
How to Block Stingray Devices - johnny313
https://oaklandmofo.com/blog/block-stringray-devices
======
coretx
When sincerely concerned about stingray devices it might be a better idea to
either invest in a professional detection appliance or to install applications
such as AIMSICD. ( foss/free) If you only deny 2g connectivity; it provides no
certainty against being stung and you won't know if you are a target.

[https://github.com/CellularPrivacy/Android-IMSI-Catcher-
Dete...](https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector)

~~~
JoeSmithson
I have struggled to come up with a way of asking this neutrally, and I believe
in a right to privacy and think "nothing to hide, nothing to fear" is
nonsense, but seriously... wtf are people doing that they are "sincerely
concerned about stingray devices"?

~~~
pavel_lishin
The article mentions attending protests as one such "suspicious" activity.

------
qwerty456127
> So they stand between you and the tower and sift through the transmission
> first. This means they can now intercept data on that transmission. I don’t
> know what they can do with it, and there is no real clear information on
> what data they can get. They do say metadata and access the cellphones
> internal storage, so that is enough to want to block the Stingray.

Cellphones internal storage? Seriously?

~~~
pjc50
"Service update" SMS messages can write certain things to the SIM card and
other aspects of the phone without user interaction.

(this machinery is rather hard to google for and I'm not sure if it has a
better name in the official GSM documents)

~~~
assblaster
That's interesting, it sounds like something that was being repeatedly sent to
my Motorola flip phone in China in 2007. I had the ability to reject this
SMS/MMS thankfully.

~~~
rasz
No, that was most likely spam. You cant even see service updates(OTA), just
like silent sms(type0) they are invisible to the user.

[https://github.com/CellularPrivacy/Android-IMSI-Catcher-
Dete...](https://github.com/CellularPrivacy/Android-IMSI-Catcher-
Detector/issues/69)

------
squarefoot
On modern phones Stingray devices are just one of the many tools that can be
used to gain access to private communications and data. Any app requiring
access permissions to everything is a potential vulnerability that can be
exploited by 3rd parties (not to mention closed blobs etc); in this context
smartphones are all things considered much more vulnerable than old 2G ones.
Not being a target of interest for the police myself, I will rather trust my
old obsolete 2G only dumb phone because the chances of it being spied upon by
Google, Microsoft, Apple, Facebook etc. and associated parties are zero, zero,
zero and zero.

~~~
vkou
What exactly are the practical consequences of being spied on by GMAF,
compared to law enforcement?

You'll see a targeted advertisement, in place of an untargeted one?

The problem with being spied upon by law enforcement is that it's not you who
decides whether or not you're an interesting person. They do.

~~~
hedora
Law enforcement agencies can (and do) purchase ad targeting profile data, and
can also force warrantless searches of commercial databases, at least in the
US.

They also can legally (and do) intercept things like backup replication
streams of the big providers (they did this to yahoo years ago, for example).

My rule of thumb is that if any big consumer cloud service has it, then law
enforcement does too.

Since the data is gathered using gray-area / illegal techniques, it will never
be used in legitimate ways in court, which means it will only ever be used to
further violate the rights of private citizens.

~~~
vkou
> Law enforcement agencies can (and do) purchase ad targeting profile data

Ad targeting profile data isn't typically sold in a way that's particularly
useful to LE. It's the most valuable thing the ad networks own. I can't call
up Facebook [1], and ask to buy your demographic profile. I can call up
Facebook, and ask to buy the ability to show ads to people fitting your
demographic profile.

Data from big providers, that ends up in the hands of law enforcement, is
gathered through one of two ways:

1\. Legitimate requests for access, with a judge signing off on it, an
associated paper trail, and some pushback from the companies.

2\. NSLs, with a secret judge signing off on it, and nearly no paper trail,
and some pushback from the companies.

As far as I'm aware, #1 dwarfs #2 in frequency of access, and is also a
completely legal, above-board way for LE to operate.

Stingrays, on the other hand, are much more like #2.

I mean, if you're not going to go through the trouble of protecting yourself
from a Stingray, I understand. I occasionally jaywalk, and don't always cook
my meat to 'well-done', wear mixed fabrics, and may have played hokey during
my last dentist appointment. It's a risk/hazard sort of thing.

But if type #2 LE access is what you're concerned about, then you should
probably look into dealing with Stingrays.

[1] Actually, I guess I can, as we discover with the train wreck of a platform
partners program. And I am shocked that it is that much of a train wreck.
Still, I can't buy your profile from Apple, or Google, or Microsoft.

------
HackAllThings
It’s worth pointing out that even the author admits that the newer Stingray II
has 3G/4G support. I think this is probably related to known insecurities in
the AKA protocol, as researchers have recently found [1]. It looks like call
interception isn’t so straight forward anymore, but IMSI capture and
approximate location capture are alive and well.

So unless you can verify that only Stingray I is deployed in the vicinity, I
think it’s a stretch to say that the Stingray product “doesn’t care” about
anything other than 2G.

[1]
[https://www.blackhat.com/docs/us-17/wednesday/us-17-Borgaonk...](https://www.blackhat.com/docs/us-17/wednesday/us-17-Borgaonkar-
New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track-And-Monitor.pdf)

------
baybal2
Works on some mediatek based phones

[https://play.google.com/store/apps/details?id=kz.galan.antis...](https://play.google.com/store/apps/details?id=kz.galan.antispy)

------
jsjsoaofnfn
What might me important for some reader: shutting off 2G services means that
you won't have telephone voice services, if your operator doesn't support
voLTE.

~~~
grkvlt
No, there's also 3G as well, remember. My phone allows 2G, 3G, 2G and 3G, 3G
and 4G, or 2G and 3G and 4G network selections in its settins menu (Android 7,
Sony)

------
masonic
Don't all phones have this in "Settings"?

e.g. Settings-Connections-MobileNetworks-NetworkMode

Also, will my phone even bother with 2G if LTE, 4G, or 3G is available?

~~~
Scipio_Afri
You can force a phone into 2G handshaking, that's how stingrays work.

~~~
masonic
Okay, thanks for the explanation.

Meanwhile, setting my Samsung Galaxy S9 to no-2G gives me a warning message
that cannot be dismissed: "This setting turns off 2G service. If 2G service is
off, some app..." (the remainder can't be viewed).

~~~
auiya
> (the remainder can't be viewed).

Sounds like terrific UI design

~~~
giancarlostoro
Also like their QA team is slacking, if they have one.

~~~
vorpalhex
> if they have one

I believe they have a single QA person who is paid minimum wage and whose desk
is in a broom closet somewhere, judging from my own experiences...

~~~
giancarlostoro
Sadly just because you have a QA department doesn't mean much. Your investment
is only as good as the people you invest in (at least in this case). "Oh I sit
around all day using a phone?"

------
tapland
If you are having trouble accessing the _#_ #4636# _#_ menu (I had on my
international S9+) this app got me into the menu:
[https://play.google.com/store/apps/details?id=com.samseen.ne...](https://play.google.com/store/apps/details?id=com.samseen.networkswitch&rdid=com.samseen.networkswitch)

~~~
pavel_lishin
Honestly, I'd rather take my chances of being spied on by the local police
department rather than install a very suspicious looking app from the play
store.

"contains ads"

------
lkdjjdjjjdskjd
Is that relevant, if your apps only communicate with encrypted messages (https
only and so on)?

~~~
r3bl
Yes. For example, stingrays could still locate your phone and deny you
service.

~~~
jpmattia
Isn't that also true for non-stingray connections?

For an example of location from today's news:
[https://www.mcclatchydc.com/news/investigations/article21901...](https://www.mcclatchydc.com/news/investigations/article219016820.html)

------
tantalor
Mods: Please fix title, "Stingray" not "Stringray"

~~~
dang
Oops. That was a Paris in the the Spring. Fixed now—thanks!

[https://www.google.com/search?q=%22paris+in+the+the+spring%2...](https://www.google.com/search?q=%22paris+in+the+the+spring%22&source=lnms&tbm=isch&sa=X&vede=0ahUKEwio5u7sxMDfAhW7HjQIHXvFDQkQ_AUIDigB&biw=1420&bih=936)

------
EGreg
Dude doesn’t explain why stingrays are only good on 2G

Also, how to do it on iOS?

~~~
jsjsoaofnfn
2G doesn't have mutual authentication, thereby Man-in-the-Middle attacks are
trivial. From 3G on, attackers cannot simply fake the real network.

