Revision as of 13:59, 1 February 2017

The electromagnetic spectrum

The electromagnetic spectrum or electric radio spectrum is not something material, but the space that is in the air that goes from the ground to the highest part of the sky. In this space, bands frequencies through which airplanes, wi-fi, bluetooth, walkie talkies, radios, telephones communicate are organized. The fact that our phones can be 2G, 3G, 4G means that they are using different bands of the electromagnetic space, through which the information circulates.

For more information about the electromagnetic space: https://imagine.gsfc.nasa.gov/science/toolbox/emspectrum1.html https://en.wikipedia.org/wiki/Electromagnetic_spectrum

What is a fake cell tower?

Fake cell towers (also known as IMSI catcher) are devices designed to intercept the traffic of a mobile phone and track the movements of the user's phone ^[1] pretending to be a "legitimate" cell tower ^[2].

Esquema de una torre falsa de celular (modificado de Henri-Olivier).

By the way they work IMSI catcher are considered a "man in the middle" attack ^[3]. This is defined as an attack that acquires the ability to read, insert and modify at will, messages between two parties without any of them knowing that the link between them has been violated. The attacker should be able to observe and intercept messages between the two victims ^[4]

There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then massively received a text message stating "Dear subscriber, you have been registered As a participant in a mass disturbance "^[5]. In Latin America, it is known that governments like Mexico and Colombia have bought such devices.

Unfortunately fake cell towers are becoming easier to get and their price can be as low as $ 500. Depending on the model there is evidence that not only can intercept the traffic of a phone but also can also inject malware.

Bold text==How to detect them? ==

A first step would be to have a database of the "legitimate" cell towers and the list of legitimate companies that provide these services and have the necessary operating permits. There are some databases such as: http://opencellid.org/

Torres en en América Latina

There is also information about the frequencies where they should operate: http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

63/5000 Example of frequencies in which cellular telephony can operate

And you can have a look at the development of the GSM network:

http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

There are also some applications that can be downloaded from the following free app repository: F-Droid is a software repository (or "app store") for Android applications, similar to the Google Play store. The main repository, hosted by the project, contains only apps which are free software. Applications can be browsed and installed from the F-Droid website or client app without the need to register for an account. "Anti-features" such as advertising, user tracking, or dependence on non-free software are flagged in app descriptions.[3] The website also offers the source code of applications it hosts as well as the software running the F-Droid server, allowing anyone to set up their own app repository.

In order to detect possible false antennas, you can download from F-Droid the following applications:

Android IMSI Catcher Detector

AIMSICD

Android IMSI Catcher Detector attempts to detect IMSI-Catchers through detection methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check Neighbouring Cell Info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells

Snoopsnitch

Snoopsnitch

SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It requires root priviliges to capture mobile network data.

¿Como protegerse de las torres falsas de celular?

Si tu teléfono lo permite puedes cambiar sus opciones de configuración para que no se conecte a todas las torres de celular disponibles. Por ejemplo en un celular con Android puedes ir a

Ajustes  
->  Conexiones inalámbricas y redes 
   -> Más ajustes -> Redes móviles 

Y en este punto debes cambiar en

-> Preferencias de red GSM/UTMS

para usar 3G o 4G si te lo permite

-> Operadores de red

Para elegir manualmente la antena a conectar

También si es necesario puedes aislar electro magnéticamente a tu celular, ver por ejemplo: Funda de Faraday para el teléfono^[6].

• 

  Funda para celular

¿Dónde puedo ver más información?

http://wiki.labomedia.org/index.php/GSM

1. ↑ https://en.wikipedia.org/wiki/IMSI-catcher
2. ↑ https://www.eff.org/sls/tech/cell-site-simulators
3. ↑ https://en.wikipedia.org/wiki/Man-in-the-middle_attack
4. ↑ https://en.wikipedia.org/wiki/IntermediateAccess
5. ↑ https://antivigilancia.org/es/2015/06/la-vigilancia-y-la-protesta-social/
6. ↑ https://gendersec.tacticaltech.org/wiki/index.php/Funda_de_Faraday_para_el_tel%C3%A9fono_m%C3%B3vil