Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Surveillance equipment

Options
  • 26-08-2016 5:55pm
    #1
    mitchconnor16
    Closed Accounts Posts: 83 ✭✭


    Read an article on the newspaper the other day saying that Private Investigators have equipment that can eavesdrop on telephone calls. I know this is illegal but just wondering does such technology exist and is it only available for smartphones?


Comments

  • Options
    #2
    ItHurtsWhenIP
    Registered Users Posts: 2,025 ✭✭✭ItHurtsWhenIP


    They are most likely utilising a stingray.

    However the more fiendish amongst them may be exploiting the SS7 vulnerability.


  • Options
    #3
    mitchconnor16
    Closed Accounts Posts: 83 ✭✭mitchconnor16


    I guess it's not a case of them downloading a software program or mobile app?


  • Options
    #4
    [Deleted User]
    Posts: 0 [Deleted User]


    MMFITWGDV wrote: »
    They are most likely utilising a stingray.
    .

    https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Eric-Escobar-Rogue-Cell-Towers-UPDATED.pdf


  • Options
    #5
    ItHurtsWhenIP
    Registered Users Posts: 2,025 ✭✭✭ItHurtsWhenIP


    Deleted User wrote: »
    https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Eric-Escobar-Rogue-Cell-Towers-UPDATED.pdf

    I know it says:
    In some conditions can collect content of messages, calls, and data.
    But thinking about it further, the voice data is already encrypted on the phone before transmitting, so is unlikely what the PIs are using and the SS7 vuln is a bit harder to exploit.

    Occam's Razor - They must have installed spy-ware on the phones.


  • Options
    #6
    ED E
    Registered Users Posts: 36,167 ✭✭✭✭ED E


    A resonably high end laptop can decrypt GSM, before this'd take a supercomputer that you couldnt carry in a car. You're probably talking a few hundred for the radio and 1-2k for a laptop. VOLTE probably could secure this but we've not seen that yet and calls are still using GSM.


  • Advertisement
  • Options
    #7
    [Deleted User]
    Posts: 0 [Deleted User]


    MMFITWGDV wrote: »
    I know it says:

    But thinking about it further, the voice data is already encrypted on the phone before transmitting, so is unlikely what the PIs are using and the SS7 vuln is a bit harder to exploit.

    Occam's Razor - They must have installed spy-ware on the phones.

    So full disclosure this this not my area of expertise and that talk was my first introduction to stingrays.

    But from what I understand if you create a powerful enough basestation any phone within the vicinity will want to connect to it. Once you have that phone connected you can downgrade the connection (GSM vs LTE) which could potentially allow eavesdropping on conversations. I suppose it's a bit like a man-in-the-middle attack, try and force a user to connect over HTTP vs HTTPS.

    However I've never tried this nor do I know under what circumstances this could be possible, I do remember the presenter briefly saying it is possible under the right circumstances.


Advertisement