[liberationtech] New Satphone Safety Guide
Brian Conley
brianc at smallworldnews.tv
Wed Mar 21 22:08:21 PDT 2012
However none of this deals with the fatal flaw of being under threat of
Radio Transmission triangulation, no?
As I understand it, you may have to be within a few kilometers to pick up
the signal, but if you know the transmission is coming from with in X
neighborhood or Y town, the GPS issue isn't necessarily the primary/only
threat.
On Wed, Mar 21, 2012 at 10:00 PM, Jacob Appelbaum <jacob at appelbaum.net>wrote:
> On 03/21/2012 09:19 PM, Collin Anderson wrote:
> > Would anyone in this conversation be so kind as to satisfy a tangential
> > curiosity of mine. The case of Alan Gross in Cuba seems so wrapped up in
> an
> > under-explained and over-hyped piece of equipment:
> >
> > On his final trip, he brought in a "discreet" SIM card -- or subscriber
> >> identity module card -- intended to keep satellite phone transmissions
> from
> >> being pinpointed within 250 miles (400 kilometers), if they were
> detected
> >> at all.
> >
> >
> > http://www.businessweek.com/ap/financialnews/D9SSHGPG2.htm
> >
> > Beyond the obvious issues with that statement; does anyone know what they
> > are referring to?
> >
>
> Whoa - I had not caught that part of the story with Alan Gross... I
> wonder how he got his hands on the SIM? I've tried to get them and it's
> non-trivial. It requires either favors, a trade or basically a ton of
> cash from the "right" group of people.
>
> My understanding is that there are some special SIM cards that have two
> unique properties that matter for location privacy. The first property
> is that the HLR database knows that the SIM is special and so it will
> authorize a connection without a GPS location in the initial uplink. The
> second is that the device (phone, modem, etc) firmware knows that this
> SIM is special by checking some field on the SIM itself and so it won't
> send the GPS coordinates but rather the spot beam. We can easily
> discover what the field is with a SIMTrace[0] tap if we acquire one of
> these SIMs.
>
> My understanding is that the firmware still fetches the GPS coordinates.
> It then looks up the GPS location in a coverage table of all spot beams
> for the planet and then the firmware returns the spot beam where the GPS
> coordinates are located. The device then sends the spot beam into space,
> etc.
>
> A few years ago I found some public data on this and I think the company
> offering these SIMS in public is Deltawave[1] - I haven't however found
> an obvious way to buy them on their website. This is also very specific
> to BGAN and it is quite clearly a network by network, firmware by
> firmware specific information.
>
> In theory if we capture the setup with a discreet SIM with SIMTrace, we
> can MITM a normal BGAN SIM and fake a a discreet SIM response with just
> a few dollars of hardware. The network might reject it, obviously. But
> hey, if anyone has a discreet SIM sitting around, I'd be more than happy
> to see if it works in a country where it is legal to not send the GPS
> location of the device.
>
> Alternatively, one could pick a BGAN device and build a GPS MITM tool
> for the actual hardware without any such special SIM...
>
> All the best,
> Jacob
>
> [0] http://www.sysmocom.de/products/simtrace
> [1] http://www.deltawavecomm.com/
>
--
Brian Conley
Director, Small World News
http://smallworldnews.tv
m: 646.285.2046
Skype: brianjoelconley
public key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCEEF938A1DBDD587<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE827FACCB139C9F0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120321/0e4cfb3d/attachment.html>
More information about the liberationtech
mailing list