While the project has largely languished lately, I reimplemented a sensor with similar capabilities to Project Seaglass with the goal of a lower BOM cost and easier purchase - the particular Telit module they used is discontinued and hard to obtain. My BOM is around $160 and could be lowered. See here: https://github.com/jcrawfordor/cellscan
since some years already any app based solutions are useless in practice since they yield a huge amount of false positives or no results at all. The talk on crocodile hunter (an EFF software) goes into why that is so: https://www.pcmag.com/news/police-spying-on-your-phone-ask-c...
edit: if you've ever spent some time sitting on a plane (non domestic) and your phone was on during the time-window when boarding is ongoing and just before the aircraft taxis to the runway, then there is a very good chance that you've connected to one of these before. It's a way to match known cell numbers of individuals where an arrest warrant has been issued (or otherwise individuals that are monitored) against actual passengers phones (who might be traveling with a fake ID). If somebody on your flight was ever lifted off the plane by LEA (but obviously has made it through security into the plane) they are very likely the target of such a dirtbox intercept.
>If somebody on your flight was ever lifted off the plane by LEA (but obviously has made it through security into the plane) they are very likely the target of such a dirtbox intercept.
You'd think fugatives won't bring their phones with them, turn them off unless absolutely necessary, or use burners.
Most criminals aren't particularly forward-thinking. Those that are, usually don't get caught as often, so the ones you see are those that aren't. I used to break a lot of drug laws when I was an addict (I'll leave which ones up to your imagination, for obvious reasons) -- I used to be called paranoid by those I associated with as I refused to travel with phones, changed number and phone once a month, among other things.
Unlike them, I was never caught and have no record. A lot of that is down to lucky, obviously, but the ones I know of who are still active and not in prison do similar things (burners, never have a device on them if possible, rotate burner SIMs constantly, use encrypted messaging, etc.).
Anyway, its been years, but it's a lot less stressful to be sober and law abiding!
There was another one in f-droid (or at least it was named differently at the time) that I had installed and running by curiosity a few years ago. I more or less forgot it until one day while I was driving on the highway and got forcibly directed out because of a blockade set by protesters (nation-wide protests by farmers occurring at that time). Once in the vicinity of said blockade I got notified unequivocally that something weird was happening to the cellular network. I guess law enforcement people were using IMSI catchers to monitor protesters.
Just anecdotal evidence, however, while I almost never got false positive alerts from this app (once at the arrival of an international flight), the one time it triggered a notification, it was in a highly probable situation.
Communication between our devices and these base stations being so opaque (closed-source baseband processors/OS not helping there) and sensible, I'm glad these projects exist and I just installed this one, blaming myself for not doing so earlier.
In case anyone else is wondering what an IMSI-Catcher is, let me save you a google:
"An international mobile subscriber identity-catcher, or IMSI-catcher, is a telephone eavesdropping device used for intercepting mobile phone traffic and tracking location data of mobile phone users."
They're also cheap, easy to use and deployed all over the country by local law enforcement. It isn't just three letter agencies using them, it's your local police department, too. No warrants needed, either.
No warrants? Because they intercept only the phone's identity (and therefore your location?) and not voice/text traffic, presumably.
Not that it's not still egregious but it's described in this thread as an "eavesdropping" device so it would be helpful if we could be explicit.
If my supposition above is accurate then the rationale is likely the fact that you are traveling in public is not considered protected against unreasonable search.
It's because they use the devices for eavesdropping. If they want to use data they collected from eavesdropping in court, then they need a warrant.
For example, if they're spying on a drug dealer, they can determine the right time to pull them over for a traffic violation and also catch them in the act of transporting drugs. If law enforcement doesn't submit evidence obtained from spying, it looks like whoever pulled them over was just in the right place at the right time[1].
Is it just me that looks at the equipment photo, and thinks - you're using an inverter to convert 12VDC to 120VAC, then a couple of wall plug transformers to convert that back down to low-voltage DC - why don't you just use a DC regulator?
Everything is off-the-shelf: you can find 12DC to 120AC at Walmart, but a DC/DC regulator is harder to find and more difficult to configure and setup correctly.
A 12 V lead acid battery ranges from around 12.7 volts when fully charged down to around 12.2 at 50% (the minimum recommended charge level for typical car batteries). When starting the car, the voltage will drop below that. When the alternator is running to charge the battery it is around 14 V.
Is there any regulation or filtering on the 12 V ports on cars, or do devices plugged into them see it all--the alternator voltage when it is running, a big drop when starting, and 12.7-12.7 at other times?
There's no standardized regulation or filtering; devices typically see it all. And it's much more than the alternator voltage; a device might see transient 24V or more, and as little as 9V.
Modern chargers tend to be really forgiving, and they're often powering a device that has its own battery, so there are multiple levels of regulation between the car and the device.
On the other hand, I've used automotive adapters that do a simple DC-DC conversion with no regulation, and pass through to a barrel connector to a device that would otherwise be powered by standard alkaline disposable batteries. Those aren't nearly as robust, and I've seen devices fail or power-cycle due to undervolting.
Not necessarily, and there is way worse stuff on that power source than that. For example, you have to guard against things like “load dump” where voltage can spike up to rather high voltages momentarily (80V or so, don’t know the actual spec right now).
Chances are that a modern car has more regulation and protection between battery/alternator and the 12V plug, but you don’t usually know what, and the spec doesn’t (or at least didn’t when i looked into it) require it.
No filtering, it goes directly to the general power rails in the car, with all the noise included. Devices are responsible for filtering/protection as needed.
Ooh. New project for today. Deploy this locally and figure out how to make this a public service where people can run their devices and the data is uploaded to a central database in real-ish time so people can see suspect changes.
EDIT: This should have a 2017 tag, as the code is 4 years old and I assume the same is true for the website.
http://wigle.net/ app collects cell tower locations, I bet with some clever searching of their dataset you could find these. Likely not in as real of time though.
It is much easier (and more often done) to implement a solution for a static position. Many embassies and other highly sensitive locations have these, commercially available, installations.
We used to build them for fun (no profit) many moons ago.
Basically what you do is place a couple of (1, 2 or whatever) sensors (we used to use these Motorola C123 with osmocom) and just keep taps on signal strength and antenna ID over time, and inspect changes.
P.S. The company has quite an interesting list of buyers: https://www.exporthub.com/shenzhen-thinkwell-digital-co-ltd-... . Including one "eternal friend" of US who has recently been caught red handed stingraying the state department, and the whitehouse.
> P.S. The company has quite an interesting list of buyers: https://www.exporthub.com/shenzhen-thinkwell-digital-co-ltd-... . Including one "eternal friend" of US who has recently been caught red handed stingraying the state department, and the whitehouse.
Link is to a motorcycle mp3 player. What am I missing?
What... is the price of these again ? Im on mobile and the price in my currency shows this specific one in upwards of us $ 18k+? Is it that expensive or is alibaba somehow showing me wrong price
The German government has just published a paper on the requirement for telecom operators to ensure LEA continue to be able to _covertly_ intercept traffic in 5G: "Ensuring Undetected use of the IMSI Catcher", the paper which is in German (https://posteo.de/FormulierungshilfeBMI.pdf) reads:
" > Mobile network operators must ensure security authorities can use IMSI Catchers without the end user becoming aware of this. According to the TKG-E, mobile operators must continue to allow IMSI catchers in accordance with statutory investigative measures. Until now, it's unnecessary for operators to act so that members of the Security authorities can use IMSI-Catchers, as they "simply" pretend to be a base station. In new mobile networks, devices brought into the network must be actively "accepted" by the network and otherwise cannot be used. As a result, it will no longer be possible to insert IMSI catchers of "previous design" into the new networks. We acknowledge that in the future unauthorised persons, such as foreign intelligence services can no longer use them. At the same time, it will no longer be possible for German security authorities to use an IMSI catcher without the cooperation of the mobile operator. The necessary regulations for the participation of the mobile operator are already included in the draft TKG, but the necessary addition is missing that the introduction of an IMSI catcher by security authorities may not be known to the end user."
Most people will think this is a fringe scenario which will never affect them. But they are very common in international airports:
> At Trudeau airport, Radio-Canada detected the catcher's presence through the use of a CryptoPhone — a cellphone look-alike that emits red alerts when a fake antenna tries to catch its signal. Several red alerts were received, throughout the afternoon and early evening, in the section of the airport for U.S. departures.
> For two months last year, researchers at the University of Washington paid drivers of an unidentified ridesharing service to keep custom-made sensors in the trunks of their cars, converting those vehicles into mobile cellular data collectors. They used the results to map out practically every cell tower in the cities of Seattle and Milwaukee—along with at least two anomalous transmitters they believe were likely stingrays, located at the Seattle office of the US Customs and Immigration Service, and the Seattle-Tacoma Airport.
> The devices are operated out of at least five U.S. airports, "covering most of the U.S. population". It is unclear whether the U.S. Marshals Service requests court orders to use the devices.
For a "modern" take on this subject (info relevant to 3G is outdated unless they do a downgrade attack on you first), see this article and the linked videos that go into the issues LEO face with 4G/5G and the "crocodile hunter" software that is an EFF project to identify them: https://www.pcmag.com/news/police-spying-on-your-phone-ask-c...
Seems like that would maybe be a game of cat-and-mouse, but fundamentally these IMSI catchers have to have an identifiable signature. That is, in order to work they need to mimic an existing cell tower as much as possible, but it is exactly because of that mimicry that they can be detected over time (e.g. because the signal is coming from a different location).
Using more than one antenna will expose a phase difference and drifting in time can't be avoided either unless they waste millions of tax money on ultra expensive TCXO's.
Herefore I suspect that they'll passively identify a signal and order the service provider to decrypt it at their backbone.
If France/the GSM foundation could pull of that encryption is to be downgraded in strategic countries; surely some other powerhungry nationstate will beat that record.
"a matter of national security" - there are endless interfaces into the network (by law) for lawful interception and some of them are designed in such a way that Interceptor E1 cannot see what Interceptor E2 is trying to read.
Still, some 'other' interested parties that have reasons not to use the standardised interfaces.
For 5G at lot of additional security measures CAN be enabled, but you can guess who started to complain about that.
Right, that is highly probable and the fact that it's likely to happen will drive nefarious operators to illegally change IMSI numbers,etc., that is, if it's not already happening on a grand scale. This could lead to a technology war between law enforcement and crooks where the main victims will be innocent people.
The bigger and more important issues are that (a) our police forces are becoming more militaristic and are acting more like invading armies without themselves conforming to the law not to mention the fact that they are also acting underhandedly and by stealth (which leads the citizenry to distrust them), and (b) the issue of citizens' right to privacy has not been properly or adequately addressed by legislators.
The fact that our governments have precious little oversight of and exercise even less control over their various agencies is also of great concern.
Telit GT-864 QUAD/PY GSM modem $65
External antenna $25
Raspberry Pi 2B+2 $35
GPS (GlobalSat BU-353) $30
Bait Phone (Motorola Moto-G 4G LTE) $95
4G Hotspot (ZTE Z917) + 3 month plan $100
DC/AC inverter $26
Powered USB Hub $17
Pi accessories $15
SD Card (32 GB) $17
Modem accessories $30
Cables $35
Box $12
Total $502
https://seaglass-web.s3.amazonaws.com/SeaGlass___PETS_2017.p...