The “Atlas of Surveillance” has the info – or at least, some of it.
cross-posted from: https://programming.dev/post/36111319
EFF: Atlas of Surveillance.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 4.07K Posts
- 103K Comments
- Modlog
TLDR: Detecting Stingrays is pretty trivial, they are active in a lot of places.
I use a software defined radio, mostly to have a cool map using ADS-B… but it also can receive in the ghz frequency bands and capture the unencrypted header information for cellular data.
That information is largely useless because modern cellular communications don’t expose anything private. However, most cellphones will automatically attempt to use a downgraded connection (5G -> 4G) if they lose connection with the tower.
Stingay/IMSI catcher/Cell Site Simulator take advantage of this by forcing phones in an area to downgrade their connections to older and less secure frequencies and then exploiting that downgrade to get information about the phones in the area.
You can detect these downgrade attacks by listening to the traffic and analyzing the packet captures.
I noticed that my cellphone was losing connection to the tower and I was trying to see if maybe the tower was rebooting or something odd.
I tuned into the frequency bands and saw that it was still transmitting a strong signal while my phone showed no connection. If I restarted the connection it would connect to the tower, but if not it would lose the connection for 15-20mins. It always happened towards midnight but, oddly, not always at the same time.
That made me curious so I found the software to packet capture the cellular data and detect downgrade attacks. Sure enough, I’d get a downgrade attack detection and my phone would drop connection.
After a bit more research I discovered that the connection dropping was a feature, not a bug. GrapheneOS can prevent your cellular modem from downgrading in order to mitigate these kinds of attacks.
And, also, that you don’t have to buy expensive software defined radios and do all of the annoying packet capture and analysis to detect these things. You can do it with cheap ($20) hardware and free software from the EFF: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying
Even if you just have a standard Android operating system, you can prevent downgrade attacks by dialing *#*#4636#*#* and choosing phone information on Android. In there you can choose what your modem will connect to and so you can set it to only connect to say 5G and LTE and if neither of those are available your phone will just have no service.
That’s a good tip, I did not know that.
If someone is going to do this, you really only need to disable 2G. The later generations are encrypted and only your carrier (and the intelligence services who’ve compelled the carriers to provide the keys) has access to the important data.
My Motorola has this by default, buried in Settings > Security > More security settings > Network protection.
I have a Motorola, I just checked and it was not on. It is now.
I turn off legacy connections. Worst case, I get DoS’d.
Is 4g actually less secure?
I thought it was fine… Down grade attack is done via 2g/3g which have no security
They downgrade to 2G, whose encryption is cracked trivially with modern hardware and there’s no tower authentication so it’s possible to have the phones connect through the css.
Disable 2G (or use GrapheneOS) and you’ll mitigate this specific attack.
3G and 4G have some flaws themselves(from Blackhat ‘17: https://youtu.be/BFkrK5kaH4o)
Damn… So 5g only should be used?
I was operating under idea that 4g was better than 5g for privacy and security. I guess I need to hit the books again
Never heard being
Well…
https://cyberdefensereview.army.mil/Portals/6/CDR V5N1 - 08_ Fonyi_WEB.pdf (List on page 10)
It’s safer to just assume that your cellular traffic can be monitored and SMS can be spoofed. So, use VPNs for data(and DNS) and Signal/whatever end to end encrypted messaging software.
Ohh i am balls deep into privacy game.
Just trying to sort out if 5g is better over 4g here for daily activities.
5g uses more battery so I generally stay on 4g but if 4g is less secure, might need to go with 5g
Also, doesnt 5g provide telco with with you position too?
IE they can tell you are on 5th floor v 15th
Yeah, 5G uses beamforming so they know where you are with pretty high accuracy.
Nothing will prevent them knowing your location, if you’re transmitting a signal it can be located with WWI level technology. But the providers do log that data so it can be available for law enforcement.