• General

  • Can anything shield IMSI from IMSI catchers?

fluxcondensator Even without a sim card the baseband of your loved grapheneos pixel will send data over the air.

This is why people have been talking about airplane mode in this thread.

fluxcondensator Also an advanced adversary can target your basebands software to do things with it. Cheers.

Perhaps, but this is why it's important to keep up with updates. Also, the baseband is isolated. Google has done some work hardening the cellular baseband on the Pixel 9 as explained in this post. The GrapheneOS project account has said a few times they think Google will backport the improvements to the older devices they support, so successfully exploiting vulnerabilities on cellular basebands should be harder.

        other8026 1. An attacker could potentially disable airplane mode.

        1. While the baseband is isolated and hardened point 1. is still a problem.

        Thats why removing the baseband / rf tranceiver is the only option for this high of an threat model right now.

            An 'imsi-catcher' or stingray is also mainly used by government entities, for example at protests.
            They will setup a stingray at that location, everybody his phone in close proximity to that protest will connect to that 'cellular tower'/stingray. Consequently they would have a database of anyone who attended that protest. Some embassies use this technique aswell.

            In addition, perhaps someone finds this interesting, but there are even 'passive' imsi-catchers, available on github for anyone with a hackrf or similar sdr. A single person could sniff a cellular tower a see what 'imsi's' are connected to that specifical tower. The single person probably doesn't have the resources to translate those imsis to identities though. Proof of concept can be found on cemaxecuter youtube channel somewhere.

            fluxcondensator 1. An attacker could potentially disable airplane mode.

            How? They'd need access to the device and at least one of the PINs or passwords to unlock one of the profiles to do this. In that case, there may be no need for an exploit.

              de0u Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again

              I looked up your source to see how to do this but did not find directions. How does one do this?

                  Murcielago thank you, so if I go to a protest with this setup and find a hotspot, stingrays would not see my SIM or IMSI numbers while I chat on Signal or Session?

                      K8y find a hotspot

                      If you think it's safe to connect to some random hotspot during a protest I have bad news for you. Unfortunately there's no Wall of Sheep during such events.

                      • K8y replied to this.
                      • K8y likes this.

                          0xsigsev good point...the free open hotspot itself might be a trap by the surveillance team! Is that what you mean?

                          Would a VPN take care of that?

                              K8y Is that what you mean?

                              Yes.

                              K8y Would a VPN take care of that?

                              No. They're your first hop, it may protect from some randoms setting up shady hotspots to play with people, but in this case I'd not count on it.

                              • K8y replied to this.
                              • K8y likes this.

                                    0xsigsev hmmm...are there such things as "pocket routers"? Is this what "raspberries" are?

                                    How can someone connect to a secure Internet while in airplane mode on the go...would a Starlink connection solve this?

                                        K8y

                                        K8y thank you, so if I go to a protest with this setup and find a hotspot, stingrays would not see my SIM or IMSI numbers while I chat on Signal or Session?

                                        This is an interesting conversation, with a lot of history. To add, here are some links that may answer questions about IMSI catchers, etc. in general:

                                        Plain language technical information about IMSI catchers: https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks

                                        If you're generally interested in protest security - this 'Surveillance Self Defense' guide is pretty good and has a section on attending a protest: https://ssd.eff.org/

                                        It's not just IMSI catchers though... Device/Person correlation can be derived from: AGPS location privilege given to an app that sells this data (e.g. Google fulfilling geo-fence warrants) or connecting to your University's Library Wi-Fi (e.g. Pamona College, etc. recently)...

                                              K8y There are, but they in turn would need a sim card to connect to a cellular tower. U got the point i guess, unless u can obtain a sim card that in no way can be linked to your real identity, and preferably buy the portable router cash, so imei can't be linked to u, might be an option then.

                                              • K8y likes this.

                                                Hill_Sphere I've just read the article linked, and came across an interesting observation.
                                                I'll quote the bit that i found interesting (Section 3.2.3)

                                                Section 3.2.3: Why aren’t users alerted that encryption is off?

                                                At this point, many people ask: why doesn’t their phone tell them something’s up? According to the GSM specifications, cell phone users are supposed to be notified when encryption is disabled, and in some markets they used to be. However, this caused a lot of confusion because:

                                                People would travel with their phones to places where cell towers were configured very differently (e.g. in some countries cell network encryption is banned) and it would cause a “Warning: encryption disabled” pop-up to come up a lot.
                                                Cell towers everywhere were misconfigured, also causing this pop-up to appear a lot.

                                                These issues led to many confused consumers and support calls to mobile carriers, resulting in the warning ultimately being disabled.

                                                @GrapheneOS , apologies fot the tagging, but this made me wonder, is this warning implemented somewhere on carrier level, or on the phone itself?
                                                If on the phone itself, wouldn't it be a nice addition, especially on GrapheneOS, to reimplement this 'feature' perhaps after a toggle, if seen as feasible in the first place?

                                                • de0u replied to this.

                                                    Onlyfun thanks. Does the sim card work with grapheme pixels? It says it is for GL.iNet Devices though I don't see their line of phones...

                                                    And the portable router doesn't need to be plugged into a wall, but simply can be carried in your pocket (battery operated or rechargeable) so you can use with Graphene Pixels on airplane mode WiFi secure messaging to avoid getting on someone's radar?