Most will probably be owned by law enforcement. Many will be operating without the benefit of a warrant. So what do you do when you find one? You won't make many friends if you interfere with an ongoing investigation particularly if you raise questions about the legality of the operation at the same time.
Things were much the same back in the old days. If a telephone employee would find listening devices on the lines they were best off just quietly removing them and disposing of them. In the wild, surveillance equipment legally installed under a warrant looks exactly the same as all of the other kinds.
So in practice everyone got to tap phone lines, just as long as they didn't annoy anyone too official while doing so. The targets would never find out, unless the were willing to climb a telephone pole and check for themselves. The same thing will probably happen with stingray type devices. People like private investigators are likely already using them.
Can someone please explain to me why this cell security problem seems to be completely ignored? If encryption algorithms are broken, they're phased out and untrusted. But if 2g is insecure, there's not a single peep from networks or phone manufactures or Google or Apple about phasing out 2g. There isn't even an option to disable it.
Why don't towers have a sort of encryption certificate verifying they're legit?
Why doesnt my cell provider just provide my phone a list of it's legit towers?
I can think of so many ways to solve this problem. But it's super hard to find any information if how this all works.
I'd say let's hope they'll remember that the next time they'll ask for backdoors in some other technology.
But in reality I have very little hope that they will.
I wasn't familiar with the term 'stingray', so this headline was both confusing an amusing to me. I was confused about why they would even be looking for 'hostile' cartilaginous fish. I can't be the only one.
As a resident, let me pose to you this : The government doesn't always know what the rest of the government is doing. I would be surprised if there weren't rogue Stingray's out there, and even more not surprised that it's some discreet arm of the government.
This is not limited to the US. In fact, you are late to the party. Both in Oslo and in London these where uncovered and published about, that was 2015.
https://www.aftenposten.no/norge/i/kamWB/New-report-Clear-si...
https://commsrisk.com/reporters-find-20-imsi-catchers-in-lon...
> IMSI-Catchers also allow adversaries to intercept your conversations, text messages, and data. Police can use them to determine your location or to find out who is in a given geographic area at what time. [1]
Does turning one's phone off not disable pinging cell towers?
[1] https://cellularprivacy.github.io/Android-IMSI-Catcher-Detec...
Why can't they find them the same way government agencies normally enforce radio licensing? Drive around with a receiver (a cell phone, basically) enumerating all the purported cell towers in a geographic area, then cross-check that with a list of legitimate carrier infrastructure?
I think this is good news. I think the kinds of politicians that are typically over-friendly with the police are also the kind that want a strong military. The use of "law enforcement" technology like stingrays by hostile intelligence agencies, might create a useful tension in them that could help convince them to harden domestic communications against law enforcement spying.
Seems like a good reason to install and use something like
https://cellularprivacy.github.io/Android-IMSI-Catcher-Detec...
Do the Feds have bounties for catching illegal stingrays?
Layman question: one can limit their exposure with encrypted VoIP communications (e.g. FaceTime) and chats (iMessage, Signal), correct?
That being said, the intercepter would still know:
- phone being connected (IMEI)
- location of the phone
- which servers were requested, but not the encrypted content (yet)
- how much data was transmitted, "call time"
So if two phones were talking with each other over FaceTime connected to stingrays, a third-party can still deduce that they were talking to each other given the amount of data being transferred and when the requests occurred.
Possibly rogue IMSI catchers have also been spotted in in Ottawa. If I had to bet they're run by CSE, which of course will neither confirm nor deny.
https://www.google.ca/search?q=ottawa+imsi+catcher&oq=ottawa...
For those confused about the terminology in the title...
> The devices, which are also known as stingrays or IMSI catchers, are commonly used by domestic law enforcement nationwide to locate a particular phone. Sometimes, they can also be used to intercept text messages and phone calls. Stingrays act as a fake cell tower and effectively trick a cell phone into transmitting to it, which gives up the phone’s location.
My understanding is that all stingrays are by definition hostile.
Is that Russian ship still parked nearby? I recall reading about that a while back. Maybe that's where the signal is coming from. https://www.cnn.com/2018/01/22/politics/russia-spy-ship-us-c...
Ambiguous title. On my first reading I thought: do they mean animals? ...or missiles? ...oh no it's even scarier then the first two!
Is Milenage still a safe protocol?
Or are all of these stingrays still dependent upon forcing you to switch down to the older 2G protocols?
The headline doesn't at all agree with the what the article and its sources say, which is basically a whole lot of nothing.
Why would they admit that they could find them?
The same backdoors politicians want in our devices will come back to haunt them.
>we don’t know how to find them
Triangulation?
I work in wireless telecom: Really doubtful "we don't know how to find them". The FCC's enforcement bureau has a set of vans equipped to find unauthorized transmitters. IMSI catchers must transmit and remain on the air. It would be very risky to operate, even briefly, a portable imsi catcher in a briefcase and move it around WA DC, nevermind one that remained in fixed locations for hours. The only other explanation I can think of is being operated from embassies with full diplomatic protections, but that runs the risk of the host county (USA) PNG'ing several staff with 24 hour notice as punishment.
Quick edit: Whole US federal agencies have their own TSCM (technical surveillance countermeasures) staff entirely separate from the FCC. It is a job position at the dept of state. Evolved from bug detection and removal in the analog days to now encompass just about everything that can leak data.