Mass surveillance are documented whit our cell phones.
Thousands of volunteers have with their mobile phone uploaded their results to different cell tower (base station) databases.
The hack that is picked up whit our mobilphones is,
"man in the middel attack, umts"
The explanation is that GSM base stations is pretending to be an official GSM station and emits a Cell ID.
In the EU it is a human right to have telecommunications secrecy, it means that your phone calls must be encrypted.
(it is very likely also human rights in many other countries)
You will need to compar whit official database for your area.
voluntarily collect databases.:
Opencellid.org
cellmapper.net
wigle.net (blue dots)
opensignal.com
http://www.cellumap.com/
Mozilla location services.
there are many other databases.
Official cell tower database.:
Denmark.: Mastedatabasen.dk
Norway.: finnsenderen.no
Schweiz.: Funksender.ch
Great Britain.: http://www.sitefinder.ofcom.org.uk/search
France.: http://www.cartoradio.fr/cartoradio/web/
Belgium.: http://zendmasten.be/
Brussel.: http://geoportal.ibgebim.be/webgis/antenne_emettrice_gsm.phtml?langtype=2060
Austria.: http://www.senderkataster.at/
Germany http://emf3.bundesnetzagentur.de/karte/Default.aspx
Netherlands.: http://www.antenneregister.nl/Html5Viewer_Antenneregister/Index.html?viewer=antenneregister
USA.: http://www.antennasearch.com/
Pleas.
Provide permalinks is there are things you don't understand, and the official database for your area and I will have a look.
Or ask a questions.
eksampel when comparing databases.:
how to compare, openopencellid.org and the official database for thr area you want to check, you will see it straight away, there is a huge difference.
or for the USA opencellid.org, wiggle.net, opensignal.com, etc.. in conjunction whit http://www.antennasearch.com/
A few newspaper articles on the subject.:
http://www.ibtimes.co.uk/fake-sting...-discovered-spying-millions-londoners-1505368
http://www.theguardian.com/uk/2011/oct/30/metropolitan-police-mobile-phone-surveillance
http://www.thelocal.no/20150309/norway-police-broke-law-with-fake-mobile-receivers
http://www.aftenposten.no/nyheter/iriks/Secret-surveillance-of-Norways-leaders-detected-7825278.html
http://www.networkworld.com/article...e-gsm-base-station-trick-targets-iphones.html
A bit info about the hack.:
https://en.wikipedia.org/wiki/IMSI-catcher
https://www.sba-research.org/wp-con...rowskiEtAl-IMSI-Catcher-Catcher-ACSAC2014.pdf
https://cosec.bit.uni-bonn.de/fileadmin/user_upload/teaching/10ws/10ws-sem-mobsec/talks/dammann.pdf
https://media.blackhat.com/bh-dc-11/Perez-Pico/BlackHat_DC_2011_Perez-Pico_Mobile_Attacks-wp.pdf
https://www.twelvesec.com/using-gsm-tester-intercept-calls-sms-pt1/
http://www.wired.com/2010/07/intercepting-cell-phone-calls/ (stupid tracking algorithms makes that point less.)
http://www.theregister.co.uk/2014/03/26/spam_text_china_clampdown_police/
http://mobilesociety.typepad.com/mo...ng-2g-for-data-i-need-a-3g4g-only-switch.html (stupid you can't protect your phone against mitm, umts)
http://www.theregister.co.uk/2010/08/02/gsm_cracking/
http://www.fiercewireless.com/tech/...se-stations-tracking-eavesdropping/2014-03-16
Radiation.:
http://www.psrast.org/mobileng/hylandbasestation.pdf
http://www.tetrawatch.net/papers/hyland_2005.pdf
http://www.iss.it/binary/elet/cont/3.1203942327.pdf
more to come.
it is a cut from an article I'm writing.
Thanks
swampii
I'm anxious to see your complete write-up. I hope you will post a link when it's finished.
Related
as i heard the mechanism of ppcs cant accept any answering machin ...
is that right ? why ?
Probably due to some government regulations of sort, or some intervention of the carriers. The same reason I guess why you cant get a vocoder for the ppc.
As fun as it would be to speak in a robot voice to your m8's I'm not sure if we can, due to the same limitations.
Saying that, anyone found a vocoder for ppc ?
Actually this this is not true for all phone edition PPCs.
Gigabyte g-smart comes with a built in answering machine and 'background sound - alibi' software, and I think there are others too, but HTC models so far have hardware separation between phone and PPC voice systems.
Even despite that there is at least one company (I can't remember their name or site, but they were mentioned here so pleas search) that successfully made a commercial answering machine software that reportedly works well on most devices.
I seriously doubt there is a government regulation on the subject as I read that recording conversations you are part of is allowed in Europe and most of the U.S. (without informing the other party), but the cell companies stand to loose a lot of money from their voice mail services.
That is the same reason some cell co. don't offer models with WiFi - so customers will have to pay for GPRS / 3G.
Hello all
I've been reading this forum for some months now and i like the windows'es and informations i've found here on my Hermes device
But now i have some questions on using the often integrated tool field test.
I've found out that with the IMSI-catcher (german wikipedia as one of the sources), that are more and more often used semi-legal by the police(here in europe there are a lot of 'GA-90' devices sold to the police and other institutions), it is possible to listen to phone calls(man in the middle attack), by just 'emulating' the strongest phone-cell in the area, to which the device connects instead of connecting to the provider's cell.
I also read that it would be possible to find out if there was an imsi-catcher device active in the area near you or not. The only thing needed is a special monitor software (field test?) that observes the MNC(Mobile Network Codes) behavior(appearently you need 2 handy's from the same provider with the monitoring software running).
But they didn't explain exactly on which behavior you should pay attention.
Since I could use 2 windows mobile devices to test this out, I am searching for more detailled information on this subject, and the first place that came in my mind was xda-developers
I allready did search this forum for the subject imsi catcher, and the only thing I've found is this.
google result
so one person who tries to change hies imei number, and another one who doesn't seem to know exactly what an imsi catcher can do.
Is here anyone who knows more?
I know that where I live, there are pple who make abuse with IMSI-catchers(catching calls without the permission from a judge or similar, or even one time someone listening to his girlfriends phone calls to see if she's cheating(and she did and that was the reason he left her))And yes this one was a young policeman who told that to his friends and even was proud of it.
I also dislike the fact that the handy, instead of the encrypted one with the provider's cell, has an non encrypted connection to the imsi catcher(if not there would be no possibility for a listening man in the middle attack).
I also read about the cellphones from http://www.cryptophone.de/
Appearently they do allways have encrypted conversations even through an Imsi-catcher. But if that would be true, the other side will need the same handy to decrypt it again. Because it has to encrypt, the allready encrypted data traffic with the provider's cell, if not it can't allow any protection against IMSI -Catcher devices. I also ask myself if, depending on where u want to use it, the 2nd encryption could produce a to huge phone traffic that could result p.ex. in a robot voice...
Anyone who could light me up?
Or is there any software able of reencrypting the encrypted transfer on windows mobile devices?technically it should be possible(2nd phone dialer installed so you choose the normal one for normal calls and 2nd one for calls with pple who also have this software installed on their phones)perhaps not with an 256 bit encryption but perhaps with a 128 or 64 bit encryption...
BTW, if there would be anyone able to programm such a hot piece of software for windows mobile devices I wouldn't have any problem to donate him with paypal, and i suppose other pple would do the sameAnd no I don't wanna replace that by Voip or skype via HTC...
Thanks in advance
Patrick
So no one who knows more about this?
I would be very happy if i could at least test if they're really used that often as they say they are(where i live).
And since i could try it in different major 'cities' over here, i suppose catching a imsi catcher soon or later
I'm quite curios if all the pple, telling that there is a lot of abuse with these machines, are right, or if that's all nonsens...
It would be nice if a warning icon could be integrated into Windows Mobile or the dialer to indicate that a call is not being encrypted. Read the Wikipedia entry for IMSI-catcher for more info. I'm guessing CDMA is largely unaffected since the hole seems to rely on the UMTS spec's backward-compatibility with GSM.
I'd also like to note that Skype is the way to go for true endpoint to endpoint call encryption. You know, if you're a gangster or something and need to brush off the popos. It would be interesting to investigate whether the WM6 integrated VOIP stack requires authentication/encryption.
Hello,
I am new to the forum and also the owner of an HTC Fuze. I have been playing around recently with the GPS on the phone and got me thinking. I live in NY and we have a CORS network of gps base stations that are fed by the use of ntrip.
I was wondering if their was any way to use the gps signal on my phone and the connection to this CORS network to give me sub inch accuracy on my phone...then not sure what I would do with it then. But I do live on a farm and I would like to see some type of precision agricultural use.
I guess I need a way to have the GPS on the phone talk with the GNSS internet radio and then give me spot on guidance and such.
Please let me know your thoughts or if I need to explain better.
Thanks,
Clayton
bump
bump. Any ideas? Anyone
Great idea cwrisrey !
That will save the cost of a geodetic device, which is many times the cost of a Fuze. Further, it will lead the accuracy of the buildin GPS into millimum class.
Not dig into this further, would you go further to tell these:
Is that CORS data encrypted?
Is that accessible through public internet or VPN?
Is there copy right or intellectuall property right issue involved? (I don't think so, but better make it clear first)
Once again, great idea. Please do remember to update this thread once you got any progress. Thanks.
More info
Hello wg5566,
This site would probably answer alot of your questions clearer than I could:
http://www6.nysdot.gov/spiderweb/frmIndex.aspx
* Is that CORS data encrypted?
-I don't believe so, I think that it is just a form of compression, to distribute across the internet.
* Is that accessible through public internet or VPN?
Yes, the NYS CORS anyway. It accessible from the public internet (although they require you to register with them) But I believe there are other free streams. I also believe it was modeled after being able to be sent threw GPRS.
* Is there copy right or intellectuall property right issue involved? (I don't think so, but better make it clear first)
-I believe the ntrip is based on a GNU, I think the source code is available. http://igs.bkg.bund.de/index_ntrip_down.htm
Windows CE version:
http://www.ilmb.gov.bc.ca/crgb/gsr/downloads/installGNSS.CAB
Please, let me know your thoughts...
Thanks,
Clayton
My fast thoughts:
First make sure there is no satisfied freeware currently available for WM.
If so please ask a moderator to move this to the development & hackings section. And Add tyis sentence on the title: Call for developers for revolutionary GPS app!
I'm sure somebody here can develop this. You know the geodetic device was invented many years ago with very weak profiles comparing to current WM devices. The hardware on our phone should be capable to deal with these calculations, and the WM Pro platform should be capable to support such an app. Anyway it should not be a biggy for many masters here. But it is a biggy for gps users with high accuracy demand for any reason.
Edit: Did you try install that wince cab on your phone? I think some of WINCE apps can just run on WM. Please backup your data first.
Edit2: I tried to install it on my device, at first it did not show up in start menu, then I found the cab just put files and shortcut in the folder names in French. But there is no registry involved in the cab. Only three files. And then program UI itself is in English. Just run the executable from the folder will go right out of the box. So please try it. I did not try to connect & loggin yet, due to not registered account.
Edit3: Looks like the cab is only access the data from internet, convert the data format and export the data, but we still need a geodetic/gps software to process/use the data.
Disclaimer: I attatched these three files for the only purppose of exchanging software developement infomation. Anybody if download it please do not use it for any purppose other than this. Thanx.
Some thoughts on the subject
Hi All,
The idea of using NTRIP to make a Windows Mobile GPS device sub-meter accurate crossed my mind. After some research I found this thread.
Unfortunately, I haven't been able to find any software capable of doing this. My idea is that it should be possible to accomplish this goal, using a combination of existing tools (which would be really cool!).
As wg5566 notes, there is a (WM) tool called GNSS Internet Radio, which is capable of downloading NTRIP corrections. It turns out this software works, but does have some flaws. Someone wrote another open source tool which is better (?), but unfortunately it isn't built for Windows Mobile (see: http://lefebure.com/software/).
More searching revealed a (dead?) project on codeplex: SharpGPS. It's an unfinished demo. It does however seem to be designed to do exactly what we're suggesting in this thread.
My idea: Completing the WM version of SharpGPS with parts of GNSS Internet radio / lefebure NTRIP client should result in a tool that's capable of upgrading a WM devices' gps signal to sub-meter accuracy through RTK/DGPS corrections over NTRIP.
Any ideas / suggestions about this?
It's already been done for the commercial market
Land surveyors, construction companies, and farmers use RTK GPS and RTK GNSS correction services on a regular basis. Some are free and some are paid subscription. They can be either NTRIP protocol with casters or individual TCP or UDP connections. Examples of software available are Carlson SurvCE and MicroSurvey. Read Carlson's support site for how they deal with the data flow using such networks on SurvCE (Windows Mobile and CE).
I have worked in land surveying using such equipment, and it generally requires dual frequency receivers, RTK corrections, and high quality antennas to achieve 1-2cm 95% CI horizontal precision. The current GPS chips in cell phones are only single frequency and so the best you could expect under ideal conditions is 2'-3' precision using some form of differential correction like WAAS or beacon or DGPS via NTRIP. Under average conditions, the precision will likely be in the 10-20' range. The dual frequency receivers take care of the large errors caused by radio waves traveling through the ionosphere.
Due to the limitations of batteries, antennas, and space for more chips in cellphones, the future of location accuracy will likely include some combination of GPS/GLONASS and cellular radio signal frequency timing calculations from cell towers. True Position, with its U-TDOA technology, is one example of measuring the time differences of cell phone radio waves using cell towers with known coordinates. Rumors (from surveying journals) have it that there are current patents in place that can allow for sub foot precision using such methods when sufficient cell towers are present for multilateration.
Has anyone found success on this topic? WM or Android...
Would be very interested, since there is a free NTRIP feed available in Switzerland... anyone?
*bump* it up
Been there still trying. Problem is no carrier phase off internal gps.
Grimli said:
Hi All,
The idea of using NTRIP to make a Windows Mobile GPS device sub-meter accurate crossed my mind. After some research I found this thread.
As wg5566 notes, there is a (WM) tool called GNSS Internet Radio, which is capable of downloading NTRIP corrections. It turns out this software works, but does have some flaws. Someone wrote another open source tool which is better (?), but unfortunately it isn't built for Windows Mobile (see: /lefebure.com/software/).
Click to expand...
Click to collapse
Lance lefebure is a really cool guy I'm sure he wouldn't have any problem building a wm version but it is going to takea lot more than that to get rtk to a cell phone.
Very good ,thanks.
Ed hardy bikini said:
Very good ,thanks.
Click to expand...
Click to collapse
If you are confused just ask questions and I will do my best to answer them. I am in the ag industry and deal with RTK networks and different ways of connecting them and tons of different gps units on a daily basis.
Look at this:
http://stakemill.wordpress.com/2010/07/19/ashtech-mobile-mapper-100-supports-esri-arcpad-10-0/
and this:
http://www.ashtech.com/-2359.kjsp?RH=1272644205746&RF=1270806507068
Is that still a phone !?
wg5566 said:
Look at this:
Is that still a phone !?
Click to expand...
Click to collapse
Nope PDA with support for external GPS with a builtin reciever that even sees glonass satellites (russian constelation). That was made specifically to do RTK mapping. It does have a GSM radio for data to connect to the cors.
Phone positioning using CORS
To perform a CORS (Network Reference correction we need a GGA stream from the GPS in your device. This allows us to remove the anomalies and provde the correction stream. As phones use a sirf II chip or similar they do not have input capability to output the NMEA stream to achieve this.
This one works great! it will connect to an Rtk receiver and get the nmea string from it or will use the internal GPS to be able to register on the CORS network. It will then stream the corrections over Bluetooth to a receiver or even a repeater radio. It won't however correct the internal GPS. http://antrip.dyndns.biz/Home/DownloadTrial
Hi there,
I am using an Android Phone in Germany. In the last months a lot of people klicked some adds in their apps and found themselves in a specific kind of value-added-service subscription. Apparently the MSISDN (through which the caller is identified) is transmitted and some dubious value-added service providers like EriXXXon IPX for example charge you about 80€/month for a completely useless subscription for services you never ordered. The cashing works through your local cell-network provider. Since the contract itself was concluded not with your network provider, but with some third party in Far Far Away the provider refuses to refund the money. One would have to contact the Far Far Away company which surprisingly would not respond to your pleas. The network provider on the other hand says, that there is no technical possibility to simply block or disable those services via customer demand. And currently there are no laws in Germany (and Europe afaic) that would prevent this kind of rip-off.
So my question: Is there a possibillity to simply block the sending of the MSISDN during a WAP-Request? Because thats seems to be the protocol over which the MSISDN is transmitted. WAP-Billing is a surplus technology with all those smartphones out there, so maybe it would be sufficient to simply switch off WAP transmission completely while leaving all the other internet protocols switched on.
Any help (e.g. like an app ) would be very much appreciated.
None of you with a hint? An idea? Or the same problem? What a pity...
WAN-MSISDN : disable added-value-services by MSIDN: WANTED.
O yea, I have, fearing the drowsy minute late at the end of a working day where I can not practice "CONSTANT VIGILANCE!" claimed by "defence against the dark arts" teacher Moody... Still it is as you described and none of us willingly to be ripped-of german sheep had yet the nerve to shout at our providers to shut out the gild of thieves by wire. Could be that they had a lot of homework to do that got neglected AND at the end have a slightly better reputation, but astonishingly some painfully reduced $$$ (i.e. €€€) Signs on their added-value-service-statistics.
Just MHO
Perhaps I come back in a year when I will have plunged in such a trap, will have given the case to some advocacy (because my insurance will pay for it) and have undergone some trial sessions. Lets say you'll hear that I won in about 4 years, and will have lost valuable time like 100h, and could gain no compensation from the fraudy company using WAN MSISDN transmission by the title of some german court
I read you can mail your provider and tell them to disable billing of added-value-services.
"Des Weiteren bieten einige Provider wie Telekom oder Vodafone an, Inkasso-Forderungen per Rechnung sperren zu lassen."
see computerbild in dowmain .de
(search for) / artikel / cb-Tipps-Handy-Smartphone-Abo-Gefahr-App-WAP-Werbung-5888480.html
Yours
Andi
ld browser
BloodyCkickenSoup said:
Hi there,
I am using an Android Phone in Germany. In the last months a lot of people klicked some adds in their apps and found themselves in a specific kind of value-added-service subscription. Apparently the MSISDN (through which the caller is identified) is transmitted and some dubious value-added service providers like EriXXXon IPX for example charge you about 80€/month for a completely useless subscription for services you never ordered. The cashing works through your local cell-network provider. Since the contract itself was concluded not with your network provider, but with some third party in Far Far Away the provider refuses to refund the money. One would have to contact the Far Far Away company which surprisingly would not respond to your pleas. The network provider on the other hand says, that there is no technical possibility to simply block or disable those services via customer demand. And currently there are no laws in Germany (and Europe afaic) that would prevent this kind of rip-off.
So my question: Is there a possibillity to simply block the sending of the MSISDN during a WAP-Request? Because thats seems to be the protocol over which the MSISDN is transmitted. WAP-Billing is a surplus technology with all those smartphones out there, so maybe it would be sufficient to simply switch off WAP transmission completely while leaving all the other internet protocols switched on.
Any help (e.g. like an app ) would be very much appreciated.
Click to expand...
Click to collapse
This will not happen if you will use loader droid for these kind of surfing where apps like clauncher mobogenie pop outs and start to download without your permission. Even wap will ask you before subscription that you will be charged 2$for this subscription...when you do it on loader droid downloading subscriptions are not automatic without your permissions..
Thom Holwerda at Real-Time Embedded OS specialized website OSnews reports about vulnerabilities that lurk in closed-sourced radio chips.
The second operating system hiding in every mobile phone
The insecurity of baseband software is not by error; it's by design. The standards that govern how these baseband processors and radios work were designed in the '80s, ending up with a complicated codebase written in the '90s - complete with a '90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.
(...)
With this in mind, security researcher Ralf-Philipp Weinmann of the University of Luxembourg set out to reverse engineer the baseband processor software of both Qualcomm and Infineon, and he easily spotted loads and loads of bugs, scattered all over the place, each and every one of which could lead to exploits - crashing the device, and even allowing the attacker to remotely execute code. Remember: all over the air. One of the exploits he found required nothing more but a 73 byte message to get remote code execution. Over the air.
Click to expand...
Click to collapse
Source, via HN
Comments at HN are also worth reading, I think.
Do note, that the study run on some old generation of MSM chips.
Here is a counter argument for instance:
Comment by OsQar
by OsQar on Wed 13th Nov 2013 09:51 UTC
I'm not a security expert at all, but I've been working on mobile radio access technologies for several years, so I feel quite confident to say that some or your claims are wrong. E.g:
"The standards that govern how these baseband processors and radios work were designed in the '80s, ending up with a complicated codebase written in the '90s - complete with a '90s attitude towards security."
Well, GSM's baseband was developed from late 80's to early 90's, UMTS' from late 90's to early 00's, and LTE's can be now be considered almost finished. I know that GSM is not secure at all now (it was when it was released, but now it has been cracked), but I'm not so sure about UMTS (CDMA is very hard to demodulate, so cracking is even worse) and LTE (OFDMA is quite a headache).
"What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted."
This is NOT TRUE. At all. Even from GSM times. Handheld devices run a bunchload of ID checks to know what basestation is sending data; and basestations also carefully allocate and check mobile ID's. This is especially true in UMTS (where you have to discriminate interferring users by using pseudorandom codes) and LTE (where you even need angle-of-arrival information to reach more users).
So, I'm not claiming that mobile basebands are inherently secure, but they're definitively not based on 80's security technology.
On the other hand, I agree with your viewpoint that the closed implementations and the huge standards are not the best way to allow the community to check for security bugs. But manufacturers are the main supporters of actual standardization bodies, so it's quite complicated to fight against it.
Click to expand...
Click to collapse