As most in the technology community know, nation states have a suite of powerful tools that can be used to trace and monitor mobile phones. By and large, this comes up in discussions of privacy and legislation now and then, before fading out of the public eye once more. In the face of a global pandemic, however, governments are now using these tools in the way many have long feared – for social control. Here’s what’s happening on the ground.
The Current Situation
With COVID-19 sweeping the globe, its high level of contagiousness and rate of hospitalizations has left authorities scrambling to contain the spread. Unprecedented lockdowns have been put in place in an attempt to flatten the curve of new cases to give medical systems the capacity to respond. A key part of this effort is making sure that confirmed cases respect quarantine rules, and isolate themselves to avoid spreading the disease. Rules have also been put in place in several countries where all overseas arrivals must quarantine, regardless of symptoms or status. Continue reading “Cellular Tracking Used During COVID-19 Pandemic”
Although hard to believe in the age of cheap IMSI-catchers, “subscriber location privacy” is supposed to be protected by mobile phone protocols. The Authentication and Key Agreement (AKA) protocol provides location privacy for 3G, 4G, and 5G connections, and it’s been broken at a basic enough level that three successive generations of a technology have had some of their secrets laid bare in one fell swoop.
When 3G was developed, long ago now, spoofing cell towers was expensive and difficult enough that the phone’s International Mobile Subscriber Identity (IMSI) was transmitted unencrypted. For 5G, a more secure version based on a asymmetric encryption and a challenge-reponse protocol that uses sequential numbers (SQNs) to prevent replay attacks. This hack against the AKA protocol sidesteps the IMSI, which remains encrypted and secure under 5G, and tracks you using the SQN.
The vulnerability exploits the AKA’s use of XOR to learn something about the SQN by repeating a challenge. Since the SQNs increment by one each time you use the phone, the authors can assume that if they see an SQN higher than a previous one by a reasonable number when you re-attach to their rogue cell tower, that it’s the same phone again. Since the SQNs are 48-bit numbers, their guess is very likely to be correct. What’s more, the difference in the SQN will reveal something about your phone usage while you’re away from the evil cell.
A sign of the times, the authors propose that this exploit could be used by repressive governments to track journalists, or by advertisers to better target ads. Which of these two dystopian nightmares is worse is left as comment fodder. Either way, it looks like 5G networks aren’t going to provide the location privacy that they promise.
Via [The Register]
Header image: MOs810 [CC BY-SA 4.0].
Anyone who had a cheap set of computer speakers in the early 2000s has heard it – the rhythmic dit-da-dit-dit of a GSM phone pinging a cell tower once an hour or so. [153armstrong] has a write up on how to capture this on your computer.
It’s incredibly simple to do – simply plug in a set of headphone to the sound card’s microphone jack, leave a mobile phone nearby, hit record, and wait. The headphone wire acts as an antenna, and when the phone transmits, it induces a current in the wire, which is picked up by the soundcard.
[153armstrong] notes that their setup only seems to pick up signals from 2G phones, likely using GSM. It doesn’t seem to pick up anything from 3G or 4G phones. We’d wager this is due to the difference in the way different cellular technologies transmit – let us know what you think in the comments.
This system is useful as a way to detect a transmitting phone at close range, however due to the limited bandwidth of a computer soundcard, it is in no way capable of actually decoding the transmissions. As far as other experiments go, why not use your soundcard to detect lightning?