
This machine catches stingrays: Pwnie Express demos cellular threat detector - gregcohn
http://arstechnica.com/information-technology/2015/04/this-machine-catches-stingrays-pwnie-express-demos-cellular-threat-detector/
======
rsync
Here is the matrix of "odd events" that you need to be able to detect in a GSM
network:

[https://opensource.srlabs.de/projects/mobile-network-
assessm...](https://opensource.srlabs.de/projects/mobile-network-assessment-
tools/wiki/CatcherCatcher)

(scroll down to table)

So while these very high level alerts from Pwnie are nice, I want to see what
is really happening. Have I gotten any silent SMS or silent calls ? What
network am I on and what cellID am I on ? Do I have an encrypted connection ?

I'm fairly certain that Pwnie does not have a baseband that they control and
so there is a lot they (and we) cannot do, but there are things that can be
done, and that outdated table of suspicious events can probably be expanded
(and updated for LTE).

Comments ?

I was at their booth today at RSA and they confirmed that these cellular
functions are _not_ available on the PWN Phone, which makes me suspicious that
the cell modem they are using is _not_ a USB modem, but rather a minipci
module that goes into their box. Would like to know what modem they chose...

~~~
im3w1l
A silent sms is like a ping. It generates a delivery receipt but doesn't
display in the inbox. But what do you mean by silent call?

~~~
tmosleyIII
A silent call is when the phone is connected to a base station and forced into
transmitting, you don't notice your phone is doing it.

------
Animats
That's useful. It should be possible to do almost as well with a suitably
programmed phone, if you can get to the RF control level. What's needed is
something that gives to the app level the same kind of info that's available
for nearby WiFi stations. Then anyone could write analysis apps.

"Cell tower pinning", so that your phone remembers the cell towers in an area
and reports new ones, would be useful. When a new one pops up, that's an
interesting event. That capability would be useful for other purposes, such as
finding and reporting coverage holes.

~~~
alfiedotwtf
Like this?

* [https://secupwn.github.io/Android-IMSI-Catcher-Detector/](https://secupwn.github.io/Android-IMSI-Catcher-Detector/)

* [https://github.com/SecUpwN/Android-IMSI-Catcher-Detector](https://github.com/SecUpwN/Android-IMSI-Catcher-Detector)

------
universaltest
I kind of wish we would just use a more secure cellular protocol to begin
with. And I know that's a lot to ask for, but can't we just have nice things?

~~~
gregcohn
Encrypted content over the cellular protocol seems more plausible than a
secure protocol, given that a) it's a feature that phones can roam across
networks and b) the way these "exploits" work is for LE to emulate an endpoint
in a system whose principles actively collaborate with LE (to some degree
under force of law).

