If we had a crowd-sourced database of cell towers (picture & coordinates) wouldn't it then be straightforward to know (and report) when your phone <i>wasn't</i> connecting to a legitimate tower?<p>I for one want to make sure the <i>criminals</i> aren't intercepting my signal with home-made stingrays; the police have other lawful ways to get what they need.
Some informed person can probably tell us: are there any technical developments on the horizon which could plausibly make stingrays unviable? From a lay perspective, it seems like cell tech hasn't been designed to meet some criteria that ought to be achievable.<p>- Are there future cell technology standards being planned which would make it harder for a 3rd party device to impersonate a cell tower? (e.g. the police would actively need the cell network to help them sign something)<p>- Why can't we encrypt calls and texts in a way which doesn't let all this stuff get read? Like (handwaving) either trust the network and encrypt with a key they provide, or else some form end-to-end encryption (where maybe generating keys is part of what happens when you activate a sim card or something)?<p>Like, sure the lawsuits are important, but why did we end up with a system where these tools are possible?
Contribute to the ACLU here:<p><a href="https://action.aclu.org/give/now" rel="nofollow">https://action.aclu.org/give/now</a>
Hopefully, this puts to rest the idea that government can use "private contracts" as a end-run around constitutional and legal restrictions on their activity<p>They have been hiding behind the NDA as a reason they should not have to follow federal disclosure laws, but never in the history of the law has a private contract superceeded the law itself.<p>they also hide behind these same NDA's when criminal defendants get to court and want to challenge the use of the tech on 4th amendment grounds<p>Hopefully the ACLU can put a end to that, the government should not be able to contract with any organization that prevents them from disclosing their activity to the public. Seems law enfrocement has lost sight of who they awnser to, which should be the people of this nation
Stingray use requires a warrant and every case should be dismissed where one was used without a warrant. I'm sure that's the main reason they want to hide the use of stingrays, they know they're doing something wrong.<p>Police having the ability to spy on everyone with little to no oversight is nightmarish authoritarianism, it's completely against the spirit of American democracy, not to mention in violation of The Constitution.
Stingrays have been known to be used by law enforcement for a decade now. It's about bloody time more information than just "they are used" is opened to the public.
Presumably Homeland Security and its child agencies are targeting everybody within 100 miles of a border (~65% of the population) with any and every form of surveillance they can think of, because why not? It's very legal, and very cool.
Generally if the RSRP or RSSI increases significantly that is a dead give away you are on a stingray. You don't really need an app to see that (google how to see it for your phone type). Of course, it is always possible that your carrier just turned up a new site closer to you but that is not something that happens often and you can usually notice it.<p>Some comments about mm-wave 5G, keep in mind that mm-wave != 5G. But on mm-wave stingray becomes more difficult due to the high directionality of short wavelengths. But at lower bands, there is no advantage of 5G over 4G in terms of resilience over stingray types of attacks (which are basically a L1 middleman attack, similar to age old wifi types of spoofs).
Knowing Bellard managed to build a 3G cell tower just by using a cheap antenna, I guess it means anybody can build a stingray, although connecting to the cellphone network might not be a trivial thing to do. No idea how companies secure their networks, and I wonder if there are security standard about it.
after reading through the comments i found this on hackaday,
its from 2018; seems germaine to the current topics in thread:<p><a href="https://hackaday.com/tag/stingray/" rel="nofollow">https://hackaday.com/tag/stingray/</a><p>the first paragraph is an intro speech of sorts then the real content begins. There is an interesting article linked in that part so i want to bring it to the fore.<p><a href="https://www.eff.org/deeplinks/2018/04/dhs-confirms-presence-cell-site-simulators-us-capitol" rel="nofollow">https://www.eff.org/deeplinks/2018/04/dhs-confirms-presence-...</a><p>it seems that a number of factions may have been using "stingray" devices and thier contemporary equivalents for some time.
Source: <a href="https://www.aclu.org/news/privacy-technology/ice-and-cbp-are-secretly-tracking-us-using-stingrays-were-suing/" rel="nofollow">https://www.aclu.org/news/privacy-technology/ice-and-cbp-are...</a><p>For more insight and details.
I have a femtocell in my home, because my small neighborhood sits in a dead zone. Not a repeater, a full femtocell.<p>To the casual security conscious user, that is probably going to look like a 'stingray', since you will be walking down the street with a gradually dropping RSSI, when all at once, boom, you walk into a five bar signal and life is good.<p>It covers about a 300 ft radius with the most blessedly beautiful signal you can imagine. Maxes out at 100Mb/S, since that is all the backhaul it gets from the ISP where it is connected. (Not that I am complaining about 100/100 in the house.)<p>But it isn't a Stingray. It is a fully secure registered femtocell base station.<p>Given that it hasn't moved in five years, it may well be on someone's map of established cell towers.
This made me wonder,<p>Do spoofed callers appear on a capture device as the spoofed number?<p>If so, you could in theory use law to target anyone by calling their number using a spoofed number that is included on a surveillance order. Just keep calling the numbers you want to monitor and the net keeps getting bigger.<p>Please tell me this is not the case?
Is it just me, or has the ACLU been on a roll lately? I'm really enjoying its current direction. It might have just been that the most controversial headlines were getting the most airtime, but it seemed to be going off the tracks for a while.
Why not focus policies around using the surveillance tools?<p>The tools should be as powerful as possible. To keep people safe, shouldn't infrastructure be powerful enough to tap anything instantly with proper authorization, even backward in time? Why not?<p>Then we're focused on making rules better. Isn't that the best thing to do in a system of laws and standards?<p>Imagine if you could change any aspect of the system to make it more proportional, fair, ethical, whatever. Why not think about asking the right questions, weighing the pros and cons, and tailoring a way to improve it with minimum side effects?<p>Also, sometimes the regulations are so strict, it's dangerous.<p>For instance, here's an example where the rules around stingrays being so strict led a guy to get away with murder (in eyes of the judge):<p>> Circuit Judge Yolanda Tanner said in court Monday that while she is suppressing the evidence “with great reluctance,” Copes is “likely guilty.” <a href="https://arstechnica.com/tech-policy/2016/04/citing-unconstitutional-search-via-stingray-judge-suppresses-murder-evidence/" rel="nofollow">https://arstechnica.com/tech-policy/2016/04/citing-unconstit...</a><p>I wonder what it would have been like had that case been in Florida. Which has sweet inevitable evidence law.