IMSI-Catchers from Canada

Gizmodo is reporting that Harris Corp. is no longer selling Stingray IMSI-catchers (and, presumably, its follow-on models Hailstorm and Crossbow) to local governments:

L3Harris Technologies, formerly known as the Harris Corporation, notified police agencies last year that it planned to discontinue sales of its surveillance boxes at the local level, according to government records. Additionally, the company would no longer offer access to software upgrades or replacement parts, effectively slapping an expiration date on boxes currently in use. Any advancements in cellular technology, such as the rollout of 5G networks in most major U.S. cities, would render them obsolete.

The article goes on to talk about replacement surveillance systems from the Canadian company Octasic.

Octasic’s Nyxcell V800 can target most modern phones while maintaining the ability to capture older GSM devices. Florida’s state police agency described the device, made for in-vehicle use, as capable of targeting eight frequency bands including GSM (2G), CDMA2000 (3G), and LTE (4G).

[…]

A 2018 patent assigned to Octasic claims that Nyxcell forces a connection with nearby mobile devices when its signal is stronger than the nearest legitimate cellular tower. Once connected, Nyxcell prompts devices to divulge information about its signal strength relative to nearby cell towers. These reported signal strengths (intra-frequency measurement reports) are then used to triangulate the position of a phone.

Octasic appears to lean heavily on the work of Indian engineers and scientists overseas. A self-published biography of the company notes that while the company is headquartered in Montreal, it has “R&D facilities in India,” as well as a “worldwide sales support network.” Nyxcell’s website, which is only a single page requesting contact information, does not mention Octasic by name. Gizmodo was, however, able to recover domain records identifying Octasic as the owner.

Tags: , , , ,

Posted on October 26, 2020 at 6:53 AM19 Comments

Comments

A 3GPP RAN2 guy October 26, 2020 12:11 PM

According to 3GPP TS 36.331 section 5.5.5.1 for measurement reporting: “the UE shall initiate this procedure only after successful security activation”. UE is User Equipment.

Unless the fake base station has obtained the keys in the SIM or in the operator server, it won’t be able to activate security, so it won’t get any measurement report and the method described in the patent won’t work.

If the mentioned companies make products that work, they probably don’t rely on the method in the patent.

Spy Mouse October 26, 2020 12:39 PM

Why not just send an NSL to the operators to hand over the keys? Or let FCC/Nist assign the keys to the operators from the beginning?

lurker October 26, 2020 1:52 PM

@zzz

maybe they haven’t found a way to make it work with 5G yet

@3GPP RAN2 guy

If the mentioned companies make products that work, they probably don’t rely on the method in the patent.

Maybe they’re queazy about about a certain Chinese company holding a fat portfolio of 5G patents…

Adrian October 26, 2020 4:33 PM

Once connected, Nyxcell prompts devices to divulge information about its signal strength relative to nearby cell towers.

I wonder what happens if the phone were to report signal strength relative to other nearby IMSI catchers. 😉

xcv October 26, 2020 6:49 PM

… Harris Corp. is no longer selling Stingray IMSI-catchers (and, presumably, its follow-on models Hailstorm and Crossbow) to local governments

Cell phone devices and paraphernalia are regulated by the FCC, which is a FEDERAL agency. The devices are not for the convenience of small town pimps and city hall governments to track down, wiretap, and conduct surveillance on registered sex offenders, transgender individuals, restraining order violators, unfaithful wives, defendants in divorce proceedings etc.

Wael October 26, 2020 11:55 PM

let me get this:

with nearby mobile devices when its signal is stronger than the nearest legitimate cellular tower.

So LE need to be already in close proximity to the “person of interest”… hmm within a mile radius? How effective is that?

Still, the “location services” used by many iPhone apps, ranging from the camera to maps to Facebook, are useful to the NSA

Location services is always turned off on my devices[1]. Not that I trust that there’s no other way to locate the device. I try to protect myself from class 1 attackers. State actors… OpSec is the choice.

[1] By default. I turn it on only when I need it.

Curious October 27, 2020 3:19 AM

So I can’t helpbut wonder, would ther be any reason why my post is not showing a day after? Apparently ‘zzz’ user replied to it. I don’t think I wrote something weird, offensive, nor inappropriate.

Fox in Socks October 27, 2020 4:54 AM

Hence why foreign actors land in police departments or as any departmental head that can write a warrant. They can then purchase tools from companies (Hacking Team for example were rife at selling privately to officers). With bribes to prosecution the circle is complete. Information is available and as signals can’t arrest, very handy knowing when the police are going to raid, and they can legally lie as part of their job as a “police” or “detective”.

New legal decryption laws are being pushed, and recent laws in place if they decide to play with firearms. One way to spot them is the performance they put on when caught. Worms have more pride, and more backbone, but that is the kind of people willing to do such work and there are more of them than what you might imagine, often in place for decades (invertebrates themselves are actually fabulous creatures).

Folks gullible or ignorant in your state, excess cash floating around due to industry, sensitive installations? You could have an infestation and most are too thick to work out that is where their backhanders are coming from. Divide and conquer, they are successful too at that, as most people are in actual fact cowards when it to comes to the crunch, despite all the bravado, and the more front, the bigger the coward is the general rule of thumb.
leb.fbi.gov/articles/featured-articles/us-versus-them-effects-of-group-dynamics-on-leadership

Clive Robinson October 27, 2020 6:09 AM

@ Wael,

So LE need to be already in close proximity to the “person of interest”… hmm within a mile radius? How effective is that?

That depends on two things,

Firstly the type of “collection”,

1, Targeted to an individual.
2, Group collection.

Secondly if for an individual or small group which stage they are in of,

1, Find.
2, Fix.
3, Finish.

But the other thing you need to consider is the “range”. In a vehicle at road level in a city or other heavily built up area the radius/ range could be measured in a hundred feet or less. In a light aircraft it could be 25,000 – 50,000 ft depending on output power.

Wael October 27, 2020 6:20 AM

@Clive Robinson,

Type of collection makes a difference. LE could also start with group collection and then target an individual.

Anders October 27, 2020 6:24 AM

Lot of interesting stuff…

hxxp://www.pki-electronic.com/products/interception-and-monitoring-systems/3g-umts-imsi-catcher/

(i remember times when IMSI catchers were BIG boxes…)

Clive Robinson October 27, 2020 12:17 PM

@ Wael,

LE could also start with group collection and then target an individual.

They might also be doing a group collection to see when a “mob boss” style meeting is going on or when there is a trade going on where a group of individuals can be “tagged” and raided.

Thus if any escape in the confusion the LE can round them up later and lie to them saying one of the others have “ratted them out on a plea deal” or some such, and name other “missing faces” to make it look even worse.

The moral is “don’t carry a bug around with you if you are doing something naughty”

Imagine what a haul the “vice squad” could reel in down in the local red light district…

Frank Wilhoit October 27, 2020 12:46 PM

The tragedy of humanity is that we are capable of inventing tools, but not, at all, not the least little bit, capable of thinking through the implications of possessing them or the consequences of using them. This goes back to the steam engine; every political debate of the past 200+ years begins with the assumption that the steam engine was never invented.

rrd October 27, 2020 2:01 PM

@ Frank Wilhoit

You said:

The tragedy of humanity is that we are capable of inventing tools, but not, at all, not the least little bit, capable of thinking through the implications of possessing them or the consequences of using them.

A tool is always used in the direction of the intention of its user, the intentions of the inventor never having any bearing on its subsequent use.

The intentions of every person are either inwards towards their own selfish gain or outwards towards the selfless aid of others.

It takes a cautious and selflessly-oriented person to adequately anticipate the possible negative uses of a tool, but such creativity and analytical clarity are only possible as our Id/soul get cleansed and purified of the selfish vices of its heart. To begin and sustain that process of self-evolution of our attitudes and behaviors, one needs to go inward and seek the help of our Creator.

The reality we live in now is the result of hundreds of years of callously brutally competitive people having the control of the means of production, with all its attendant scientific advances at their unfettered and amoral disposal.

A society that compassionately and throughtfully considers the various dimensions of potential technological effects as well as organization and treatment of ALL its citizens and the Earth, herself, is the only approach that will ever adequately address the myriad problems we face in 2020. The fact is that the only material we have to construct any society is human beings, therefore we had better choose carefully who we are and whom we choose to lead us with respect to one primary quality: morality.

If we say something is impossible, we are only saying that we don’t believe we, ourselves, can accomplish something. It has no actual bearing on what is within another person’s capabilities, especially if someone embraces an ethos driven by, for example, the faith and introspection of the 12 Steps of Alcoholics Anonymous. The problem is that most people can simply not fathom how brutally evil another person can become, either. Such shortsightedness cost countless lives in WWII and in its aftermath.

I know there’s a place you walk,
where love falls from the trees.
My heart is like a broken cup,
I’m gonna kneel right on my knees.
I spill out like a sewer hole,
and still receive Your kiss.
How can I measure up to anyone now,
after such a love as this?

Who the fuck are you?

–The Who “Who are You?”

xcv October 27, 2020 7:04 PM

@ Wael, Clive Robinson

“person of interest”

Not quite a suspect, yet, are we? That’s an old Nazi cop term for a Jew, as historically it was forbidden in Europe for Christians or Muslims to go in business for themselves or collect interest or usury by banking.

Wael October 27, 2020 11:24 PM

@xcv,

Not quite a suspect, yet, are we?

Depends on the the score. I have an unused, unexpired ticket with your name on it. Feel like going for a vacation?

PS: If you accept this offer in the next 24 hours, you’ll get a free upgrade: “food and board” to “food and waterboard included”. Or you can keep posting crap here and get an automatic score bump.

SpaceLifeForm October 28, 2020 1:46 AM

@ Curious

I observe what you do.

You probably touched on some keyword or phrase that is classified.

Or too many non-obfuscated links.

Not the first time here.

“You can observe a lot just by watching”

Clive Robinson October 28, 2020 1:56 AM

@ xcv,

I realy do not think you have a clue what you are talking about.

I suggest you go and study some history before making the sorts of claims you have, because they are wrong.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.