[liberationtech] Moscow Metro says new tracking system is to find stolen phones; no one believes them

Tue Jul 30 03:04:13 PDT 2013

Spoofing GSM station has been known for a while. What abt newer generation
networks (3G,LTE,UMTS,etc)?
Unlike GSM, these networks authenticate the station and IMSI is usually
encrypted. So what is the state-of-the-art for spoofing the station, for
tracking here? What are the known vulnerabilities?
- does this rely on backward compatibility (i.e. phones connect to the
network with stronger signal so phones can be tricked into connecting to a
fake GSM station)?
- does it exploit a vulnerability in authentication/hand-over of these new
networks?
- does it use statistical methods to infer where users are (e.g.
http://www.isti.tu-berlin.de/fileadmin/fg214/Papers/UMTSprivacy.pdf)

Thanks

On Tue, Jul 30, 2013 at 9:56 AM, Eugen Leitl <eugen at leitl.org> wrote:

>
>
> http://arstechnica.com/tech-policy/2013/07/moscow-metro-says-new-tracking-system-is-to-find-stolen-phones-no-one-believes-them/
>
>
> Moscow Metro says new tracking system is to find stolen phones; no one
> believes them
>
> Experts: Russians are probably using fake cell tower devices for
> surveillance.
>
> by Cyrus Farivar - July 29 2013, 11:10pm +0200
>
> On Monday, a major Russian newspaper reported that Moscow’s metro system is
> planning what appears to be a mobile phone tracking device in its metro
> stations—ostensibly to search for stolen phones.
>
> According to Izvestia (Google Translate), Andrey Mokhov, the operations
> chief
> of the Moscow Metro system’s police department, said that the system will
> have a range of five meters (16 feet). “If the [SIM] card is wanted, the
> system automatically creates a route of its movement and passes that
> information to the station attendant,” Mokhov said.
>
> Many outside experts, both in and outside Russia, though, believe that what
> local authorities are actually deploying is a “stingray,” or “IMSI
> catcher”—a
> device that can fool a phone and SIM into reading from a fake mobile phone
> tower. (IMSI, or an International Mobile Subscriber Identity number, is a
> 15-digit unique number that sits on every SIM card.) Such devices can be
> used
> as a simple way to see what phone numbers are being used in a given area or
> even to intercept the audio of voice calls.
>
> The Moscow Metro did not immediately respond to our request for comment.
>
> “Many surveillance technologies are created and deployed with legitimate
> aims
> in mind, however the deploying of IMSI catchers sniffing mobile phones en
> masse is neither proportionate nor necessary for the stated aims of
> identifying stolen phones,” Eric King of Privacy International told Ars.
>
> “Likewise the legal loophole they claim to be using to legitimize the
> practice—distinguishing between tracking a person from a SIM card—is
> nonsensical and unjustifiable. It's surprising it's being discussed so
> openly, given in many countries like the United Kingdom, they refuse to
> even
> acknowledge the existence of IMSI catchers, and any government use of the
> technology is strictly national security exempted.”
>
> These devices are in use, typically by law enforcement agencies worldwide,
> including some in the United States. Portable, commercial IMSI catchers are
> made by Swiss and British companies, among others, but in 2010, security
> researcher Chris Paget announced that he built his own IMSI catcher for
> only
> $1,500. Still, mobile security remains spy-versus-spy to some degree, each
> measure matched by a countermeasure. In December 2011, Karsten Nohl,
> another
> noted mobile security researcher, released "Catcher Catcher"—a piece of
> software that monitors network traffic and looks at the likelihood an IMSI
> catcher is in use.
>
> Keir Giles, of the Conflict Studies Research Centre, an Oxford-based
> Russian
> think tank, told Ars that Russian authorities are claiming a legal
> technicality.
>
> "They are claiming that although they are legally prohibited from
> indiscriminate surveillance of people, the fact that they are following SIM
> cards which are the property of the mobile phone operators rather than the
> individuals carrying those SIM cards makes the tracking plans perfectly
> legal," he said, adding that this reasoning is "weaselly and ridiculous."
>
> The Russian newspaper also quoted Alexander Ivanchenko, executive director
> of
> the Russian Security Industry Association, who pointed out that even to be
> effective, such a system would need these devices every 10 meters (32
> feet).
>
> “It is obvious that the cost of the system is not commensurate with the
> value
> of all the stolen phones,” he said. “Also, effective anti-theft technology
> is
> already known: in the US, for example, the owner of the stolen phone knows
> enough to call the operator—and the stolen device stops working, even if
> another SIM-card is inserted.”
>
> Two major Russian mobile providers, Beeline and Megafon, have told Russian
> media (Google Translate) that they are unaware of this supposed anti-theft
> measure. On the other hand, BBC Russian reports (Google Translate) that the
> system is due to come online in late 2013 or early 2014.
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130730/79d3e10a/attachment.html>