HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rival_elf

no profile record

comments

rival_elf
·vorig jaar·discuss
Tangentially related, the latest major Android release supports updates from the modem with details about whenever your IMSI/IMEI/unencrypted SUCI are disclosed to the network (with support for some contextual information, e.g. which protocol message was it disclosed in), as well as insight into the in-use network cryptography configuration for different protocols.
rival_elf
·vorig jaar·discuss
See also this 2019 in-depth primer on cellular attacks I wrote for EFF: https://www.eff.org/deeplinks/2019/07/announcing-gotta-catch...
rival_elf
·vorig jaar·discuss
> Criminal IMSI catchers are pretty much dead,

This isn't true, there are major incidents related to IMSI-catchers going on globally right now. E.g. last week from Japan: https://newsonjapan.com/article/145466.php, https://commsrisk.com/amateur-detectives-find-numerous-fake-..., and mass arrests happening in Thailand related to the operation of them recently.

To see news related to them, search "Fake Base Stations" or "SMS Blaster", as this is how they're commonly referred to in the media now.

Other notable highlights from the last few years include: the news from Paris a few years ago where police detonated a car with an imsi-catcher in it because they thought it was a bomb, but actually the driver was being paid to send out sms spam via 2g downgrade attacks: https://commsrisk.com/paris-imsi-catcher-mistaken-for-bomb-w.... Also the attempt to disrupt the federal elections in the Phillippines using a kind of "SMS blaster" that takes advantage of unauthenticated emergency alert messages, so a step beyond the "classic" imsi catching attack that we haven't seen used in the wild before.