Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Two questions on technical counter-measures:

1. Could OpenWRT + LTE modem be configured to lock onto a whitelist of known-good provider cell tower IDs?

2. If the physical location of a known-good tower is available, could a directional LTE antenna be used to ensure that tower's signal is the "strongest"?



This list:

https://opensource.srlabs.de/projects/mobile-network-assessm...

... continues to be the best checklist of suspicious or incorrect behavior that would indicate the base station to which you were connected was not a real base station.

Scroll down to the "IMSI catcher detection" table and see behaviors like:

- Cell is not advertising any neighbor cells

- The LAC of a base station changes

- Your phone sends at the highest possible power

Many of these behaviors to test are GSM specific however the attacker can perform a downgrade attack and force your 4G phone to collapse down to 2G service, thus exposing you to these.


Fake towers have always been super easy to detect. There are ways to be sneaky about it, but law enforcement doesn't care because it's not like they're going to have to face any consequences.


If they are easy to detect, could OpenWRT and GrapheneOS block them, or be driven by a crowd-sourced blocklist?


If you can crowd source a blocklist and effectively keep the cops from interfering with your efforts, then you've solved a hard problem.

If you have that level of coordination, you might be able to find something more impactful than interfering with surveillance to use it on.


IMSI catchers are not limited to law enforcement, https://news.ycombinator.com/item?id=18469118

> With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Minutes. Surveillance takes on different character when it trickles down to more ordinary, everyday users. The significance and threat from IMSI-catchers is multiplied when a lot more people can deploy one using cheap tech from Amazon and free code from Github.

Looks like U of Washington has a 2017 paper on city-scale tower anomaly detection, https://seaglass.cs.washington.edu/ & https://seaglass-web.s3.amazonaws.com/SeaGlass___PETS_2017.p...


An adversary is an adversary, law enforcement or otherwise. If you crowd source a list of that's useful in limiting your adversary's skulduggery, they're going to figure out how to become part of that crowd and "contribute" to your list in ways that make it useless.

The fix is to get the crowd to participate in some kind of hygiene/self policing activity: Not impossible, but if we had a readily available solution to that problem we wouldn't have governments that don't follow their rules in the first place


That $20 quote is for 2g.


For a while maybe. When such lists/apps become common enough then Siemens and others would just sell a addon for a fee that does a better job of spoofing the legit towers some of which they make. Then the block-lists would just become a placebo.


Sounds like cell towers have weaker identification than the average web/SSH server.


I'm not sure, but you can write a script to warn you if you are locked to an unknown cell id.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: