Every year, security researchers, hardware hackers and other deep geeks from around the world converge on an English nature reserve for Electromagnetic Field, a hacker campout where participants show off and discuss their research and creations.
Read the rest
An NBC investigative journalism team and a security researcher went wardriving around the DC area with a cell-site-simulator detector that would tell them whenever they came in range of a fake cellphone tower that tried to trick their phones into connecting to it in order to covertly track their locations (some cell site simulators can also hack phones to spy on SMS, calls and data).
Read the rest
In 2016, Motherboard used public records requests to receive 3,000 pages of documents from the Royal Canadian Mounted Police detailing the federal police agency's longstanding secret use of IMSI Catchers (AKA "Stingrays" -- the fake cellular towers that silently capture data on every cellphone user in range). Read the rest
A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other "cell-site simulators" (AKA IMSI catchers). Read the rest
Well, there's a second-decade-of-the-21st-century headline for you! Read the rest
Police who rely on vulnerabilities in crooks' devices are terminally compromised; the best way to protect crime-victims is to publicize and repair defects in systems, but every time a hole is patched, the cops lose a tool they rely on the attack their own adversaries. Read the rest
During the Standing Rock confrontations, the Electronic Frontier Foundation got reports of police use of IMSI Catchers -- secretive surveillance devices used to gather data from nearby cellphones, often called Stingrays or Dirtboxes -- so it dispatched lawyers and technologists to monitor the situation, and filed 20 public records requests with law enforcement agencies. Read the rest
Muckrock has been sending Freedom of Information requests to state police forces to find out how they're using "cell-site simulators" (AKA IMSI catchers/Stingrays), and they hit the motherlode with the Virginia State Police. Read the rest
An outstanding post on the EFF's Deeplinks blog by my colleague Ernesto Falcon explains the negligent chain of events that led us into the Stingray disaster, where whole cities are being blanketed in continuous location surveillance, without warrants, public consultation, or due process, thanks to the prevalence of "IMSI catchers" ("Stingrays," "Dirtboxes," "cell-site simulators," etc) that spy indiscriminately on anyone carrying a cellular phone -- something the FCC had a duty to prevent. Read the rest
The baseband firmware in your phone is the outermost layer of software, the "bare metal" code that has to be implicitly trusted by the phone's operating system and apps to work; a flaw in that firmware means that attackers can do scary things to your hone that the phone itself can't detect or defend against. Read the rest
If you spend enough time looking at Flightradar24's data about fly-overs of American cities, you can figure out where and when the feds are flying domestic spy-aircraft, watching for the tell-tale circling patterns and mapping the planes' owners to companies that investigative journalists have revealed to be fake cut-outs for the FBI. Read the rest
Maryland attorney general Brian E Frosh has filed a brief appealing a decision in the case of Kerron Andrews, who was tracked by a Stingray cell-phone surveillance device. Read the rest
Orange County has many claims to fame: Richard Nixon, the S&L scandal, subprime boiler-rooms, Disneyland, an airport honoring a cowboy named Marion, and now, the revelation that its police force secretly uses low-flying surveillance aircraft to break the encryption of thousands of cellphone users, track their movements, and intercept their communications. Read the rest
The DHS's newly released policy statement on the use of Stingrays (stationary fake cellphone towers used to track people in a specific location) and Dirt Boxes (airplane-mounted surveillance that tracks whole populations) represents a welcome, if overdue, transparency in the use of cellphone surveillance by federal agencies. Read the rest