Every year, security researchers, hardware hackers and other deep geeks from around the world converge on an English nature reserve for Electromagnetic Field, a hacker campout where participants show off and discuss their research and creations.
This year's campout featured attendee badges that doubled as fully functional open source hardware/free software cellular phones, able to make and receive calls and texts.
Also at the campout — but unannounced — was someone's DIY IMSI Catcher (AKA a "stingray), a surveillance device that masquerades as a cellular tower and tricks nearby phones into connecting to it so it can spy on the phone's owner. Stingrays' existence was once a closely-guarded secret, known only to law enforcement officers who routinely lied about how they were able to build cases against the people they arrested. Once a jailhouse researcher discovered that stingrays were used to uncover his identity and make the case against him, their existence became broadly known, even as their use metastasized and variants, like the Dirtbox, found their way onto the undercarriages of low-flying aircraft that constantly crisscross city skies.
IMSI catching and its countermeasures are of intense interest to security researchers and privacy advocates.
Attendees at EMF learned that one of their number had homebrewed an IMSI catcher when they started receiving SMS messages reading "Oh noez! You're connected to an Evil Twin network!"
And the EMF badge is really no different from phones an IMSI catcher may normally target. Dubbed the TiLDA Mk4, the badge "allows you to make and receive calls, send text messages, and use data anywhere in the world. At camp it's a fun toy, but when you leave it's perfect for remote IoT [Internet of Things] connectivity," a post on the EMF website reads.
Hacker Camp Makes DIY Phones, Is Bombarded by DIY IMSI Catcher [Joseph Cox/Motherboard]