It Might Be Possible To Build A Stingray With A Raspberry Pi

If there’s one thing that’s making you insecure, it’s your smartphone. Your smartphone is constantly pinging the cell towers, giving out your location and potentially leaking your private information to anyone with a radio. This is the idea behind an IMSI catcher, or Stingray in common parlance, and now you too can build one with parts you can buy off of Amazon.

The key to this hack is a software defined radio dongle, or RTL-SDR, that has been repurposed to listen in on a GSM network. Literally the only hardware required is an RTL-SDR that can be bought online for less than fifteen dollars, and you can identify the IMSI, or unique ID linked to every SIM card, in smartphones around you. The only bit of software required is a small Python script from [Oros42], freely available on GitHub.

Of course, building an IMSI catcher with a desktop is of limited utility, and using a laptop is still a bit too bulky to surreptitiously conceal in a public location. No, to really get the bang for your buck out of this, you need to do this with a small single-board computer running off a battery pack. Luckily, [Joseph Cox] over at Motherboard reports, “It is likely possible” to run this on a Raspberry-Pi. We’re guessing it’s even more than “likely” possible.

Hackaday Links: April 8, 2018

SiFive raised $50 Million in funding. SiFive is a semiconductor working on two fronts: they want to democratize silicon prototyping, and they’re the people making the HiFive series of microcontrollers and SoCs. The HiFives are built on the RISC-V instruction set, a Big-O Open instruction set for everything from tiny microcontrollers to server CPUs. With RISC-V, you’re not tied to licensing from ARM or their ilk. Recently SiFive introduced an SoC capable of running Linux, and the HiFive 1 is a very fast, very capable microcontroller that’s making inroads with Nvidia and Western Digital. The new round of funding is great news for anyone who wants Open Source hardware, and the silicon prototyping aspect of it is exceptionally interesting. Great news for SiFive.

Guess what’s in just a few weekends? The Vintage Computer Festival Southeast. The VCFSE is Hotlanta’s own vintage computer festival, with a whole host of speakers, exhibits, and consignment to tickle those vintage dopamine receptors. On deck for the speakers is [Michael Tomczyk], one of the people responsible for the VIC-20, and [Scott Adams], no the other [Scott Adams], creator of adventure-style games for personal computers but not that adventure-style game. The exhibits will include Japanese retro computers, simulating an ENIAC and a mechanical keyboard meetup. If you’re around Georgia, this is an event worth attending.

Conference season is just around the corner, and you know what that means. It’s time to start ramping up for #badgelife. What is badgelife? It’s a hardware demoscene of electronic conference badges. This year, the badgelife scene has stumbled upon something everyone can get in on. Add-ons! They’re electronic hats (or shields, or capes) for all the badges. Physically, it’s a 2×2 pin header. Electronically, it’s power, ground and I2C. Want to prototype your own add-on? Good news, there’s a development board.

The Titius-Bode law states the semi-major axes of planets follow a geometric progression. The (simplified, incorrect) demonstration of this law states Mercury orbits at 0.25 AU, Venus at 0.5 AU, Earth at 1 AU, Mars at 2 AU, and continues to the outer planets. The Titius-Bode law is heavily discredited in the planetary science community, and any paper, talk, or manuscript is rejected by scientific editors out of hand. The Titius-Bode law is the planetary science equivalent of flat Earth conspiracy theories and Nazi moon bases; giving any consideration to the idea confirms you’re a moron. This week, some consulting firm posted something that is the Titius-Bode law on their blog. Why? So it could be submitted to Hacker News for that sweet SEO. This submission was upvoted to the top position, and is a wonderful springboard to argue an interesting point on media literacy. I posit the rise of news aggregators (facebook, twitter, digg, reddit, and HN), is the driving force behind ‘fake news’ as lay people become the gatekeepers. Prove me wrong.

The Department of Homeland Security has confirmed there are cell-site simulators (Stingrays, IMSI-catchers, or otherwise known as your own private cell phone base station) around Washington DC. It’s unknown who is operating these simulators, or even where they are. There are two things to read between the lines with this information: Duh, there are rogue Stingrays in DC. Holy crap duh. I bet there are also some around midtown Manhattan. You can buy the stuff to do this on eBay. Personally, I’ve found half a dozen Stingrays or other rogue cell stations this year (guess where?). Second, why is this a news item now? Is this a signal that the DHS will start clamping down on stuff you can buy on eBay? Hop to it, people; cellular hardware is a great way to make a liquid nitrogen generator.

LTE IMSI Catcher

GSM IMSI catchers preyed on a cryptographic misstep in the GSM protocol. But we have LTE now, why worry? No one has an LTE IMSI catcher, right? Wrong. [Domi] is here with a software-defined base transceiver station that will catch your IMSI faster than you can say “stingray” (YouTube video, embedded below).

First of all, what is an IMSI? IMSI stands for International Mobile Subscriber Identity. If an IMEI (International Mobile Equipment Identity) is your license plate, your IMSI would be your driver’s license. The IMEI is specific to the phone. Your IMSI is used to identify you, allowing phone companies to verify your origin country and mobile network subscription.

Now, with terminology in tow, how does [Domi] steal your IMSI? Four words: Tracking Area Update Request. When a phone on an LTE network received a tracking area request, the LTE protocol mandates that the phone deletes all of its authentication information before it can reconnect to a base station. With authentication out of the way [Domi] spoofs a tower, waits for phones to connect, requests the phone’s IMSI and then rejects the phones authentication request, all under the nose of the phone’s user.

Now, before you don your tinfoil hat, allow us to suggest something more effective. Need more cell phone related hacks? We’ve got your back.

Continue reading “LTE IMSI Catcher”

Hackaday Prize Entry: Catch The IMSI Catchers

An IMSI catcher is an illicit mobile phone base station designed to intercept the traffic from nearby mobile phones by persuading them to connect to it rather than the real phone company  tower. The IMSI in the name stands for International Mobile Subscriber Identity, a unique global identifier that all mobile phones have. IMSI catchers are typically used by government agencies to detect and track people at particular locations, and are thus the subject of some controversy.

As is so often the case when a  piece of surveillance technology is used in a controversial manner there is a counter-effort against it. The IMSI catchers have spawned the subject of this post, an IMSI catcher detector app for Android. It’s a work-in-progress at the moment with code posted in its GitHub repository, but it is still an interesting look into this rather shadowy world.

How them you might ask, does this app hope to detect the fake base stations? In the first case, it will check the identity of the station it is connected to against a database of known cell towers. Then it will try to identify any unusual behaviour from the base station by analysing its traffic and signal strength. Finally it will endeavour to spot anomalies in the implementation of the cell phone protocols that might differentiate the fake from the real tower.

They have made some progress but stress that the app is in alpha stage at the moment, and needs a lot more work. They’re thus inviting Android developers to join the project. Still, working on projects is what the Hackaday Prize is all about.

Hackaday Links: January 11, 2015

Listening tests reveal significant sound quality differences between various digital music storage technologies. Finally the audiophile press is tackling the important questions. This listening test looks at the difference between two four-bay NAS boxes, with one making the piano on Scherzo and Trio from Penguin Café Orchestra’s Union Cafe sound more Steinway-like, while another NAS makes it sound more like a Bosendörfer. Yes, your choice of digital storage medium can change the timbre of a piano. Another gem: “Additionally, the two units also had different processor architectures, which might also affect perceived audible differences.” There must be a corollary to Poe’s Law when it comes to audiophiles…

[10p6] has begun a project that can play every old Atari cartridge. Right now it’s just a few bits of plastic that fits every non-Jaguar Atari cartridge, but it’s a start.

The Android IMSI-Catcher Detector. You’ve heard about Stingrays, devices used by law enforcement that are basically fake cell towers. These Stingrays downgrade or disable the encryption present in all cellphones, allowing anyone, with or without a warrant, to listen in on any cell phone conversation. Now there’s an effort to detect these Stingrays. It’s open source, and they’re looking for volunteers.

[Rob] sent in something that’s the perfect application of projection mapping. It’s called Face Hacking, and it’s pretty much just a motion capture systems, a few projectors, a whole lot of CG work, and just a tiny bit of dubstep. It look cool, but we’re wondering what the applications would be. Theatre or some sort of performance art is the best I can come up with.

A while ago, [4ndreas] saw a 3D printed industrial robot arm. He contacted the guy for the files, but nothing came of that. [4ndreas] did what anyone should do – made his own 3D printable industrial robot arm. The main motors are NEMA 17, and printing this will take a long time. Still, it looks really, really cool.