Possible To Defend Cell Phones Against Stingrays?

Everybody, everybody - what's up.

 

I have a question, that I'm sure the answer to already might be, "No, it doesn't help anything". With all the stuff about 'Stingray' devices used to sniff cell data and to triangulate a cell phone's location regardless of GPS signal or if powered on (in some cases), I started thinking about what would be necessary to protect oneself from such a blatant misuse of authority and violation of our bill of rights.

 

First, let me preface this off with - but shouldn't even need to say that - I have nothing to hide. The fact that my privacy should be, private, is enough for me to ask the question and consider what can be done by us without buying the $3500 CryptoPhones. This is a complete intrusion of everyone's privacy, our basic rights, and shows the blatant disregard for our privacy our authorities have. I am all for finding ways we can find terrorists and ways to keep us safe. But you know they're abusing the ability to use these devices before they even obtain a warrant. They're just trying to cover appearances. I'm not a conspiracy theorist and no I'm not paranoid. This is just too much power for any group of authorities (what happened to checks and balances?).

 

Ok I'm off my tirade. Back to the technical question:

 

Is there a way we can protect our privacy without the need for a CryptoPhone? Some carriers, like T-Mobile, offer a wifi calling app that will switch off your radio when connected to wifi to make calls. If you happened to have your phone rooted and used the SSHTunnel app to set up a socks proxy to route all traffic through an encrypted SSH tunnel with the use of a carrier's wifi app, or through using your own SIP / VOIP service, would you be protected? What about if your weren't on wifi and routed all calls/data through the same socks proxy, encrypting your data over the carrier's 3G/4G towers?

My concern to the above questions is that some articles have stated your antenna can still be tracked even when 'not connected' to the towers. I'm sure that even with a socks proxy over cell towers that agencies could still triangulate a cell phone's signal by checking which towers it is connected to. I am not as concerned about my location being triangulated as I am with my banking info, etc, being made available through this infrastructure of 'security'. My largest concern is of a good group of hackers who know how to create a Stingray device that can snoop my data while authenticating to my bank, email, work, etc. 

 

So to reiterate:

1. Can we protect ourselves at all without a special OS like the one from CryptoPhone?

If so:

2. Will a socks proxy over cell 3G/4G protect you?

3. Will wifi calling with a carrier like T-Mobile help when the cell antenna is disabled?

4. Will using your own voip / sip service through Flowroute, etc over data with wifi / 3G / 4G using a socks proxy help?

 

My largest fear is that the answer to 1 might be no, in which case we can fork out a lot of cash for a CryptoPhone to be protected. Or wait for a law to be passed so that our government can abide by it... yeah... right... like that ever happens...

 

What are your thoughts?

 

 

 

More info:

http://www.computerworld.com/article/2600348/mobile-security/are-your-calls-being-intercepted-17-fake-cell-towers-discovered-in-one-month.html

http://en.wikipedia.org/wiki/Stingray_phone_tracker

https://www.aclu.org/node/37337

https://www.aclu.org/blog/national-security-technology-and-liberty/victory-judge-releases-information-about-police-use

http://www.cryptophone.de/en/products/mobile/cp500/

1) No

2) No

3) No

4) No

As long as you are sending any data you could be located and security cracked... Recently rated as "top secret" ssl was leaked to have holes that were designed so US gov. could simply get what they want, if they want it.

(btw. there is a way to even triangulate your location while your phone is only receiving data, expensive to set up but possible and once you have equipment its cheap and fast...) Also phones were designed in a way that anyone can turn on your cellphone, access your data, or even charge through radio waves.

You could use an App like Signal 2 (http://signal.kssh.ca/) to monitor the tower your phone is connecting to, and monitor the dBm to see if you are connected to a real tower and not a stingray. If you notice a sudden shift in the towers transmit power or location it might indicate you are not connected to a real tower.


The original poster, Senturion, is asking about his data being insecure in transactions like Online Banking over mobile data. SSL is protecting that with a Public Key Infrastructure that's providing end to end encryption for that transaction. Is SSL encryption good encryption? It's approved by the government to protect top-secret government data, so I think it's more likely to be broken by somebody gaining access to your private key (through a vulnerability like Heartbleed) than by somebody bruteforcing the AES-256 encryption.

 

There is certainly the possibility of a criminal enterprise employing a stingray or other "Fake Cell Phone Tower" devices, but strong end to end encryption is still your best defence.

Possible To Defend Cell Phones Against Stingrays?


stick it in a lead(metal) box...

I wonder if you could root your base-band chip. I remember that the ancient gsm chips were comically easy to manipulate. If you can reprogram the baseband chip you can protect yourself against fake towers (stingray is a brand).

You could  map all the towers in your area & if a new one pops up you could could go hunt for it: Is it the signal emanating from an actual tower or from a conspicuous briefcase, public utility box etc

Also legitmate towers leave a gigantic bureaucracy trail, if you find a tower without any bureaucracy attached to it, you now where you at. ;)

In the long run it wont matter much because the pressure to generate independent mesh-nets is enormous. And then the spies as well as the criminals (i realize that is a somewhat overlapping group) are going to have to fight against mathematical barriers. Which means that they have to break into the Operating systems of the users. If they do that allot, their "bug-doors" are going to depreciate very fast.

Just as a curiosity, though, if I used SIP-based wifi calling over wifi only and used an SSH proxy tunnel and disabled my radio, I sitll wouldn't be better protected from stingray devices than if I just left the radio enabled and used it over mobile data?

 

You would be better protected because your data would have a further level of encryption on it. However there still may be vulnerabilities. For example, if you do get connected to a fake cell phone tower being operated by somebody intent on stealing your data, they will save all of the packets that you transmit, including the "Authentication" packets used to set up the Key Exchange for your SSH setting. There may be vulnerabilities in the SSH protocol itself, depending on the settings and version (for example, weaknesses in the RSA algorithm or Diffie-Hellman Curve). After all your packets and data are stored safely on the Stingray owners hardware, they can decrypt it at their leisure.

It really does come down to strong end to end encryption. If SSH is fully updated and you are using  strong algorithms for key-pair-exchange and encryption, then it's going to be much more challenging for an attacker to decrypt all the data they've captured. With that being said, there have been revelations about  security issues even using strong encryption. For example, the NSA has paid RSA to put a back door in their encryption:
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220

 

Stuart Ward, one of the creators of Cellular 3G security, shared this over a "Security Now" Podcast this week:

 


"I was involved in the design of the security for 3G networks, and yes, the original (2G) SIM authentication protocol is one way, the network authenticates the MS (Mobile station) but the MS cannot verify the network.

This was updated with the work on the 3G specification, and the transition to the USIM. So if you are using a USIM, on a 3G network (or later) then the phone will authenticate the network. But as phones have to work seamlessly onto 2G networks, unless you have specifically set your phone to only use 3G networks, and you have a USIM from your network operator, it is still subject to these attacks.

One of the things in teh specifications it says that the phone must show an indicator when the secure connetion is not enabled, this is the Authentication and Key Agreement (AKA) protocol. This is universally ignored, and there are hardly any phones that show this. If this was enabled, this would be a good indicator that you were not on the network you think you are on. The reason that this is ignored is that operators don't want the support calls should they have problems and have to switch encryption off. Which they do surprisingly often!

Although it is not possible to tell if your phone is conencted to such a rogue base-station, the presence of these shows up to the network operator, because of a spike in handover fails, as nearby phones try to handover established calls to the false base-station.

...
-Stuart, Reading UK"

 

Hopefully that shed some more light on this issue.