|
|
|
|
|
|
by kw71
4107 days ago
|
|
|
> The only other explanation I can think of is that Harris has deals with various telcos to get the encryption keys beforehand, which would be worth obscuring. I was thinking today about how countermeasures could be developed. A 'GSM base station in a box' went through my hands last year and I played with it a little before reselling/exporting it. To get a phone to signon I had to broadcast the network ID expected by the SIM, otherwise it would see the real one and go there. However, I got successful signons without having any cryptography enabled, so maybe the keys are not necessary. It would be interesting if the Stingray would be visible with a site survey tool, I imagine it might show up as an additional base station. Maybe it would use a unique ID that did not fit the pattern of the telco's provisioning and therefore stand out. Or maybe it steals the ID of a base station on the air and acts as a proxy, encouraging devices to signon through it because they would see the higher field strength of the Stingray. |
|
|
https://opensource.srlabs.de/projects/snoopsnitch
The basic problem with all of them is that the chip in your device with all the information, the baseband, is a separate high-powered processor running completely propietary software, and as such can not be modified to include protection or detection features. The app above only works with root access to a phone with a Qualcomm baseband that happens to have a diagnostic interface installed, which was then reverse-engineered to pickup the necessary information.
The situation is far, far from ideal if you consider that baseband chips will actively collaborate in compromising your privacy and run embedded systems that have never been vetted and are presumably vulnerable to any number of trivial exploits such as buffer overflows.