CBC News/Radio-Canada has conducted an invetigation revealing that someone is using devices that track cellphones in the area around Parliament Hill.
The article shows the method they use to track this devices; the CryptoPhone from German company GSMK.
I recommend the full article, available here.
On March we could see another real case of fake station attacks, this time to spread trojan malware “Swearing Trojan” using SMS, reported by Check Point.
Press coverage:
Fake mobile base stations spreading malware in China, TheRegister.
Hackers Using Fake Cellphone Towers to Spread Android Banking Trojan, TheHackerNews
Two papers in a short period of time describe how to implement easy IMSI Catchers in 4G, using OpenLTE, srsLTE or gr-LTE:
– “Easy 4G/LTE IMSI Catchers for Non-Programmers“, Stig F. Mjølsnes and Ruxandra F. Olimid (Norwegian University of Science and Technology, Trondheim)
– “Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems“, Altaf Shaik, Ravishankar Borgaonkar, N. Asokan, Valtteri Niemi and Jean-Pierre Seifert
Although these 4G stations aren’t functional, also can be use to downgrade our mobile to a 2G or 3G fake station using “TAU Reject” code “LTE services not allowed”.
For the 30th and 31st of March, Black Hat Asia was held in Singapore, where I taught together with Simón Roses the course “Attacking 2G/3G mobile networks, smartphones and apps” and was able to present the Arsenal “CellAnalysis“.
After reviewing some news about fake stations, such as the last one in China to distribute bank malware and other recent attacks, we verify the operation of the application with the different software defined radio boards and compatible phones, analyzing advantages and disadvantages of each one of them to detect the most common attacks. We also presented results of exercises performed in audits in Madrid and Barcelona, analyzing the large amount of information that can be extracted from the files generated by the tool, such as behavior patterns or temporary identities entropy of each 2G/GSM station, in order to detect abnormal behaviors.
In the following days I will update CellAnalysis download link with Singapore version. A real experience been able to share the project in Singapore.