dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
26
share rss forum feed

CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

1 edit
reply to Crookshanks

Re: Mr. Rigmaiden needs better expert witnesses....

This is true but would would have ALL Verizon cellphones in range connecting to the Stingray. Obviously a warrant wouldn't allow that. The PRL modification would set the target's phone to look for the Stingray (on a separate network) first and a Verizon network second. That would prevent any other Verizon user in the area of the Stingray from connecting to it. What you talk about is possible though and is done by hackers every now and again

The biggest problem with a MITM attack on cellphones is when the target phone is connected to the rogue cell site, they cannot get any incoming calls. Outgoing calls can be routed through an alternate path but, unless Verizon gives you a connection to their switch, incoming voice, email, text will not be intercepted.

EDIT:Rogue not Rouge! Sometimes even with spell check these things happen.


Crookshanks

join:2008-02-04
Binghamton, NY

said by CXM_Splicer:

This is true but would would have ALL Verizon cellphones in range connecting to the Stingray. Obviously a warrant wouldn't allow that.

And? As long as they are just passing the traffic there really isn't an issue here. Internet wiretaps are going to "see" every packet passing the wire, they just use filters to limit the ones they actually capture. No difference here.

CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

Well the analogy is actually more like spoofing the Internet, it is not a traditional MITM attack or a simple eavesdropping; the traffic is only one way. I highly doubt (technical impossibility aside) that the FBI would spoof the Internet for a 1-2 block radius so that everyone in that radius is actually sending data to the FBI instead of the Internet. It is much easier to redirect only the target's DNS address to the FBI so that they are spoofed but no one else is.

I honestly don't know how they are operating and I wouldn't say they are beyond what your are describing but the way the article is describing it is more 'efficient' and less intrusive. If they have Verizon's cooperation in reprogramming the phone i don't see why it wouldn't happen that way.


Crookshanks

join:2008-02-04
Binghamton, NY

To the best of my knowledge a PRL update can't be forced with a 3G phone. It can only be requested by the phone itself during initial provisioning and/or PRL updating (via *228 on VZW, other codes on different carriers). 4G devices work differently of course.

Anyway, they aren't using this for wiretapping, they could just as easily do that using the lawful intercept technology built into the telco switch. They're using this to triangulate the location of a mobile device faster than they otherwise could. It's not really a MITM attack as they are classically understood and aren't any real any privacy concerns if an "innocent" phone connects to their base station.

Also, they don't "spoof" the internet to wiretap someones internet connection, but they do monitor at the network edge, and by definition that means innocent packets will also be passing through the dragnet. So long as they don't monitor/record those packets there isn't a problem