[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Android IMSI Catcher detection



On Wed, Dec 11, 2013 at 6:34 AM, Dan Staples <[email protected]> wrote:
> This morning's NSA article from WaPo contains some slides mentioning
> USRP equipment[1]. It's hard to say without more context whether it's
> referring to the GSM equipment from Ettus...anyone care to speculate?
> The USRP series doesn't exactly seem like carrier-grade equipment, but
> perhaps the NSA has a good reason to use it.

the partnership with NGA to deploy them gives a hint: this is putting
USRPs up close and personal to target for exploitation.
(the USRP's are definitely more portable than my favorite SDR, the Noctar[0]!)

given the obtained bits mentioned (WLLids, DSL accounts, Cookies,
GooglePREFIDs) gathered and then handed off to TAO for further QUANTUM
INSERT fucking of target systems it is likely they are doing GSM/cell
MitM to observe identifiers, along with WiFi attacks, and other egress
rather than deploying baseband exploits or deep active attacks
directly against the devices or other networks they're communicating
with.

thus CNE in this case is cell MitM/WiFi pwn with a USRP rogue tower to
get identifiers for TAO.  and TAO is where they get dirty with "remote
exploitation" of the device itself and other targets on networks it
uses.

we've seen how they have a smorgasbord of weaponized exploits to cover
the gamut of target hardware and technical acumen in the QUANTUM
INSERT / TURMOIL / TRAFFICTHIEF / MUTANT BROTH / etc, etc. style
efforts.  it appears they're using this same infrastructure where
possible for mobile; restricting CNE on the ground only to target.

best regards,



0. Pervices Noctar
  http://www.pervices.com/support/