
A Police Gadget Tracks Phones? Shhh It’s Secret - mattee
http://www.nytimes.com/2015/03/16/business/a-police-gadget-tracks-phones-shhh-its-secret.html
======
dak1
> A few days later, the county asked Harris for a demonstration open to county
> supervisors. The company refused, Mr. Simitian said, noting that “only
> people with badges” would be permitted. Further, he said, the company
> declined to provide a copy of the nondisclosure agreement — at least until
> after the demonstration.

> At the meeting in Santa Clara County last month, the county supervisors
> voted 4 to 1 to authorize the purchase

How on Earth are our elected officials agreeing to such insane requirements?
Our Democracy requires transparency to work, and that especially includes
allowing oversight by our Legislative members and allowing them to communicate
that oversight to their constituents.

~~~
themartorana
There's still a pervasive fear of being the one who let the terrorists win.
It's utterly absurd, but when the DHS and FBI are saber rattling and
procurement departments have the backing of all the three-letter agencies,
town and city officials often show deference. People have been trained to
respect authority - not entirely unjustly - but don't realize that we put them
in office to be the check we can't be as average citizens.

When people say "nothing will ever be the same" this is what they're talking
about.

Edit: we should respect authority, but we shouldn't bow down to it unjustly or
allow it to run amok based on FUD.

------
logn
> “Disclosure of even minor details” could harm law enforcement, he said, by
> letting “adversaries” put together the pieces of the technology like
> assembling a “jigsaw puzzle.”

Then I think this is tied into a much bigger and well-organized system of
surveillance. Everyone already pretty much gets they bug cell phones; what's
left to piece together? Parallel reconstruction seems crucial enough to our
government it's probably semi-automated and I'd wager StingRays are a core
component of that.

------
herbig
Security through obscurity is not security. Anyone with any knowledge of
technology should be weary of this but they'll make millions anyway.

~~~
revelation
Security features are not being obscured, _exploits and vulnerabilities_ are.
That, of course, is very valuable if you presume that knowledge of
vulnerabilities would lead to them being closed and fixed.

In this particular case, the obscurity seems nonsensical because we know very
well how StingRay and IMSI catchers in general operate. The reason the
vulnerabilities they exploit are not closed is down to inertia in what is a
huge market. That's only half of the equation, though; the other side is that
while it's a huge market, it is dominated by very few big global companies
that posess the necessary resources to pursue R&D in this very specialized
area of technology. This is an area where every opensource solution is easily
10, 20 years behind if there even is one at all, and they run on hardware the
same age.

The only curious thing here is why theres been this recent hightened interest
in IMSI catchers, as the concept is very old, and why there is a particular
interest in obscuring the mode of operation, as again, that is theorethically
known. The only explanation I can think of is that advances in hardware have
made it possible to produce a small (think truck sized) system that can crack
various propietary (and generally old) encryption systems used by mobile
phones in realtime and thereby gather more data than you could with an IMSI
catcher telling victims to use no encryption. But then with 3G and other
systems came improved encryption systems that can certainly not be broken in
realtime yet.

The only other explanation I can think of is that Harris has deals with
various telcos to get the encryption keys beforehand, which would be worth
obscuring.

There is also a possibility here that I'm overthinking all of this and the
typical defence contractor that is 20 years behind at all times just thinks
IMSI catchers are the hot stuff and their IP they need to protect.

~~~
kw71
> The only other explanation I can think of is that Harris has deals with
> various telcos to get the encryption keys beforehand, which would be worth
> obscuring.

I was thinking today about how countermeasures could be developed. A 'GSM base
station in a box' went through my hands last year and I played with it a
little before reselling/exporting it. To get a phone to signon I had to
broadcast the network ID expected by the SIM, otherwise it would see the real
one and go there. However, I got successful signons without having any
cryptography enabled, so maybe the keys are not necessary.

It would be interesting if the Stingray would be visible with a site survey
tool, I imagine it might show up as an additional base station. Maybe it would
use a unique ID that did not fit the pattern of the telco's provisioning and
therefore stand out.

Or maybe it steals the ID of a base station on the air and acts as a proxy,
encouraging devices to signon through it because they would see the higher
field strength of the Stingray.

~~~
revelation
There are various advanced approaches already to detecting IMSI catchers (and
other nefarious network activity):

[https://opensource.srlabs.de/projects/snoopsnitch](https://opensource.srlabs.de/projects/snoopsnitch)

The basic problem with all of them is that the chip in your device with all
the information, the baseband, is a separate high-powered processor running
completely propietary software, and as such can not be modified to include
protection or detection features. The app above only works with root access to
a phone with a Qualcomm baseband that happens to have a diagnostic interface
installed, which was then reverse-engineered to pickup the necessary
information.

The situation is far, far from ideal if you consider that baseband chips will
actively collaborate in compromising your privacy and run embedded systems
that have never been vetted and are presumably vulnerable to any number of
trivial exploits such as buffer overflows.

