[liberationtech] Belarus/Ericsson/GSM
Frank Corrigan
email at franciscorrigan.com
Mon Jan 17 13:26:00 PST 2011
I had never heard of using a cell phone for wifi without a SIM, so
thanks for that insight.
Most computers/laptops when switched on constantly broadcast a physical
hardware Wifi Network card address
(Mhttps://secure.wikimedia.org/wikipedia/en/wiki/Mac_address) and web
browsers communicates User Agent addresses (http://analyze.privacy.net)
and therefore this data can be used for 'fingerprinting'
devices.(https://panopticlick.eff.org/) I do not know whether a Cell
phone has an equivalent of a MAC address, but they sure do have User
Agents.
With computers it is relatively easy to 'fake' a User Agent and a MAC
address, not so sure about cell phones.
The torproject highlights that Tor for Cell phones does not have the
equivalent of the browser Torbutton, so as ever with Tor, informed
caution is a must. For instance I use Tor bundles and they were updated
twice in the last week or so, one concerning a firefox issue concerning
the leak of a users real IP address. IE: geolocation!
(https://blog.torproject.org/blog/new-tor-browser-bundle-packages-1)
Frank
----- Original message -----
From: "Douglas Finley" <dafinley at gmail.com>
To: elhamucla at hotmail.com
Cc: "Frank Corrigan" <email at franciscorrigan.com>,
liberationtech-bounces at lists.stanford.edu,
liberationtech at mailman.stanford.edu
Date: Mon, 17 Jan 2011 14:52:08 -0600
Subject: Re: [liberationtech] Belarus/Ericsson/GSM
Well, I have a Nexus One purchased online running Android 2.2.
And I can connect to Wifi without my SIM card in. I was not able to run
Google Voice from the mobile App to make phone calls. Web works tho.
But what I did do was broadcast my Wifi signal ( I guess rebroadcast a
Wifi
signal).
I connected my laptop to that broadcasted signal from my phone...And I
was
able to use Google Voice from my laptop through the broadcasted
connection from my phone...that is picking up a WiFi connection without
a
SIM Card.
Of course, why not just hook the laptop up directly to the same WiFi
your
phone is picking up, but I just wanted to test the limits.
I guess you have to trust that Wifi connection your phone is using.
I know Frank said that you would still be tracked through base stations.
I
guess I see it being difficult without an actual SIM card.
I'm a programmer...I know nothing about hardware or networking so I
believe
you...but it seems a little difficult to do.
I guess the point is to get rid of the SIM card...and your left with a
mini
laptop that should be a little more secure than having
to keep track of multiple SIMs...that you actually have to connect to a
network immediately giving up your location and sensitive info.
On Mon, Jan 17, 2011 at 2:32 PM, <elhamucla at hotmail.com> wrote:
> From what I understand activists frequently change their sim card while
> keeping the same phone. But they worry that the phones might be intercepted
> anyway.
> Sent on the Sprint® Now Network from my BlackBerry®
>
> -----Original Message-----
> From: "Frank Corrigan" <email at franciscorrigan.com>
> Sender: liberationtech-bounces at lists.stanford.edu
> Date: Mon, 17 Jan 2011 18:40:42
> To: <liberationtech at mailman.stanford.edu>
> Subject: Re: [liberationtech] Belarus/Ericsson/GSM
>
> Had a quick look at mobileactive.org, the issue of WiFi use is not
> covered (inc no SIM).
>
> I have done a quick web search on WiFi no SIM and can't find any sources
> I can quote, there in some discussion about hacks, but I have always
> found a phone will not access WiFi unless an activated SIM is inserted.
> If such a 'no SIM' hack did work then this still does not mean the
> phone's location could not be pinpointed, as the phone must be exchange
> unique identifiers for Wifi to function? But of course the phone would
> not have a registered/activated SIM.
>
> There is now a number of battery powered routers available, that can use
> SIM cards and or G3 Dongles and can be used to set up ad-hoc Open Wifi
> networks.
>
> Of course an adversary could still set up a cloned or Open Wifi network
> for "man in the middle attacks" and no doubt to locate specific users?
>
> Frank
>
> PS: These resources might be helpful, but are more orientated to
> combining computer use and internet access via WiFi / G3 Mobile
> broadband.
>
> Preconfigured privacy (circumvention) bundles for USB or LiveCD.
> * Erinn synchronized the Windows, OS X, and Linux tor browser
> bundles to use the same configurations and included software.
> * The TAILS team continues to improve and update their LiveCD
> available at https://amnesia.boum.org.
> * Jacob began an audit of the TAILS LiveCD to help assess the safety
> and security of the software for users in highly-volatile
> situations.
> https://blog.torproject.org/blog/september-2010-progress-report
>
> The useful thing about using Tor on a LiveCD as a Bundle or with the
> integrated TAILS LiveCD, is that no trace of use is left on the host PC.
> (save for volatile RAM)
>
> There are broader possibilities with computers, such as using
> Truecrypt.org software. Though carrying round a mobile phone is far more
> ubiquitous.
>
>
> ----- Original message -----
> From: "Prabhas Pokharel" <prabhas.pokharel at gmail.com>
> To: "Douglas Finley" <dafinley at gmail.com>
> Cc: "Frank Corrigan" <email at franciscorrigan.com>,
> Date: Mon, 17 Jan 2011 19:21:04 +0100
> Subject: Re: [liberationtech] Belarus/Ericsson/GSM
>
> Douglas et al., this primer on mobile surveillance:
> http://mobileactive.org/howtos/mobile-surveillance-primer and other
> articles
> related to security on the site:
> http://www.mobileactive.org/tagging/mobile-security should be helpful,
> and
> answer some of these questions.
>
> The Guardian Project has a set of Android apps here:
> https://guardianproject.info/apps/ including instructions to set up a
> private encrypted VoIP network.
>
> Prabhas Pokharel
> http://twitter.com/prabhasp
> +1 347 948 7654 / +377 4567 3810 / skype: prabhasp
>
>
> On Mon, Jan 17, 2011 at 6:12 PM, Douglas Finley <dafinley at gmail.com>
> wrote:
>
> > Well I didn't know they already had mobile Tor's,
> > but would you still be able to be tracked through a phone number if your
> > not using
> > your phone's SIM Card at all. Just WiFi, Tor, and Google Voice or Skype
> > but some VOIP service?
> > It seems like for Tor to work with any kind of mobile VOIP app it would
> > have to be configured to
> > send its data through Tor.
> >
> > Tor only protects Internet applications that are configured to send their
> > traffic through Tor — it doesn't magically anonymize all your traffic
> just
> > because you install it.
> >
> >
> > On Mon, Jan 17, 2011 at 11:01 AM, Frank Corrigan <
> > email at franciscorrigan.com> wrote:
> >
> >> Tor for Smartphones
> >> Android-based phones, tablets, computers Android Bundle Android
> >> Instructions
> >> iPhone, iPod Touch, iPad Test packages by Marco
> >> Nokia Maemo/N900 Experimental instructions
> >> https://www.torproject.org/download/download.html.en
> >>
> >> Though use of Tor on a mobile phone/dongle will not stop tracing
> >> location via Cell Phone IMEI (International Mobile Equipment Identity)
> >> number/ SIM/Phone number Tower triangulation and ad-hoc mobile phone
> >> relay/interception towers being deployed by adversaries.
> >>
> >> Olympics bosses probe mobile tracking tech
> >> http://www.theregister.co.uk/2009/07/06/olympics_mobile_tracking/
> >>
> >> Frank
> >>
> >> ----- Original message -----
> >> From: "Douglas Finley" <dafinley at gmail.com>
> >> To: "elham gheytanchi" <elhamucla at hotmail.com>
> >> Cc: liberationtech at mailman.stanford.edu
> >> Date: Mon, 17 Jan 2011 10:41:26 -0600
> >> Subject: Re: [liberationtech] Belarus/Ericsson/GSM
> >>
> >> Conceptually,
> >>
> >> Does anyone know how effective a mobile version of Tor would be?
> >> Same server/client relationship strictly related to WiFi.
> >> I know using the service over 3G would be futile, but if your phone had
> >> a
> >> mobile Tor app..you would be able to talk/text/web on your mobile more
> >> securely right?
> >> Does anyone know if Mobile languages (iOS, Android, etc) give you API
> >> access
> >> to what you need to make something like that work?
> >>
> >> On Mon, Jan 17, 2011 at 10:10 AM, elham gheytanchi
> >> <elhamucla at hotmail.com>wrote:
> >>
> >> > when I was in Iran two years ago, I met up with three activists
> >> (women's
> >> > rights activists) and none of them brought their cell phones to our
> >> meeting
> >> > place. when I asked them why: they said they have learned- by trial
> and
> >> > error- that it is best to turn off their cell phones, take the sim
> card
> >> > out and leave it at home because otherwise they are traced by the
> >> security
> >> > forces.
> >> >
> >> > Best,
> >> > elham
> >> >
> >> > > From: cfarivar at cfarivar.org
> >> > > Date: Mon, 17 Jan 2011 15:54:22 +0100
> >> > > To: AllnuttL at rferl.org
> >> > > CC: liberationtech at mailman.stanford.edu
> >> > > Subject: Re: [liberationtech] Belarus/Ericsson/GSM
> >> >
> >> > >
> >> > > For what it's worth, Nokia Siemens Networks basically said the same
> >> > > thing about the kit they sold to Iran pre 2009 election.
> >> > >
> >> > > -C
> >> > >
> >> > > On Fri, Jan 14, 2011 at 2:41 PM, Luke Allnutt <AllnuttL at rferl.org>
> >> > wrote:
> >> > > >
> >> > > > Dear All,
> >> > > >
> >> > > > I'm a journalist from RFE/RL working on a story about the recent
> >> > crackdown
> >> > > > in Belarus. Our Belarus Service is reporting that hundreds of cell
> >> > phone
> >> > > > owners are being summoned for interrogation by police and the KGB
> >> > because,
> >> > > > on December 19, they were using their phones at the site of the
> >> > > > antigovernment protest.
> >> > > >
> >> > > > We are trying to ascertain whether the phone operators were asked
> to
> >> > supply
> >> > > > the information about their customers' phone calls or whether the
> >> KGB
> >> > was
> >> > > > able to track these calls on their own. Both scenarios seem
> >> plausible.
> >> > > >
> >> > > > If anyone has any insight into what might have happened here and
> how
> >> > easy it
> >> > > > would be for the KGB to get that location data on their own, it
> >> would
> >> > be
> >> > > > much appreciated.
> >> > > >
> >> > > > My second question, if I may, would be about Ericsson, who have
> >> > supplied
> >> > > > Belarus operators with GSM equipment. I spoke via email to
> Ericsson,
> >> > and
> >> > > > from what I can make out, the GSM equipment they've supplied
> Belarus
> >> > with is
> >> > > > pretty standard and contains capabilities for "lawful intercept,"
> >> which
> >> > they
> >> > > > say is entirely in keeping with worldwide standards and norms.
> >> > > >
> >> > > > I've spoken to a few experts to try to ascertain whether Ericsson
> is
> >> > doing
> >> > > > anything inappropriate here. Should they, for instance, sell
> >> different
> >> > > > equipment to countries with less-than-democratic records? How
> >> difficult
> >> > > > would it be for Ericsson to reengineer their systems so lawful
> >> > intercept
> >> > > > capabilities were taken out? And how difficult would it be to put
> >> those
> >> > > > things back in?
> >> > > >
> >> > > > I apologize if these questions seem overly simplistic or
> >> off-the-mark.
> >> > I
> >> > > > have only a fairly limited understanding of the engineering
> >> questions;
> >> > thus
> >> > > > why I'm turning to you people.
> >> > > >
> >> > > > If anyone would have the time to answer my questions on list or
> off
> >> > list, I
> >> > > > would be hugely grateful. Many thanks for your time.
> >> > > >
> >> > > > Best Wishes,
> >> > > >
> >> > > > Luke
> >> > > >
> >> > > > _______________________________________________
> >> > > > liberationtech mailing list
> >> > > > liberationtech at lists.stanford.edu
> >> > > >
> >> > > > Should you need to change your subscription options, please go to:
> >> > > >
> >> > > > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >> > > >
> >> > > > If you would like to receive a daily digest, click "yes" (once you
> >> > click
> >> > > > above) next to "would you like to receive list mail batched in a
> >> daily
> >> > > > digest?"
> >> > > >
> >> > > > You will need the user name and password you receive from the list
> >> > moderator
> >> > > > in monthly reminders.
> >> > > >
> >> > > > Should you need immediate assistance, please contact the list
> >> > moderator.
> >> > > >
> >> > > >
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > ----------------------------------------
> >> > > Cyrus Farivar
> >> > > "suh-ROOS FAR-ih-var"
> >> > >
> >> > > Freelance Technology Journalist
> >> > > cfarivar at cfarivar.org
> >> > >
> >> > > DE: +49 163 763 3108 (m)
> >> > > US: +1 510 394 5485 (m)
> >> > >
> >> > > AIM: FarivarCJ
> >> > > Twitter/Skype/Yahoo/gChat: cfarivar
> >> > >
> >> > > http://www.cyrusfarivar.com
> >> > >
> >> > > "Being a good writer is 3% talent, 97% not being distracted by the
> >> > Internet."
> >> > > _______________________________________________
> >> > > liberationtech mailing list
> >> > > liberationtech at lists.stanford.edu
> >> > >
> >> > > Should you need to change your subscription options, please go to:
> >> > >
> >> > > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >> > >
> >> > > If you would like to receive a daily digest, click "yes" (once you
> >> click
> >> > above) next to "would you like to receive list mail batched in a daily
> >> > digest?"
> >> > >
> >> > > You will need the user name and password you receive from the list
> >> > moderator in monthly reminders.
> >> > >
> >> > > Should you need immediate assistance, please contact the list
> >> moderator.
> >> >
> >> > _______________________________________________
> >> > liberationtech mailing list
> >> > liberationtech at lists.stanford.edu
> >> >
> >> > Should you need to change your subscription options, please go to:
> >> >
> >> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >> >
> >> > If you would like to receive a daily digest, click "yes" (once you
> click
> >> > above) next to "would you like to receive list mail batched in a daily
> >> > digest?"
> >> >
> >> > You will need the user name and password you receive from the list
> >> > moderator in monthly reminders.
> >> >
> >> > Should you need immediate assistance, please contact the list
> moderator.
> >> >
> >> >
> >>
> >> _______________________________________________
> >> liberationtech mailing list
> >> liberationtech at lists.stanford.edu
> >>
> >> Should you need to change your subscription options, please go to:
> >>
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >>
> >> If you would like to receive a daily digest, click "yes" (once you click
> >> above) next to "would you like to receive list mail batched in a daily
> >> digest?"
> >>
> >> You will need the user name and password you receive from the list
> >> moderator in monthly reminders.
> >>
> >> Should you need immediate assistance, please contact the list moderator.
> >>
> >> _______________________________________________
> >> liberationtech mailing list
> >> liberationtech at lists.stanford.edu
> >>
> >> Should you need to change your subscription options, please go to:
> >>
> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >>
> >> If you would like to receive a daily digest, click "yes" (once you click
> >> above) next to "would you like to receive list mail batched in a daily
> >> digest?"
> >>
> >> You will need the user name and password you receive from the list
> >> moderator in monthly reminders.
> >>
> >> Should you need immediate assistance, please contact the list moderator.
> >>
> >
> >
> > _______________________________________________
> > liberationtech mailing list
> > liberationtech at lists.stanford.edu
> >
> > Should you need to change your subscription options, please go to:
> >
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > If you would like to receive a daily digest, click "yes" (once you click
> > above) next to "would you like to receive list mail batched in a daily
> > digest?"
> >
> > You will need the user name and password you receive from the list
> > moderator in monthly reminders.
> >
> > Should you need immediate assistance, please contact the list moderator.
> >
> >
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
More information about the liberationtech
mailing list