Conversation
pavel

Pavel Machek

@jiska First, thanks for nice talk at 37c3. I don't have an iPhone, but catching IMSI catchers is cool. OTOH it is also too late -- by the time you analyze your logs, IMSI catcher already has your position logged.

Early gsm phones (like Nokia 5110) had service menus with capabilities such as 'lock to specific cell tower' which could be used to prevent that -- just lock your phone to "known good" cells. Have you seen similar functionality in modern modems?
1
0
2
jiska@chaos.social

jiska 🦄fairydust

Reply to @pavel

@pavel that would require patching CommCenter/rild if not even the baseband firmware. On iOS that means jailbroken (insecure) phones, on Android that might work with custom ROMs.

IMHO location tracking is not that severe. An RBS could take over the whole communication like SMS, Internet, etc. or be the entry point for RCE in the baseband firmware.

2
0
1
jiska@chaos.social

jiska 🦄fairydust

Reply to @jiska@chaos.social
Edited 10 months ago

@pavel
Limiting cells to known good ones might not be feasible for protesters, journalists, etc. in practice.

Also attackers could use the same "good" cell ID for an RBS. The phone would then attempt to connect to it, especially if it has a stronger signal. Indicators for compromise here would be the signal strength and, if the attacker does not collaborate with telcos, a failed authentication attempt. Both is used as detection criteria by CellGuard.

0
0
1
pavel

Pavel Machek

Reply to @jiska@chaos.social
@jiska Dunno. Location tracking is easy to do on mass scale, while you are defending against targeted attacks. The location tracking data are collected, and they'll probably find a way to bad hands sooner or later. I'd prefer not to be part of that database. Anyway, if you ever find phone that can lock on given BTS, I'll be very interested :-).
0
0
0
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: