As riots against police brutality and institutionalized racism swept across the country, many people were exposed to the full power of law enforcement weapons and surveillance for the first time. Whenever protesters, mobile phones and police are in the same place, protesters should pay attention to mobile phone surveillance. Usually, security practitioners or other demonstrators respond to this through suggestions provided by local law enforcement agencies regarding the use of cell location simulators (also known as CSS, IMSI catchers, stingrays, earth boxes, hail, fake base stations, or crosses) problem. However, this suggestion is usually wrong, or it is due to a fundamental misunderstanding of what a cellular base station simulator is, its function and frequency of use.
Most importantly, in the United States, there is hardly any concrete evidence that mobile phone simulators are being used against demonstrators. The threat of mobile phone simulators should not prevent activists from expressing disapproval or using their mobile phones. Given that there are more than 85 locations across the country, state and federal law enforcement agencies have some type of CSS (some of which are used hundreds of times a year), so if you have to incorporate a cell positioning simulator into your safety plan, this is not appropriate Protest and take some simple steps to protect yourself.
CSS is a device that imitates a legitimate base station. Police around the world mainly use this technology to locate the phone (and the person who is therefore located) with high accuracy, or to determine who is in a specific location. There have been reports in the past that advanced CSS can intercept and record content and metadata from phone calls and text messages in 2G networks. However, there is no public way to intercept text messages and calls on 4G networks. Cellular simulators can also disrupt cellular services in specific areas. However, it is difficult to determine whether the government is using CSS, because there are many obvious signs of CSS use-battery exhaustion, service interruption or network degradation-which may occur due to other reasons, such as B. due to cellular network failure.
Intercepting calls and text messages is the most terrifying potential feature of CSS, but it is also the least likely. As far as we know, intercepting content is technically impossible, because as far as we know, it contains investigations based on current security (ie, investigations on 2G and LTE/4G networks did not consider any security that may appear in the 5G standard Vulnerabilities or fixes). The interception can only be performed when the target is connected via 2G, which makes it a bit “noisy” and easy for users to identify. In any case, the cellular simulator cannot read the content of encrypted messages, such as Signal, WhatsApp, Wire, Telegram or Keybase.
One of the benefits of law enforcement by using CSS to block content in protests is that multiple people can be effectively eavesdropped on without knowing who they are. It would be helpful if the police did not know in advance who led the protest. Such large-scale surveillance without an arrest warrant would be illegal. However, it is well known that the police will use CSS to track suspects without an arrest warrant. So far, there is no evidence that the police used such surveillance during the protest.
Law enforcement agencies found that finding a specific mobile device (and its owner) was the most common use of a cellular simulator, but it was used the least during protests. During protests, it is not very useful to find specific personnel, because the police can usually already see where each helicopter and other visual surveillance methods are deployed. However, in some cases, the police may wish to use CSS instead of private teams or helicopters to follow the protesters discreetly.
If CSS is used in protests, the most likely use is to determine who is nearby. In theory, law enforcement agencies can collect everyone’s IMSI at a collection point and then send them to the phone company to identify users to prove their participation in the protest. There are other ways to do this: law enforcement can ask the phone company to provide a “tower dump,” which lists all participants connected to a particular tower at any given time. However, the disadvantage of this is that it is slower, requires an arrest warrant and has a large radius, which may capture the IMSI of many people who did not participate in the protest.
Denial of service or signal GPS Jammers are additional features of CSS. In fact, the FBI has admitted that CSS can cause signal interference to local personnel. Unfortunately, for the same reasons, it is difficult to determine the use of CSS, and it is difficult to tell how often they interrupt service, whether intentionally or unintentionally. Signal towers that look like signal jammers can also be overloaded and disconnected. If many people suddenly gather in one place, it may overload the network, which is not the purpose of the design.
How to protect yourself from cellular simulators
As mentioned in our self-defense guide for monitoring protesters, the best way to protect yourself from cellular site simulators is to put your phone in airplane mode and turn off GPS , WiFi and Bluetooth, and cellular data. (Although “receive only” GPS and not lose its own location information, many apps track GPS location data, which is ultimately stored in a database that law enforcement agencies can search for later.)
We know that some IMSI capturers can also intercept content, but as far as we know, if you don’t downgrade your cellular connection to 2G, none of them can do it. If you want to protect your device from such attacks, the best option is to use encrypted messages such as Signal or WhatsApp, and if you find that your phone drops to 2G, put it in airplane mode. (There are many valid reasons. Your phone may downgrade some of your connections to 2G, but it’s safer than regretting.) However, the key part of the protest may be streaming/recording and instant upload of police targeting protesters Violent video. This runs counter to the recommendation to keep the phone off/in airplane mode. Up to you
Unfortunately, iOS and Android currently do not provide an easy way to force your phone to use only 4G, although developers can of course add it to their operating systems. If you can turn off 2G on your phone, this is a good precaution.
How to detect cell location simulator
Unfortunately, it is difficult to find a cell location simulator. Some signs that can be interpreted as evidence, such as: B. Downgrading to 2G or losing connection with the cellular network are also common signs of cellular network overload. There are some applications that claim to be able to detect IMSI traps, but most applications are either based on outdated information or have a large number of false positives that make them unusable.
One possible way to detect a cell location simulator is to use a software-defined radio to map all the cellular antennas in your area, and then look for antennas that pop up in two or more locations, then disappear, move, and pop. Or very powerful. There are several projects trying to do this, such as “Seaglass” and “SITCH” for 2G antennas and EFF’s own “Crocodile Hunter” for 4G antennas.
Although it is possible or has already used the cell site simulator to protest, this should not prevent people from expressing objections. As long as the protesters take some simple precautions, the most serious abuse of these tools can be mitigated. Nevertheless, we still urge legislators and all personnel in the wireless industry to take these issues seriously and work hard to end the use of CSS.