In case you, like me, were wondering wtf stingrays are (besides a type of fish). This is from their report :
Cell-site simulators, also known as “Stingrays” or IMSI catchers, are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower.
Cell-site simulators operate by conducting a general search of all cell phones within the device’s radius, in violation of basic constitutional protections. Law enforcement use cell-site simulators to pinpoint the location of phones with greater accuracy than phone companies. Cell-site simulators can also log IMSI numbers (unique identifying numbers) of all of the mobile devices within a given area.
…
The fact that government agencies are using these devices without the utmost consideration for the privacy and rights of individuals around them is alarming but not surprising. The federal government, and in particular agencies like HSI and ICE, have a dubious and troubling relationship with overbroad collection of private data on individuals.
When someone finds one of these simulators, what would they do?
Based on this link, the proper thing to do should be to report it to the FCC. I am not sure how much Trump’s FCC will pay attention to the report, though…
Report it to your favorite news media ig
Also alert your friends/colleagues that there are IMEI/IMSI scanners at the event, so that they can prepare accordingly by leaving their phone at home, putting it in a farraday bag, etc.
Find your anarchist friend with excess radio equipment and let them know.
Wait, people didn’t know about StingRays?
They’ve been around for like a decade now.
But uh, yeah, basically, they’re fake/spoof/honeypot cell towers that man-in-the-middle all nearby cell network traffic.
This is how they do the whole… everything dragnet, all the time, basically all cop cruisers have them in them, active all the time, this is why you just don’t bring your phone to a protest unless you really know what you’re doing.
So how do they break my SSL connections?
It’s a little less about reading what you’re saying or looking at on your phone, it’s mostly about tracking where your phone goes and figuring out who you are that way.
They don’t really need to.
They get all your phone’s metadata, and thats usually enough to plug in to a bunch of other databases that they can add you to a watchlist of some kind.
I mean really at this point we are all in a giganto mega watchlist, its just that its so big that the problem is actually sorting through that list and ‘accurately’ assigning threat levels, but thats what Palantir is for.
Like, they get your IMSI code, unless you are somehow regularly/randomly resetting or spoofing that, uh, they can easily get a bunch of other info from cell providers, they just can’t (usually) specifically use that info alone to convict you of something, but…
They know who you are, roughly where you were and when.
So thats a pretty good starting point for a subsequent investigation, or just throwing it onto the dragnet data pile.
Fucking cool, and also remember to leave your phone at home, or at least on airplane mode.
In airplane mode and even while turned off, phones have been known to still transmit data via background services. Leaving it behind, or a Faraday bag are the only assured options I’m aware of
Not while turned off, generally. Screen off, sure.
Edit: apparently at least some do
There is no such thing as “off” on modern Smartphones. Even if you power it down things like the baseband prozessor and bluetooth still stay active most of the time.
If the battery is integrated into device there ist no real way to completely shut this things down.
wtf got a source on that? Sounds quite scary tbh
deleted by creator
No they don’t
Just as an example:
https://www.apple.com/icloud/find-my/
“Some devices can still send their location for up to 24 hours after they’ve been turned off or have low battery life.”
https://www.91mobiles.com/hub/exclusive-google-find-my-device-feature-phone-off
“Google began rolling out this feature as “Powered Off Finding” with the Pixel 8 series, letting users locate their phone even when it’s switched off by keeping the Bluetooth chip active.”
And those are only some of the official known possibilities
Thats not correct. Iphones and androids are never truly off. There are a few privacy focused phones by small makers with hardware switches for each radio. You can run android or linux on them.
You’re a troll
I am?
Modern phones will still ping the Bluetooth low energy networks like Find My for Apple devices even when off or on airplane mode. That’s how things like AirTags work.
It’s been tested at actual protests FYI. It works.
Use your imagination what that means you can do when you find one.
What if the cops have a trace buster buster?
Then you would just wanna bring along your trace buster buster buster.
[Busta Rhymes enters the chat]
FLIP MODE!
PUT YA HANDS WHERE MY EYES CAN SEE
Who are you calling buster, buster?
Hey, I’m not your buster, guy.
Who YOU gonna call? Trace Busters?
Here is it working in action while law enforcement is flying a spy plane arouns a neighborhood
Damn… I happen to have an Orbic hotspot. I know what I’m doing instead of being productive this week.
My phone OS allows me to disable 2G, which I do because of SS7 vulnerability, but not 3G unfortunately.
What is the correct hardware?
Any of the 5 or 6 cheap wireless hotspots listed in the link in the article.
Probably should have read the article hahahah. Thanks.
Is there a good one for Canada in specific though? As far as I can tell the Orbic only works in the US, and as a result I’m not sure if I can trust the other devices, even if they’re the same ITU region. Would the TP-Link work? The docs suggest it should work in the US as well as Europe.
