Welcome to the test network. Your IMSI is IMSI: 346234543252301
Other comments say that LTE networks authenticate in both directions, so you're safe if you can set your phone to LTE-only.
This is a good DefCon talk about how to spoof carrier networks:
Cellular spectrum: Grandstand and extract cash from the carriers.
Ham spectrum: Antenna-laden vans canvasing neighborhoods for radio pirates.
It is despicable.
Got any photos, or links to accounts of these? I did a quick google image search because you think someone would have caught one in the wild by now, but no.
 - https://www.youtube.com/watch?v=xKihq1fClQg
 - You should not take legal advice from strangers on the Internet.
Using the 33cm band is a nice trick.
Has it crippled society?
The true insidiousness of a random mutagen exploit is the fact that you can't pin in down. Hell, you could even specifically code it to be resistant to reproduction attempts. ;)
I did this to a very security-conscious co-worker who freaked out when he noticed his workstation being "attacked" by a printer in a computer lab.
Having the cooperation of the cell service providers would be good, you could just have a small pico cell that tries to blackhole any phones in the building but if a prisoner can smuggle in a cell phone then they can probably smuggle in any other handheld radio as well.
Isn't really a thing. These paints realistically manage 30 dB attenuation at around 1 GHz, which sounds great as a percentage ("99.x% reduction!"), but isn't sufficient to actually deny cellular service. [Paint also normally doesn't cover things like windows etc. which pretty much nullifies them anyway]
You can in fact dump a phone into a fridge or freezer, which (at least here) have steel sheets all over them. Phones still get cellular service.
What you would need is screen plating and windows with RF screening meshes (and of course special window frames and so on). This is a) extremely expensive b) can manage >60 dB attenuation.
Not necessarily true. I used a fridge as a quick alternative to Faraday cage for device testing and it worked fine. It was an old, heavy fridge though, newer ones may contain more plastics and fail to shield properly.
> Add to the mix the thick walls
Because thick walls do not intercept enough of the radio signal. This only works in really remote locations - but e.g. here in Munich there are a number of jails in the city area. If someone would employ a jammer there, the neighbours would protest and/or sue.
A quick search turned up  which reckons £300 million for installation and £800,000 per annum to maintain. Which seems a bit pricey.
That said, there was a plan to trial it this year, but I can't remember if that was pre- or post-brexit.
Oh sweet summer Canadian children.
Add to that that signal strength changes with weather, and you have two solutions: either lots of expensive equipment or lots of buffer land owned by the prison. Both are expensive.
As a rule of thumb, any security protocol that contains lots of "MAY" parts (options) in its specification is suspicious. Even more so if the security layer itself is optional. Ideally, a security protocol contains no "MAY" parts, not even "SHOULD" parts, but only "MUST" parts.
(Not sure where I read this, or who wrote that. So I'm paraphrasing it here. Maybe it's common sense without a single attributable source.)
It just use a directional antenna to listen for the "keepalive" exchange between cell tower and device, focusing on a specific IMSI.
Also, even if your device is currently using LTE or similar, the GSM (or whatever 2G radio it has) will still be on and talking to the relevant network (unless you specifically tell the device otherwise, and the OEM allowed you to). This to provide a smoother handover should the LTE signal drop too low.
Hailstorm on the other hand is basically a jammer tuned to 3G and 4G frequencies, thus forcing any devices in range to drop down to 2G. For the general public a jammer would be a big nono, but law enforcement is a different matter.
Also, I thought Hailstorm was LTE only (and doesn't degrade to 2g).
Depending on the device you may be able to tell it to use newer network only though (my somewhat aging Android device can opt for UMTS only for example).
Cell towers also choose the encryption that the cell phone should use. I don't think any currently available phone notifies you when no (A5/0) or weak (A5/1) encryption is used.
GSM is the problem here. Jam the others, and the phone falls back to 2g.
2g needs to die.
Since LTE is the lowest common denominator technology between all carriers (and LTE is the only cellular technology with hardware that supports all cellular frequency bands in the US) the cellular market in the US is being pushed very strongly in an all-LTE direction. With the inclusion of Cat-M1 and Cat-NB1 modes in LTE release 13, LTE will soon be usable even for low-power IoT devices. AT&T and Verizon are already racing to support those standards on their networks.
Damn it, Nokia had a Symbian phone you could use as a basic desktop for emails and surfing back when iPhone and Android barely did video out (and had to kill the phone screen to do so at least on Android). The mobile world basically came to a standstill, if not went backwards almost a decade, because everyone turned to the odd duck out to lead them into the future...
Typically HSPA is 5mhz+5mhz FDMA, but the carrier is only 3.6mhz+3.6mhz and can be slimmed to 4.2mhzx4.2mhz on Ericsson equipment. NSN equipment can go as low as 3.8x3.8.
In a slim HSPA situation you can run multiple 0.2x0.2 GSM channels.
LTE I've seen all over deployed in 5mhzx5mhz, but I've never seen the 3mhzx3mhz or 1.4mhzx1.4mhz configurations in the wild (they would overload easy).
Non-phone GSM devices are widely operated because of low cost and low data speed needs (most of them just ping a SMS in some direction or other).
UMTS deployments are more likely to be for bandwidth needs, and thus more likely to have moved to LTE setups already.
What I'm trying to say is that while your quip is entertaining:
a) it's impractical to scan/compromise IoT devices remotely without a stupid design (by IoT standards stupid, btw- not regular internet design- we're talking REALLY REALLY STUPID).
b) I would bet my mortgage that the logic you are presenting was never considered by the relevant carriers. They're not that smart.
I don't think this is that insane. I doubt there are many devices that only support UMTS, but there are tons that only support GSM, including many in embedded systems that can't easily be upgraded. So by using most of your spectrum for LTE, you get spectrum efficiency, and supporting GSM you can support everything that doesn't do LTE (just not at high speeds).
Carriers have made it a policy to not whitelist imported devices for voLTE. IMEI needs to be whitelisted at carrier AND carrier file installed in phone needs to have support turned on. Either thing missing, no voLTE for you.
EDIT: Forgot to mention, non-voLTE still signals with LTE for incoming calls and SMS, it'll handover to HSPA/CDMA/GSM within about 2 seconds of the signal coming in. Unfortunately I don't have specifics of this process.
It was a funny loophole to get unlimited SMS on T-Mobile back when they just changed name from Voicestream.
I'm not American, and thus my phone is free of carrier tampering.
I even learned about the SMS over GPRS (thanks) thing because a relative of mine once owned a phone where we had to turn it off to actually get reliable SMS delivery, as it defaulted to GPRS mode.
You can watch the talk here: https://www.youtube.com/watch?v=xKihq1fClQg
I think you need some industry leader to push for this. Apple could do it, or possibly Google although they have a hard time exerting influence over Android device manufacturers.
T-Mobile and AT&T are the national carriers supporting GSM through most of their footprint, AT&T is phasing out their network at the end of the year. T-Mobile moved to A5/3 to try to slow down eavesdropping a bit. There are more rural carriers who aren't in a rush to upgrade and probably still use the older ciphers.
Currently, I am on T-Mobile. There are a few areas that never saw HSPA deployed, and voLTE is not supported on all devices and also suffers separate outages. GSM is needed in those situations as fallback.
Operators would prefer to not have customers complain about outages due to accidentally having GSM turned off. So many phones don't have the option to disable.... though I'd argue now with low band LTE, the footprint is becoming larger than GSM.
I would expect Apple to whitelist 'disable 2G' option sometime in the future for AT&T sims. If not just disabling it outright (unless gov pressure gets in the way)
EDIT: as noted below, some manufacturers/OS you can set 3G only. Android is pokey about it on some devices. With Blackberry 10, I have the option to change network generations on T-Mobile, but not if I put an AT&T sim in.
But the conceit that cell towers are 'badly disguised' is incorrect; the goal is not to successfully hide, but simply to meet the much lower bar of obscuring a non-conforming shape in the environment, so that it doesn't trigger human perceptual interest.
You don't put duplicitously palm fronds on a tower to hide it; you put them so that someone scanning the cityscape from a mile away is not distracted by the utilitarian tower.
Pretty witty, but how does this work? Does it wait for the user to send a message and snoop?
I don't think this means they are sent from numbers known to the recipient. Only that the content is written such that it appears to be from someone who knows the recipient.
I don't know if actual spoofing is possible.
Best you can do is
and memorize your regular cell information for areas you frequent.
(NFC how to get asterisks to show on here, help is useless put them in where the backslashes are)
In addition to the already mentioned code of [STAR]3001#12345# there is also [STAR]#06# which will show your IMEI.
There were plenty of others (including spelling out 'WARRANTY' to get the manufacture date of the phone) but I forgot most of them.
Interestingly, on the iPhone, dialling anything of the format [STAR]# ...anything... # will cause the screen to go grey as if a separate app, then after a short delay tell you that your code was invalid.
For anyone who is confused:
Star #3001#12345# Start
I love how it opens up a separate app. Good stuff
I'm an asterix * and I'm ok
So: " * #999# * " should work.
If I recall it limited encrypted messages to 60 characters before splitting. It was also annoying in that you needed to initiate an OTR handshake to start messaging.
I'm ditching Pidgin-OTR today actually because of the OTR usability issues needing to handshake on every laptop restart. Will be going over to bitlbee terminating OTR on a server and then accessing my ZNC supporting push through TLS. Much less jarring.
OMEMO would be better than OTR for this, but not much supports it yet.
Moxie himself spoke about this in the past.
Carriers being awful is a separate problem. My annoyance rests with the 2G protocol being awful.
Phones, especially smartphones, are pocket spies. If you need privacy, don't take them with you!*
There is no such thing as a privacy smartphone.
* Honestly if you want a private conversation don't have any kind of phone or laptop in the same room.
Do you have any credible source for this claim. If true, it's truly alarming!
> Rather than confirming a target’s identity with operatives or informants on the ground, the CIA or the U.S. military then orders a strike based on the activity and location of the mobile phone a person is believed to be using.
You are right. This is very disturbing. I guess they do this a lot in Northern Pakistan / Waziristan area in the tribal lands and mountains? What if the Terrorist read stories like this, and gave their cell phone to mules who then get killed?
My father's family (he grew up in India in Bombay) got split in half during the Partition of India and Pakistan when the Brits left India. No wonder there is so much rage and anti-american sentiment in Pakistan (my Pakistani relatives complaint all the time on Skype)
But you really want something like like Signal.
Also, the fake tower could just claim to be networks that are commonly preferred.
Is there a legal mandate (911 Surface Area increase), a hardware impasse (phones physically can't) or is it a company decision to not allow (for whatever reason)?
Some fairly well-known examples of art as commentary:
Guernica - https://en.wikipedia.org/wiki/Guernica_(Picasso)
Banksy - http://www.relevantmagazine.com/culture/banksy%E2%80%99s-10-...
George Orwell - https://en.wikipedia.org/wiki/Animal_Farm
Given that today we live surrounded by technology, it's not surprising that artists will use that technology to comment about and around our lives, particularly to announce to those outside the sphere of technology how networks, appliances and technological actions actually are affecting their lives.
The disguised cell towers aren't "the meat", they're, as described in the post, just "conceptual background". Possibly irrelevant background, as they really aren't intended to be secret surveillance devices in those cases.
But send them a fake SMS and maybe they'll start listening.