This is exactly why I was railing against some of the earlier protests which featured politicians openly asking protestors to take out their phones and send texts to opt-in for fundraisers. Besides all the obvious bullshit, it put those protestors who didn’t know better at serious risk.
Thankfully, I haven’t seen too much of that at the protests I’ve been to recently, but this is a good reminder that we have to keep educating people to leave their phone at home.
Pass paper notes
At protests you should not bring your smartphone but instead rely on anonymous drvices such as Meshtastic.
If you want to bring your smartphone to a protest, set Airplane mode and communicate with others through Bluetooth or WiFi networks using Briar or Bitchat
Bluetooth and WiFi can be tracked as well, even with “anonymized” WiFi MAC addresses.
May I ask you how? Or if you have more info? No criticism here, honest question. Afaik the only way to do that would be to fingerprint a behavioural pattern, which albeit possible is surely more secure than cell communication.
The “find my” networks still function with randomized macs and “fully” powered down devices
Meshtastic with 3 jumps would be stretching for actual communication. Plus Bluetooth is even worse for security. Direct connection might be a better way to use the device.
I’ve had meshtastic for about 2 ish years now and its still being worked on.
What is unsafe about cell communication is that there is virtually no way to prevent being tracked. Bluetooth is not necessarily more secure but has several advantages:
- Its Mac address can be easily changed. With a fake Mac address it’s more difficult to track someone down, albeit it needs some “technical skills” (going in the developer settings)
- With these apps communication is encrypted by default unlike cell tower communication
- The range is limited. If police listens over Bluetooth they’ll be able to track less people down
It’s amazing how many times I saw this knowledge being spread, together with thousands of umbrellas and hard hats during the Hong Kong riots from day one with “Hong Kong, add oil” as their first slogan combined with very mild mannered arguments (we don’t know if it could lead to more serious things) against the extradition law which was supposed to affect maybe half a dozen people per decade, all serious criminals. A law almost every country has on earth that the US used against the daughter of the owner of one of the largest companies in the world, for the flimsiest of reasons, in contrast to the walled-off-to-arrest-one-particular-teen-girl-axe-murderer-to-be-shipped-to-Taiwan-law Hong Kong tried to implement.
How many people have been affected by the Alien Enemies Act again?
And how did the
The protests were call “No kings” remember that? Remember that it was called NO KINGS “Unbiased. Straight. Facts” SAN? Do you remember that? No? Okay, well…“anti-ICE”it isprotests go?Because apart from the shocker that you were being surveilled, I think the protests needed a little bit less “Zero demands, not one more” chants and a little more ‘We demand and protest until we win and get what we want’ kind of thing.
Isn’t Bluetooth easy to intercept?
Not at the same scale as mobile traffic
Bluetooth by definition doesn’t go much past 10-20 meters
Super easy. You can also do basic triangulation with some specialty hardware.
But we’re talking about a protest where bad actors (the police) just want the names of its attendants. Our phones scream to everyone “I am [name surname] and I am here!”. Bluetooth instead says the same but with a lower tone of voice, so less people can listen. Also, with little configuration you can instruct it not to broadcast its identifier.
I like how the image clearly shows a blue sky for this very expected and foreseeable headline.
Yeah, if you go protest you should leave your tracking device at home or, even better, with a friend or relative who you know will not be there. The US government doesn’t require subcutaneous tracking chips (yet), you can put yours away.
I flashed a $10 orbic to take to local protests.
ELI5?
Cops use devices to pretend to be a celltower, so your phone connects to it, and then they use it to spy on you. Rayhunter looks for this behaviour and warns you if it detects a suspicious tower that behaves like cops pretending to be a tower.
What do you do if it comes up positive? Presumably if you know it’s a risk, you’d leave your phone in airplane mode or at home, and if you know it’s happening you’ve already been recorded?
At the moment, about all you can do is let others know and submit the log to EFF so they can better understand how these stingrays are being used.
Or I guess if you’re feeling froggy; look around for a van/trailer with suspicious antenna(s).
Sometimes you just gotta draxlum sclountszts
You triangulate the signal and pass the coordinates to artillery teams.
I don’t understand why cell phones don’t authenticate the towers they connect to. Is this really just a “standards lag behind modern security” thing, or is it on purpose to allow these Stingray devices to be used?
I assume it’s the same as the Internet (or more specifically HTTP): It wasn’t designed with security in mind.
Unlike HTTP, for some reason it wasn’t included in a new specification, though. My guess is that’s because of the more centralized nature of cellular networks. The barrier for entry is a lot higher as well so there are few but big players who have little incentive to improve over the bare minimum.
IIRC encryption was initially proposed to be part of 5G but got shot down in the process.
Wait, 5G isn’t encrypted? I think it does have some protections still. I mean, not that it would matter to me, they only use NR-NSA in my country so it isn’t even full 5G with all its advantages.
At the risk of sounding like an AI-generated ad, I use an app called Privacy Cell on Fdroid, that confirmed there is no true 5G anywhere in my country. I just wish there was a way to differentiate between the two versions of 5G natively, kinda like 4G-LTE showing up as LTE instead of just 4G.
Encrypted data channels can still be vulnerable to man in the middle attacks. Like when you connect to an unknown host with SSH, and the client pops up a big warning.
In this case, ICE or whomever sets up a “valid” cell tower that your phone connects to, and they (law enforcement) route your packets onto the rest of the Internet. They can decrypt the 5G data, and see all of the IP headers. They can’t necessarily read the TLS traffic, such as https. But most important of all, they can log all of the IMEIs that connect, which effectively gives them a database of all of the protestors.
I don’t know the specific methods, but 3G, 4G and 5G do authenticate bidirectionaly, just 2G doesn’t, partially why Android now has “Disable 2G” toggle.
Also probably why they said they can downgrade you to 2G to intercept communication.What’s happening here is probably similar to anyone being able to send Wi-Fi deauthentification frame to your device to disconnect you. Unless you’re using WPA3.
IMEI/IMSI are collected (and immediately linked, hence deanonymized even if SIM was inserted only once) by cell tower operators. Just not bring your device, period.
Yeah, I agree with that personally, but realistically, “your phone was near a place” is not the same as “you were involved”. If they hijack a phone onto a Stingray, they can get way more info than just IMEI.
Think long term movement patterns, correlations with others such, anomaly detection.
why cell phones don’t authenticate the towers they connect to.
I believe it’s because they assume it’s not necessary because it was until now
- prohibitively expensive, but now a “tower” is less than 2k EUR e.g. https://www.crowdsupply.com/ukama/ukama
- prohibitively complex, see above, namely you don’t need to be a TelCo engineer to get it going
- probably illegal, namely you needed (and I bet still need in most places) wireless band allocation before you could deploy anything
… so I imagine there was no authentication because there was no practical threat beside so “fun” examples in CCC or DEF Con.
The use of Stingray by US law enforcement has been challenged on grounds that the law enforcement agencies have no spectrum license. Those challenges seem not to have found success.
On the other hand, prisons in the US have been stopped from operating cell phone jammers on prison grounds, on the same complaint of no spectrum license.
Even if they did, I don’t see government having trouble getting a proper authentication key.
I assume on purpose
Those circumstances include immediate threats to national security and situations where a person is in danger of death or serious injury.
Well I see a problem there. It doesn’t specify the cause of the danger or the reason the person is in danger in the first place.
We are always at war with Eurasia
EFF missed a fun opportunity to call the Rayhunter “DeCSS”.
