|
|
|
|
|
|
by revelation
4105 days ago
|
|
|
Security features are not being obscured, exploits and vulnerabilities are. That, of course, is very valuable if you presume that knowledge of vulnerabilities would lead to them being closed and fixed. In this particular case, the obscurity seems nonsensical because we know very well how StingRay and IMSI catchers in general operate. The reason the vulnerabilities they exploit are not closed is down to inertia in what is a huge market. That's only half of the equation, though; the other side is that while it's a huge market, it is dominated by very few big global companies that posess the necessary resources to pursue R&D in this very specialized area of technology. This is an area where every opensource solution is easily 10, 20 years behind if there even is one at all, and they run on hardware the same age. The only curious thing here is why theres been this recent hightened interest in IMSI catchers, as the concept is very old, and why there is a particular interest in obscuring the mode of operation, as again, that is theorethically known. The only explanation I can think of is that advances in hardware have made it possible to produce a small (think truck sized) system that can crack various propietary (and generally old) encryption systems used by mobile phones in realtime and thereby gather more data than you could with an IMSI catcher telling victims to use no encryption. But then with 3G and other systems came improved encryption systems that can certainly not be broken in realtime yet. The only other explanation I can think of is that Harris has deals with various telcos to get the encryption keys beforehand, which would be worth obscuring. There is also a possibility here that I'm overthinking all of this and the typical defence contractor that is 20 years behind at all times just thinks IMSI catchers are the hot stuff and their IP they need to protect. |
|
|
I was thinking today about how countermeasures could be developed. A 'GSM base station in a box' went through my hands last year and I played with it a little before reselling/exporting it. To get a phone to signon I had to broadcast the network ID expected by the SIM, otherwise it would see the real one and go there. However, I got successful signons without having any cryptography enabled, so maybe the keys are not necessary.
It would be interesting if the Stingray would be visible with a site survey tool, I imagine it might show up as an additional base station. Maybe it would use a unique ID that did not fit the pattern of the telco's provisioning and therefore stand out.
Or maybe it steals the ID of a base station on the air and acts as a proxy, encouraging devices to signon through it because they would see the higher field strength of the Stingray.