Detect false mobile antennas

From Gender and Tech Resources

Revision as of 14:14, 16 March 2017 by Alistair (Talk | contribs)

The electromagnetic spectrum

The electromagnetic spectrum or electric radio spectrum is not something material, but the space that is in the air that goes from the ground to the highest part of the sky. In this space, bands frequencies through which airplanes, wi-fi, bluetooth, walkie talkies, radios, telephones communicate are organized. The fact that our phones can be 2G, 3G, 4G means that they are using different bands of the electromagnetic space, through which the information circulates.

For more information about the electromagnetic space: https://imagine.gsfc.nasa.gov/science/toolbox/emspectrum1.html https://en.wikipedia.org/wiki/Electromagnetic_spectrum

What is a fake cell tower?

Fake cell towers (also known as IMSI catcher) are devices designed to intercept the traffic of a mobile phone and track the movements of the user's phone [1] pretending to be a "legitimate" cell tower [2].

Esquema torre falsa.
Esquema de una torre falsa de celular (modificado de Henri-Olivier).

By the way they work IMSI catcher are considered a "man in the middle" attack [3]. This is defined as an attack that acquires the ability to read, insert and modify at will, messages between two parties without any of them knowing that the link between them has been violated. The attacker should be able to observe and intercept messages between the two victims [4]

There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then massively received a text message stating "Dear subscriber, you have been registered As a participant in a mass disturbance "[5]. In Latin America, it is known that governments like Mexico and Colombia have bought such devices.

Unfortunately fake cell towers are becoming easier to get and their price can be as low as $ 500. Depending on the model there is evidence that not only can intercept the traffic of a phone but also can also inject malware.

Bold text==How to detect them? ==

A first step would be to have a database of the "legitimate" cell towers and the list of legitimate companies that provide these services and have the necessary operating permits. There are some databases such as: http://opencellid.org/

Torres en en América Latina

There is also information about the frequencies where they should operate: http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

63/5000 Example of frequencies in which cellular telephony can operate

And you can have a look at the development of the GSM network:

http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

There are also some applications that can be downloaded from the following free app repository: F-Droid is a software repository (or "app store") for Android applications, similar to the Google Play store. The main repository, hosted by the project, contains only apps which are free software. Applications can be browsed and installed from the F-Droid website or client app without the need to register for an account. "Anti-features" such as advertising, user tracking, or dependence on non-free software are flagged in app descriptions.[3] The website also offers the source code of applications it hosts as well as the software running the F-Droid server, allowing anyone to set up their own app repository.

In order to detect possible false antennas, you can download from F-Droid the following applications:

Android IMSI Catcher Detector

AIMSICD

Android IMSI Catcher Detector attempts to detect IMSI-Catchers through detection methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check Neighbouring Cell Info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells

Snoopsnitch

Snoopsnitch

SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It requires root priviliges to capture mobile network data.

How to protect yourself from fake cell towers?

If your phone allows it you can change its configuration options so that it does not connect to all available cell towers. For example on an Android phone you can go to: Configuration > Wireless and networks > More configuration > Mobile networks and there you can change > Network preferences GSM/UTMS for using 3G or 4G if your smart-phone allows it and also choose for > Network operators > Choosing manually the antennas to connect.

You can also isolate your mobile using a Faraday phone pouch, please read this other tutorial on the topic [6]

Where can I see more information?

http://wiki.labomedia.org/index.php/GSM https://quematumovil.pimienta.org/los_imsi-catchers.html


The electromagnetic spectrum

The electromagnetic spectrum or electric radio spectrum is not something material, but the air space that goes from the ground to the highest part of the atmosphere. In this space, frequency bands are organized, through which airplanes, wi-fi, bluetooth, walkie talkies, radios, telephones communicate, for example 2G, 3G, 4G phone networks use different bands of the electromagnetic space, through which data is transmitted.

For more information about the electromagnetic space: https://imagine.gsfc.nasa.gov/science/toolbox/emspectrum1.html https://en.wikipedia.org/wiki/Electromagnetic_spectrum

What is a fake cell tower?

Fake cell towers (also known as IMSI catchers) are devices designed to intercept the traffic of a mobile phone and track the movements of the user's phone [7] pretending to be a "legitimate" cell tower [8].

Esquema torre falsa.
Esquema de una torre falsa de celular (modificado de Henri-Olivier).

From the way they work IMSI catchers are considered to execute "man in the middle" attacks [9]. This is defined as an attack that acquires the ability to read, insert and modify at will, messages between two parties without either of them knowing that the link between them has been compromised. The attacker should be able to observe and intercept messages between the two victims [10]

There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then received a mass text message stating: "Dear subscriber, you have been registered As a participant in a mass disturbance "[11]. In Latin America, it is known that governments, such as Mexico and Colombia, have bought such devices.

Unfortunately fake cell towers are becoming easier to get and their price can be as low as 500 USD. Depending on the model there is evidence that IMSI catchers can not only can intercept phone traffic, but also can also inject malware.

Bold text==How to detect them? ==

A first step is to have a database of the "legitimate" cell towers and the list of legitimate companies that provide these services with the necessary operating permits. Some of these databases exist, such as: http://opencellid.org/

Torres en en América Latina

There is also information available about the frequencies on which they should operate: http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

63/5000 Example of frequencies on which cellular networks can operate

And you can have a look at the development of the GSM network:

http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

There are also some applications that can be downloaded from the following free app repository: F-Droid is a software repository (or "app store") for Android applications, similar to the Google Play store. The main repository, hosted by the project, contains only apps which are free software. Applications can be browsed and installed from the F-Droid website or client app without the need to register for an account. "Anti-features" such as advertising, user tracking, or dependence on non-free software are flagged in app descriptions.[3] The website also offers the source code of applications it hosts as well as the software running the F-Droid server, allowing anyone to set up their own app repository.

In order to detect possible false antennas, you can download from F-Droid the following applications:

Android IMSI Catcher Detector

AIMSICD

Android IMSI Catcher Detector attempts to detect IMSI-Catchers through detection methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check neighbouring cell info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells

Snoopsnitch

Snoopsnitch

SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats such as fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It requires root priviliges to capture mobile network data.

How to protect yourself from fake cell towers?

If your phone allows it you can change its configuration options so that it does not connect to all available cell towers. For example on an Android phone you can go to: Configuration > Wireless and networks > More configuration > Mobile networks and there you can change > Network preferences GSM/UTMS for using 3G or 4G if your smart-phone allows it and also choose for > Network operators > Choosing manually the antennas to connect.

You can also isolate your mobile using a Faraday phone pouch, please read this other tutorial on the topic [12]

Where can I see more information?

http://wiki.labomedia.org/index.php/GSM https://quematumovil.pimienta.org/los_imsi-catchers.html


The electromagnetic spectrum

The electromagnetic spectrum or electric radio spectrum is not something material, but the air space that goes from the ground to the highest part of the atmosphere. In this space, frequency bands are organized, through which airplanes, wi-fi, bluetooth, walkie talkies, radios, telephones communicate, for example 2G, 3G, 4G phone networks use different bands of the electromagnetic space, through which data is transmitted.

For more information about the electromagnetic space: https://imagine.gsfc.nasa.gov/science/toolbox/emspectrum1.html https://en.wikipedia.org/wiki/Electromagnetic_spectrum

What is a fake cell tower?

Fake cell towers (also known as IMSI catchers) are devices designed to intercept the traffic of a mobile phone and track the movements of the user's phone [13] pretending to be a "legitimate" cell tower [14].

Esquema torre falsa.
Esquema de una torre falsa de celular (modificado de Henri-Olivier).

From the way they work IMSI catchers are considered to execute "man in the middle" attacks [15]. This is defined as an attack that acquires the ability to read, insert and modify at will, messages between two parties without either of them knowing that the link between them has been compromised. The attacker should be able to observe and intercept messages between the two victims [16]

There is evidence that such devices have been used for surveillance purposes, for example in Ukraine the mobile phones of those attending a large demonstration were tracked and then received a mass text message stating: "Dear subscriber, you have been registered As a participant in a mass disturbance "[17]. In Latin America, it is known that governments, such as Mexico and Colombia, have bought such devices.

Unfortunately fake cell towers are becoming easier to get and their price can be as low as 500 USD. Depending on the model there is evidence that IMSI catchers can not only can intercept phone traffic, but also can also inject malware.

Bold text==How to detect them? ==

A first step is to have a database of the "legitimate" cell towers and the list of legitimate companies that provide these services with the necessary operating permits. Some of these databases exist, such as: http://opencellid.org/

Torres en en América Latina

There is also information available about the frequencies on which they should operate: http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

63/5000 Example of frequencies on which cellular networks can operate

And you can have a look at the development of the GSM network:

http://www.spectrummonitoring.com/frequencies/frequencies2.html#Mexico

There are also some applications that can be downloaded from the following free app repository: F-Droid is a software repository (or "app store") for Android applications, similar to the Google Play store. The main repository, hosted by the project, contains only apps which are free software. Applications can be browsed and installed from the F-Droid website or client app without the need to register for an account. "Anti-features" such as advertising, user tracking, or dependence on non-free software are flagged in app descriptions.[3] The website also offers the source code of applications it hosts as well as the software running the F-Droid server, allowing anyone to set up their own app repository.

In order to detect possible false antennas, you can download from F-Droid the following applications:

Android IMSI Catcher Detector

AIMSICD

Android IMSI Catcher Detector attempts to detect IMSI-Catchers through detection methods such as: Check Tower Information Consistency, Check LAC/Cell ID Consistency, check neighbouring cell info, prevent silent app installations, monitor Signal Strength, detect silent SMS and detect FemtoCells

Snoopsnitch

Snoopsnitch

SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats such as fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM (or a suitable custom ROM with Qualcomm DIAG driver). It requires root priviliges to capture mobile network data.

How to protect yourself from fake cell towers?

If your phone allows it you can change its configuration options so that it does not connect to all available cell towers. For example on an Android phone you can go to: Configuration > Wireless and networks > More configuration > Mobile networks and there you can change > Network preferences GSM/UTMS for using 3G or 4G if your smart-phone allows it and also choose for > Network operators > Choosing manually the antennas to connect.

You can also isolate your mobile using a Faraday phone pouch, please read this other tutorial on the topic [18]

Where can I see more information?

http://wiki.labomedia.org/index.php/GSM

https://quematumovil.pimienta.org/los_imsi-catchers.html
  1. https://en.wikipedia.org/wiki/IMSI-catcher
  2. https://www.eff.org/sls/tech/cell-site-simulators
  3. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
  4. https://en.wikipedia.org/wiki/IntermediateAccess
  5. https://antivigilancia.org/es/2015/06/la-vigilancia-y-la-protesta-social/
  6. https://gendersec.tacticaltech.org/wiki/index.php/Faraday_Phone_Pouch
  7. https://en.wikipedia.org/wiki/IMSI-catcher
  8. https://www.eff.org/sls/tech/cell-site-simulators
  9. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
  10. https://en.wikipedia.org/wiki/IntermediateAccess
  11. https://antivigilancia.org/es/2015/06/la-vigilancia-y-la-protesta-social/
  12. https://gendersec.tacticaltech.org/wiki/index.php/Faraday_Phone_Pouch
  13. https://en.wikipedia.org/wiki/IMSI-catcher
  14. https://www.eff.org/sls/tech/cell-site-simulators
  15. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
  16. https://en.wikipedia.org/wiki/IntermediateAccess
  17. https://antivigilancia.org/es/2015/06/la-vigilancia-y-la-protesta-social/
  18. https://gendersec.tacticaltech.org/wiki/index.php/Faraday_Phone_Pouch