |
[[File:Imsi-catcher.png|thumb|none|alt=Esquema torre falsa.|Esquema de una torre falsa de celular (modificado de [http://cybernc.com/les-imsi-catchers/ Henri-Olivier]).]] | [[File:Imsi-catcher.png|thumb|none|alt=Esquema torre falsa.|Esquema de una torre falsa de celular (modificado de [http://cybernc.com/les-imsi-catchers/ Henri-Olivier]).]] | ||
− | + | From the way they work IMSI catchers are considered to execute "man in the middle" attacks <ref>https://en.wikipedia.org/wiki/Man-in-the-middle_attack</ref>. This is defined as an attack that acquires the ability to read, insert and modify at will, messages between two parties without either of them knowing that the link between them has been compromised. The attacker should be able to observe and intercept messages between the two victims <ref>https://en.wikipedia.org/wiki/IntermediateAccess </ref> | |
− | There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then | + | There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then received a mass text message stating: "Dear subscriber, you have been registered As a participant in a mass disturbance "<ref>https://antivigilancia.org/es/2015/06/la-vigilancia-y-la-protesta-social/ </ref>. In Latin America, it is known that governments, such as Mexico and Colombia, have bought such devices. |
− | Unfortunately fake cell towers are becoming easier to get and their price can be as low as | + | Unfortunately fake cell towers are becoming easier to get and their price can be as low as 500 USD. Depending on the model there is evidence that IMSI catchers can not only can intercept phone traffic, but also can also inject malware. |
− | + | ==How to detect them? == | |
− | A first step | + | A first step is to have a database of the "legitimate" cell towers and the list of legitimate companies that provide these services with the necessary operating permits. Some of these databases exist, such as: http://opencellid.org/ |
[[File:Opencell.png|thumbnail|center|Torres en en América Latina]] | [[File:Opencell.png|thumbnail|center|Torres en en América Latina]] | ||
− | There is also information about the frequencies | + | There is also information available about the frequencies on which they should operate: |
http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico | http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico | ||
[[File:Frecuencia.png|thumbnail|center|63/5000 | [[File:Frecuencia.png|thumbnail|center|63/5000 | ||
− | Example of frequencies | + | Example of frequencies on which cellular networks can operate]] |
And you can have a look at the development of the GSM network: | And you can have a look at the development of the GSM network: | ||
Line 40: | Line 40: | ||
[[File:AIMSICD-Teaser.png|400px|thumbnail|center|AIMSICD]] | [[File:AIMSICD-Teaser.png|400px|thumbnail|center|AIMSICD]] | ||
− | Android IMSI Catcher Detector attempts to detect IMSI-Catchers through detection methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check | + | Android IMSI Catcher Detector attempts to detect IMSI-Catchers through detection methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check neighbouring cell info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells |
[https://opensource.srlabs.de/projects/snoopsnitch Snoopsnitch] | [https://opensource.srlabs.de/projects/snoopsnitch Snoopsnitch] | ||
Line 46: | Line 46: | ||
[[File:Sc catcher hour.png|200px|thumbnail|center|Snoopsnitch]] | [[File:Sc catcher hour.png|200px|thumbnail|center|Snoopsnitch]] | ||
− | SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats | + | SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats such as fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It requires root priviliges to capture mobile network data. |
== How to protect yourself from fake cell towers?== | == How to protect yourself from fake cell towers?== | ||
Line 67: | Line 67: | ||
== The electromagnetic spectrum == | == The electromagnetic spectrum == | ||
− | The electromagnetic spectrum or electric radio spectrum is not something material, but the air space | + | The electromagnetic spectrum or electric radio spectrum is not something material, but the air space from the ground to the highest part of the atmosphere. Frequency bands are organized in this space, which airplanes, wi-fi, bluetooth, walkie talkies, radios, and telephones use to communicate, for example 2G, 3G, 4G phone networks all use different bands of the electromagnetic space. |
For more information about the electromagnetic space: | For more information about the electromagnetic space: | ||
Line 74: | Line 74: | ||
== What is a fake cell tower?== | == What is a fake cell tower?== | ||
− | Fake cell towers (also known as IMSI catchers) are devices designed to intercept the traffic | + | Fake cell towers (also known as IMSI catchers) are devices designed to intercept the traffic and possibly track the movements of of a mobile phone by <ref>https://en.wikipedia.org/wiki/IMSI-catcher </ref> pretending to be a "legitimate" cell tower <ref>https://www.eff.org/sls/tech/cell-site-simulators </ref>. |
− | [[File:Imsi-catcher.png|thumb|none|alt=Esquema torre falsa.| | + | [[File:Imsi-catcher.png|thumb|none|alt=Esquema torre falsa.| Diagram of a fake cell tower (taken from [http://cybernc.com/les-imsi-catchers/ Henri-Olivier]).]] |
− | + | IMSI catcher attacks are "man in the middle" attacks <ref>https://en.wikipedia.org/wiki/Man-in-the-middle_attack</ref>. This is defined as an action that gives the attacker the ability to read, insert and modify at will, messages between two parties without either of them knowing that the link between them has been compromised. The attacker is able to observe and intercept messages between the two victims <ref>https://en.wikipedia.org/wiki/IntermediateAccess </ref> | |
− | There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then received a mass text message stating: "Dear subscriber, you have been registered | + | There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then received a mass text message stating: "Dear subscriber, you have been registered as a participant in a mass disturbance "<ref>https://antivigilancia.org/es/2015/06/la-vigilancia-y-la-protesta-social/ </ref>. In Latin America it is known that governments, such as Mexico and Colombia, have bought IMSI Catchers. |
− | Unfortunately fake cell towers are becoming easier to | + | Unfortunately fake cell towers are becoming easier to buy and their price can be as low as 500 USD. Depending on the model there is evidence that IMSI catchers can not only intercept phone traffic, but also can also inject malware. |
− | + | ==How to detect them? == | |
− | A first step is to have a database of | + | A first step is to have a database of "legitimate" cell towers and the list of legitimate companies that provide these services with the necessary operating permits. In some places these databases exist, such as: http://opencellid.org/ |
− | [[File:Opencell.png|thumbnail|center| | + | [[File:Opencell.png|thumbnail|center|Towers in Latin America]] |
− | There is also information available about the frequencies on which they should operate: | + | There is also information publicly available about the frequencies on which they should operate: |
http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico | http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico | ||
Line 95: | Line 95: | ||
Example of frequencies on which cellular networks can operate]] | Example of frequencies on which cellular networks can operate]] | ||
− | And you can | + | And you can also monitor the development of the GSM network: |
http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico | http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico | ||
− | There are also some applications that can be downloaded from | + | There are also some applications that can be downloaded from F-Droid |
− | F-Droid is | + | (F-Droid is an alternative to Google Play Centre, where you can download free and open source Android apps independently of Google) |
− | + | To detect possible false antennas: | |
[http://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/ Android IMSI Catcher Detector] | [http://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/ Android IMSI Catcher Detector] | ||
Line 107: | Line 107: | ||
[[File:AIMSICD-Teaser.png|400px|thumbnail|center|AIMSICD]] | [[File:AIMSICD-Teaser.png|400px|thumbnail|center|AIMSICD]] | ||
− | Android IMSI Catcher Detector attempts to detect IMSI-Catchers through | + | Android IMSI Catcher Detector attempts to detect IMSI-Catchers through methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check neighbouring cell info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells |
[https://opensource.srlabs.de/projects/snoopsnitch Snoopsnitch] | [https://opensource.srlabs.de/projects/snoopsnitch Snoopsnitch] | ||
Line 113: | Line 113: | ||
[[File:Sc catcher hour.png|200px|thumbnail|center|Snoopsnitch]] | [[File:Sc catcher hour.png|200px|thumbnail|center|Snoopsnitch]] | ||
− | SnoopSnitch is an Android app that collects and analyzes mobile radio data | + | SnoopSnitch is an Android app that collects and analyzes mobile radio data and can warn you about threats such as fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It also requires root privileges to capture mobile network data. |
== How to protect yourself from fake cell towers?== | == How to protect yourself from fake cell towers?== | ||
− | + | Some phones allow you to change their configuration options so that they do not connect to all available cell towers. For example on an Android phone you can go to: Settings > Wireless and networks > More > Mobile networks and there you can change > Preferred network type GSM/UTMS to using 3G or 4G. Also, if the option is available, choose <Network operators > Select antennas manually. | |
− | You can also isolate your mobile using a Faraday phone pouch, please | + | You can also isolate your mobile using a Faraday phone pouch, please this tutorial on the topic <ref>https://gendersec.tacticaltech.org/wiki/index.php/Faraday_Phone_Pouch</ref> |
<gallery> | <gallery> |
Latest revision as of 09:11, 20 March 2017
Contents
- 1 The electromagnetic spectrum
- 2 What is a fake cell tower?
- 3 How to detect them?
- 4 How to protect yourself from fake cell towers?
- 5 Where can I see more information?
- 6 The electromagnetic spectrum
- 7 What is a fake cell tower?
- 8 How to detect them?
- 9 How to protect yourself from fake cell towers?
- 10 Where can I see more information?
The electromagnetic spectrum
The electromagnetic spectrum or electric radio spectrum is not something material, but the air space that goes from the ground to the highest part of the atmosphere. In this space, frequency bands are organized, through which airplanes, wi-fi, bluetooth, walkie talkies, radios, telephones communicate, for example 2G, 3G, 4G phone networks use different bands of the electromagnetic space, through which data is transmitted.
For more information about the electromagnetic space: https://imagine.gsfc.nasa.gov/science/toolbox/emspectrum1.html https://en.wikipedia.org/wiki/Electromagnetic_spectrum
What is a fake cell tower?
Fake cell towers (also known as IMSI catchers) are devices designed to intercept the traffic of a mobile phone and track the movements of the user's phone [1] pretending to be a "legitimate" cell tower [2].
From the way they work IMSI catchers are considered to execute "man in the middle" attacks [3]. This is defined as an attack that acquires the ability to read, insert and modify at will, messages between two parties without either of them knowing that the link between them has been compromised. The attacker should be able to observe and intercept messages between the two victims [4]
There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then received a mass text message stating: "Dear subscriber, you have been registered As a participant in a mass disturbance "[5]. In Latin America, it is known that governments, such as Mexico and Colombia, have bought such devices.
Unfortunately fake cell towers are becoming easier to get and their price can be as low as 500 USD. Depending on the model there is evidence that IMSI catchers can not only can intercept phone traffic, but also can also inject malware.
How to detect them?
A first step is to have a database of the "legitimate" cell towers and the list of legitimate companies that provide these services with the necessary operating permits. Some of these databases exist, such as: http://opencellid.org/
There is also information available about the frequencies on which they should operate: http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico
And you can have a look at the development of the GSM network:
http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico
There are also some applications that can be downloaded from the following free app repository: F-Droid is a software repository (or "app store") for Android applications, similar to the Google Play store. The main repository, hosted by the project, contains only apps which are free software. Applications can be browsed and installed from the F-Droid website or client app without the need to register for an account. "Anti-features" such as advertising, user tracking, or dependence on non-free software are flagged in app descriptions.[3] The website also offers the source code of applications it hosts as well as the software running the F-Droid server, allowing anyone to set up their own app repository.
In order to detect possible false antennas, you can download from F-Droid the following applications:
Android IMSI Catcher Detector attempts to detect IMSI-Catchers through detection methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check neighbouring cell info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells
SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats such as fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It requires root priviliges to capture mobile network data.
How to protect yourself from fake cell towers?
If your phone allows it you can change its configuration options so that it does not connect to all available cell towers. For example on an Android phone you can go to: Configuration > Wireless and networks > More configuration > Mobile networks and there you can change > Network preferences GSM/UTMS for using 3G or 4G if your smart-phone allows it and also choose for > Network operators > Choosing manually the antennas to connect.
You can also isolate your mobile using a Faraday phone pouch, please read this other tutorial on the topic [6]
Where can I see more information?
http://wiki.labomedia.org/index.php/GSM https://quematumovil.pimienta.org/los_imsi-catchers.html
The electromagnetic spectrum
The electromagnetic spectrum or electric radio spectrum is not something material, but the air space from the ground to the highest part of the atmosphere. Frequency bands are organized in this space, which airplanes, wi-fi, bluetooth, walkie talkies, radios, and telephones use to communicate, for example 2G, 3G, 4G phone networks all use different bands of the electromagnetic space.
For more information about the electromagnetic space: https://imagine.gsfc.nasa.gov/science/toolbox/emspectrum1.html https://en.wikipedia.org/wiki/Electromagnetic_spectrum
What is a fake cell tower?
Fake cell towers (also known as IMSI catchers) are devices designed to intercept the traffic and possibly track the movements of of a mobile phone by [7] pretending to be a "legitimate" cell tower [8].
IMSI catcher attacks are "man in the middle" attacks [9]. This is defined as an action that gives the attacker the ability to read, insert and modify at will, messages between two parties without either of them knowing that the link between them has been compromised. The attacker is able to observe and intercept messages between the two victims [10]
There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then received a mass text message stating: "Dear subscriber, you have been registered as a participant in a mass disturbance "[11]. In Latin America it is known that governments, such as Mexico and Colombia, have bought IMSI Catchers.
Unfortunately fake cell towers are becoming easier to buy and their price can be as low as 500 USD. Depending on the model there is evidence that IMSI catchers can not only intercept phone traffic, but also can also inject malware.
How to detect them?
A first step is to have a database of "legitimate" cell towers and the list of legitimate companies that provide these services with the necessary operating permits. In some places these databases exist, such as: http://opencellid.org/
There is also information publicly available about the frequencies on which they should operate: http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico
And you can also monitor the development of the GSM network:
http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico
There are also some applications that can be downloaded from F-Droid (F-Droid is an alternative to Google Play Centre, where you can download free and open source Android apps independently of Google)
To detect possible false antennas:
Android IMSI Catcher Detector attempts to detect IMSI-Catchers through methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check neighbouring cell info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells
SnoopSnitch is an Android app that collects and analyzes mobile radio data and can warn you about threats such as fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It also requires root privileges to capture mobile network data.
How to protect yourself from fake cell towers?
Some phones allow you to change their configuration options so that they do not connect to all available cell towers. For example on an Android phone you can go to: Settings > Wireless and networks > More > Mobile networks and there you can change > Preferred network type GSM/UTMS to using 3G or 4G. Also, if the option is available, choose <Network operators > Select antennas manually.
You can also isolate your mobile using a Faraday phone pouch, please this tutorial on the topic [12]
Where can I see more information?
http://wiki.labomedia.org/index.php/GSM
https://quematumovil.pimienta.org/los_imsi-catchers.html- ↑ https://en.wikipedia.org/wiki/IMSI-catcher
- ↑ https://www.eff.org/sls/tech/cell-site-simulators
- ↑ https://en.wikipedia.org/wiki/Man-in-the-middle_attack
- ↑ https://en.wikipedia.org/wiki/IntermediateAccess
- ↑ https://antivigilancia.org/es/2015/06/la-vigilancia-y-la-protesta-social/
- ↑ https://gendersec.tacticaltech.org/wiki/index.php/Faraday_Phone_Pouch
- ↑ https://en.wikipedia.org/wiki/IMSI-catcher
- ↑ https://www.eff.org/sls/tech/cell-site-simulators
- ↑ https://en.wikipedia.org/wiki/Man-in-the-middle_attack
- ↑ https://en.wikipedia.org/wiki/IntermediateAccess
- ↑ https://antivigilancia.org/es/2015/06/la-vigilancia-y-la-protesta-social/
- ↑ https://gendersec.tacticaltech.org/wiki/index.php/Faraday_Phone_Pouch