mrbluze writes:
"Columbia Tribune / AP reports of Police agencies' reluctance to divulge details about the Stingray cell-phone interception device, whose use has increased since a Supreme Court decision to prevent the use of GPS tracking devices without a warrant. The Stingray is reported to be a suitcase-sized device that pretends to be a mobile phone tower, tricking a cell phone to connect to it instead of the cellphone company's tower, but details on how this works are not revealed.
In one of the rare court cases involving the device, the FBI acknowledged in 2011 that so-called cell site simulator technology affects innocent users in the area where it's operated, not just a suspect police are seeking.
A December 2013 investigation by USA Today found roughly 1 in 4 law enforcement agencies it surveyed had performed tower dumps, and slightly fewer owned a Stingray.
However, a report by GlobalResearch.ca gives much greater detail, including photographs of the device:
When a suspect makes a phone call, the StingRay tricks the cell into sending its signal back to the police, thus preventing the signal from traveling back to the suspect's wireless carrier. But not only does StingRay track the targeted cell phone, it also extracts data off potentially thousands of other cell phone users in the area.
Although manufactured by a Germany and Britain-based firm, the StingRay devices are sold in the US by the Harris Corporation, an international telecommunications equipment company. It gets between $60,000 and $175,000 for each Stingray it sells to US law enforcement agencies."
(Score: 5, Insightful) by Angry Jesus on Sunday March 23 2014, @06:33PM
Ever since I first heard about the stingray MITM attack on cellphones I've thought it would be detectable in the same-way the cert-patrol [mozilla.org] firefox extension detects MITM SSL certificate attacks. Just have an app that records connected tower-id and the phone's gps location. After a few weeks your phone should have pretty much mapped out all the near-by towers, so if the phone starts connecting to a brand new tower ID you know something is up.
You could take it one step further and do like the EFF's SSL Observatory [eff.org] and essential crowd-source tower ID's so that when a new tower ID pops up anywhere (or better yet, a tower ID starts to mysteriously move around the city) people would know something is up.
(Score: 2) by VLM on Sunday March 23 2014, @07:11PM
Does it have to be higher layer and non-transparent?
I can imagine a layer 1 device pulling off the same stunt.
What it would look like, is oddly enough, the second closest tower (or further away) seems to have the strongest apparent signal right now. How odd. And you sniff traffic going each way.
I'm not saying a higher layer attack is impossible, its just a lower RF level attack sounds technologically easier to build. A REALLY good passive repeater with a sniffer is all you'd technically need.
And an interesting countermeasure would me measuring latency.
(Score: 2) by Angry Jesus on Sunday March 23 2014, @09:04PM
Good luck getting that to work for a guy with a cell phone in his car.