from Hacker News

California Police Used Stingrays in Planes to Spy on Phones

by corywatilo on 1/28/16, 12:16 AM with 72 comments

  • by guelo on 1/28/16, 3:18 AM

    My biggest disillusionment when I learned about Stingrays was with the FCC. I had always thought of the FCC as good stewards of the broadcast spectrum and I didn't think they would ever approve shenanigans like the commercial development of radios that impersonate commercial broadcasters.

  • by tedmiston on 1/28/16, 2:19 AM

    More info for anyone else who hasn't heard of Stingrays:

    > The StingRay is an IMSI-catcher (International Mobile Subscriber Identity), a controversial cellular phone surveillance device, manufactured by Harris Corporation.[2] Initially developed for the military and intelligence community, ....

    > Active mode operations

      1. Extracting stored data such as International Mobile Subscriber Identity ("IMSI") numbers and Electronic Serial Number ("ESN"),[9]
  2. Writing cellular protocol metadata to internal storage
  3. Forcing an increase in signal transmission power,[10]
  4. Forcing an abundance of radio signals to be transmitted
  5. Interception of communications content
  6. Tracking and locating the cellular device user,[4]
  7. Conducting a denial of service attack
  8. Encryption key extraction.[11]
  9. radio jamming for either general denial of service purposes[12] or to aid in active mode protocol rollback attacks
    > Active (cell site simulator) capabilities

    > In active mode, the StingRay will force each compatible cellular device in a given area to disconnect from its service provider cell site (e.g., operated by Verizon, AT&T, etc.) and establish a new connection with the StingRay.[13] In most cases, this is accomplished by having the StingRay broadcast a pilot signal that is either stronger than, or made to appear stronger than, the pilot signals being broadcast by legitimate cell sites operating in the area.[14] A common function of all cellular communications protocols is to have the cellular device connect to the cell site offering the strongest signal. StingRays exploit this function as a means to force temporary connections with cellular devices within a limited area.

    So does that mean it would show up as a different carrier on my iPhone, or I'd be blind to the tower choice?

    from https://en.wikipedia.org/wiki/Stingray_phone_tracker

  • by josu on 1/28/16, 2:09 AM

    "The Anaheim Police Department has acknowledged in new documents that it uses surveillance devices known as Dirtboxes—plane-mounted stingrays—on aircraft flying above the Southern California city that is home to Disneyland, one of the most popular tourist destinations in the world."

    According to the United States Census Bureau Anaheim County has a population of 346,997 (2014). Not being from the US, the fact that a county police from an area with a population of 350k is able to afford to buy and operate airplanes amazes me.

  • by sandworm101 on 1/28/16, 5:29 AM

    Cell towers are fixed objects. Has any work been done in detecting these planes based on the fact they are the only cell towers around moving at 100+kph? Could standard cellphone gear be sensitive enough to measure or at least guess at any doppler effect?

    I'm reminded of a British comedy that included a poacher being caught after a tagged animal was found to be traveling at 55mph down the m5.

  • by wyldfire on 1/28/16, 1:53 AM

    We've been hearing about Stingrays so much I wondered what the average Joe can do to avoid 'em.

    This is about the only thing I found, but it's promising for the long term -- http://secupwn.github.io/Android-IMSI-Catcher-Detector/ -- note that they list themselves as still in alpha and to expect false indications.

    I think the typical advice I've heard -- turning off your phone or turning off the baseband functionality is pretty impractical for most folks.

  • by adanto6840 on 1/28/16, 3:43 AM

    As of today, what stops someone (regardless of their intentions) from building or making their own Stingray-like device?

    Is it illegal for an 'average joe' to build or develop one of these? Or is it just super high difficulty, ie the protocols just aren't published or [easily] reverse-engineered? Or right now is it just the illegality of call recording entirely that is "preventing" it's use?

    Pretty sure I watched a conference talk that demoed a functional one that included pass-thru [to prevent suspicion/non-functional devices] to the real cell tower IIRC).

    I'm just curious because obviously this isn't something you want just anyone to be able to build & deploy -- so much potential for abuse, anything from basic identity theft to serious securities fraud, and much more quickly becomes a very serious & probable threat once these become even just slightly more "mainstream" for the public / criminals / mafia / etc...

  • by ChuckMcM on 1/28/16, 4:06 AM

    This kind of stuff always annoys me. One of the interesting things would be a 'home designed' cell system based on using unlicensed spectrum in the TV white spaces. Then you could build a system where a phone only answered a tower which sent out an ident frame which was cryptographically signed by a trusted key. And the response would be encrypted with that trusted key as well so only the cell tower could decrypt it. That and an VOIP back haul network and you're closer.

    Its on my list of projects to look at with SDR, but sadly I am no Fabrice Ballard (who no doubt has already built such a system as a proof of concept and then tossed it away)

  • by beedogs on 1/28/16, 2:04 AM

    No legal justification for any of this. We live in a simulacrum of democracy.

  • by nier on 1/28/16, 2:11 AM

    Here’s what a stingray is in this context:

    ”Stingrays and Dirtboxes are mobile surveillance systems that impersonate a legitimate cell phone tower in order to trick mobile phones and other mobile devices in their vicinity into connecting to them and revealing their unique ID and location.“

  • by TrevorJ on 1/28/16, 3:44 AM

    Serious question: is this not seriously illegal?

  • by samstave on 1/28/16, 5:03 AM

    I wonder if the mobile cell tower they just put up outside of att park is a stingray, or a valid mobile tower

  • by Toenex on 1/28/16, 2:38 PM

    There is another way to read this title that creates a way more interesting mental image...

  • by revelation on 1/28/16, 11:36 AM

    This is also the technique used to drone bomb people. Drones with stingrays circle over areas looking for IMSIs picked up from sigint.

    Hence the high casualty rate, they bomb people based on phone metadata. Don't borrow a friends phone.

  • by pstuart on 1/28/16, 3:10 PM

    Apple and Google should build detection for this into their respective devices.