HFU HF Underground

General Category => General Radio Discussion => Topic started by: ChrisSmolinski on November 17, 2018, 1848 UTC

Title: With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Min
Post by: ChrisSmolinski on November 17, 2018, 1848 UTC

With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Minutes

With some dirt cheap tech I bought from Amazon and 30-minutes of set-up time, I was streaming sensitive information from phones all around me. IMSIs, the unique identifier given to each SIM card, can be used to confirm whether someone is in a particular area. They can also be used as part of another attack to take over a person’s phone number and redirect their text messages. Obtaining this information was incredibly easy, even for a non-expert.

Full story: https://motherboard.vice.com/en_us/article/gy7qm9/how-i-made-imsi-catcher-cheap-amazon-github

Title: Re: With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Min
Post by: R4002 on November 21, 2018, 1346 UTC

With a SDR, a cheap computer with Ubuntu installed and some h4x0r-level computer work, you too can set up your own cellular phone interception site! 

Fake cell towers in dorm rooms. 

Title: Re: With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Min
Post by: ChrisSmolinski on November 21, 2018, 1437 UTC

Quote from: R4002 on November 21, 2018, 1346 UTC

With a SDR, a cheap computer with Ubuntu installed and some h4x0r-level computer work, you too can set up your own cellular phone interception site! 

Fake cell towers in dorm rooms.

More exciting than listening to 49.86 MHz with a scanner back in the 80s.

Title: Re: With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Min
Post by: ThElectriCat on November 21, 2018, 1647 UTC

With one of the spendier SDRS (anything full duplex) One could do what the cops have sometimes done.
you listen to the cell traffic, grab an IMSI, and figure out which tower they are linked to.
You use the tower channel with a fake embedded signal power indicator to 'be' the tower, next time the user makes a call
when they connect, you send their IMSI to the actual tower(on their channel) convincing the tower you are them.

In the GSM standard, The tower sets all the encryption and data rate paramaters, this is important.

You give the tower whatever it wants, but tell the phone to send everything in the clear with no encryption.
Now you have access to the channel traffic in both directions (both phone numbers, and any call, text message, image etc in either direction)

This is not so straightforward with other LTE standards, but anyone with a multiband phone and AT&T or US cellular is subject as their phone can be tricked into thinking the GSM signal is the strongest.

P.S This is ridiculously illegal (like, federal prison illegal) don't do it. If you do do it, you are responsible for your own actions