Forwarded from GJ `°÷°` 🇵🇸🕊 (t ``~__/>_GJ06)
— LibreCellular 21.04 documentation – https://librecellular.org/
The LibreCellular project aims to make it easier to create #4G cellular #networks with open source software and low cost software-defined radio (#SDR) hardware. Seeking to achieve this via validated hardware and software configurations that are subjected to rigorous testing, together with additional tooling and #documentation for repeatable deployment.
LibreCellular will build on the work of numerous existing open source software and hardware projects, related to both the #cellular platform itself and associated test #infrastructure. Where necessary additional components will be developed, with any software source code and #hardware designs published under #opensource licences. The focus is very much on integration, testing, packaging and documentation, reusing and building upon existing solutions..
#LibreCellular #CellulaireLibre
The LibreCellular project aims to make it easier to create #4G cellular #networks with open source software and low cost software-defined radio (#SDR) hardware. Seeking to achieve this via validated hardware and software configurations that are subjected to rigorous testing, together with additional tooling and #documentation for repeatable deployment.
LibreCellular will build on the work of numerous existing open source software and hardware projects, related to both the #cellular platform itself and associated test #infrastructure. Where necessary additional components will be developed, with any software source code and #hardware designs published under #opensource licences. The focus is very much on integration, testing, packaging and documentation, reusing and building upon existing solutions..
#LibreCellular #CellulaireLibre
Overview of LTE Hacking | NSE Lab –
Demystifying Cellular Communication: A Gentle Introduction to Cellular Networks – The Recompiler –
#Cellular
This document serves as a starting point for individuals looking into hacking cellular network technology, in particular Long-Term Evolution (LTE). It will provide an overview of the currently known vulnerabilities and methods of breaking cellular security.
Defining the various mobile telecommunication standards can be quite confusing. For each generation international committees agree on improvements the new generation shall have over the previous one. So far there has been commercial releases of 1G, 2G, 3G and 4G technology with 5G being the next generation currently in development. A cellular network generation like 4G is a detailed set of standards and capabilities that a system has to have in order for it be able to called 4G.Demystifying Cellular Communication: A Gentle Introduction to Cellular Networks – The Recompiler –
My goal is to provide a high level understanding of cellular infrastructure and some of the security and privacy implications#Cellular
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings - Arxiv - 2023
#Cellular #SMS
Short Message Service (SMS) remains one of the most popular communication channels since its introduction in 2G cellular networks. In this paper, we demonstrate that merely receiving silent SMS messages regularly opens a stealthy side-channel that allows other regular network users to infer the whereabouts of the SMS recipient. The core idea is that receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender.#Cellular #SMS
Media is too big
VIEW IN TELEGRAM
DragonOS FocalX Cellular Security Research w/ LTESniffer (srsRan, LimeSDR, B205mini) part 1
https://github.com/alphafox02/focalx_ppa
To learn more about LTESniffer please see the following project page
https://github.com/SysSec-KAIST/LTESn...
#SDR #Cellular #IMSI #LTE
The purpose of this video is to support security and analysis research on cellular networks. It's also created from an educational perspective to help learn more about cellular networks in general by means of a controlled lab environment and software defined radios. Privacy is respected at all times and any use of this tool or software defined radios in general is on the user to follow all local regulations.
With that said, LTESniffer is easily installed in DragonOS FocalX, in fact it can be installed with apt after setting up an install with the following PPA. https://github.com/alphafox02/focalx_ppa
To learn more about LTESniffer please see the following project page
https://github.com/SysSec-KAIST/LTESn...
In this first video on cellular security research, I focus on the general lab environment setup in order to use the downlink functions of the tool.#SDR #Cellular #IMSI #LTE
Awesome Cellular Hacking – Curated List - Woot3k /Github
#Cellular #Hacking
Awesome-Cellular-Hacking
Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community's knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers.
The idea is to collect information like the BMW article below, that slowly gets cleared and wiped up from the Internet - making it less accessible, and harder to find. Feel free to email me any document or link to add.#Cellular #Hacking
Media is too big
VIEW IN TELEGRAM
Forcing A Targeted LTE Cellphone Into An Eavesdropping Network - Lin Huang - 2016
#Cellular #IMSI #LTE
In this presentation, we will introduce a method which jointly exploits the vulnerabilities in tracking area update procedure, attach procedure, and RRC redirection procedure in LTE networks resulting in the ability to force a targeted LTE cellphone to downgrade into a malicious GSM network where an attacker can subsequently eavesdrop its voice calls and GPRS data.#Cellular #IMSI #LTE
Grant H (@Digital_Cold): "Our paper on emulating basebands for security analysis has been accepted at NDSS! We found multiple critical pre-auth vulnerabilities in the 2G and 4G implementations on Samsung and MediaTek basebands. Check out the paper or keep reading to learn more https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf"
"Baseband processors are where protocols like GSM and LTE live. Unlike the application processors which run apps and OSes like Android, they run complicated real-time operating systems in the background, which are difficult to analyze and understand."
"Basebands today are gigantic, multi-million line software and hardware projects. Besides the complex cellular standards, they add on top ASN.1 decoders, DHCP, DNS, SIP, audio codecs, TLS, HTTP, XML parsers and so much more. Oh and did I mention TCP/IP stacks?"
"Let’s say you wanted to audit all of this. You’d get bogged down reverse engineering binary-only firmware - no small task given the size of modern basebands. How about fuzzing? Fuzzing a real phone over-the-air can be done, but it's slow and root-causing of crashes is not easy."
"That’s why we created FirmWire which let’s us fuzz unmodified baseband firmware images extracted from vendor updates. We do this using full-system emulation to recreate the hardware environment around the firmware image enabling us to actually boot and run the baseband."
Grant H (@Digital_Cold): "Using these capabilities, we implemented several fuzzers for the GSM CC, GSM SM, as well as the LTE RRC protocol. Some of the bugs we found allow remote code execution for literally anyone who can set up a fake base station, and have been assigned a critical severity score." | nitter – https://nitter.net/Digital_Cold/status/1481060540109803523#m
#Cellular #2G #4G
"Baseband processors are where protocols like GSM and LTE live. Unlike the application processors which run apps and OSes like Android, they run complicated real-time operating systems in the background, which are difficult to analyze and understand."
"Basebands today are gigantic, multi-million line software and hardware projects. Besides the complex cellular standards, they add on top ASN.1 decoders, DHCP, DNS, SIP, audio codecs, TLS, HTTP, XML parsers and so much more. Oh and did I mention TCP/IP stacks?"
"Let’s say you wanted to audit all of this. You’d get bogged down reverse engineering binary-only firmware - no small task given the size of modern basebands. How about fuzzing? Fuzzing a real phone over-the-air can be done, but it's slow and root-causing of crashes is not easy."
"That’s why we created FirmWire which let’s us fuzz unmodified baseband firmware images extracted from vendor updates. We do this using full-system emulation to recreate the hardware environment around the firmware image enabling us to actually boot and run the baseband."
Grant H (@Digital_Cold): "Using these capabilities, we implemented several fuzzers for the GSM CC, GSM SM, as well as the LTE RRC protocol. Some of the bugs we found allow remote code execution for literally anyone who can set up a fake base station, and have been assigned a critical severity score." | nitter – https://nitter.net/Digital_Cold/status/1481060540109803523#m
#Cellular #2G #4G
Media is too big
VIEW IN TELEGRAM
Passive IMSI Catching On A Real GSM Network Using A RTL-SDR And Gr-GSM
#SDR #IMSI #ImsiCatcher #GSM #Cellular
Recently, I had the opportunity to play around with a real 2G cellular network. So, here is a quick video of how passive IMSI catchers are constructed using a couple of Linux software tools and an RTL-SDR dongle.
It is a common misconception that mobile phones are tracked via their telephone numbers or the IMEI number of the handset. IMSI is an abbreviation that stands for 'international mobile subscriber identity' and is the unique identifier of a mobile phone subscribers SIM card on a cellular network. IMSI numbers are used in most mobile phone communication generations from 2G, all the way up until the more modern 5G.
The IMSI number of a SIM card is very well protected in 3G, 4G and 5G. However, in the case of the 2G mobile communication standard GSM, these unique identifying values are not so well protected from the prying eyes of governments, militaries, law enforcement and spy agencies.#SDR #IMSI #ImsiCatcher #GSM #Cellular
Media is too big
VIEW IN TELEGRAM
GSM Voice Decryption From Start To Finish (2G Non-Hopping Only)
This video was made for purposes of education & experimentation only #IMSI-CATCHING, #SMS-SNIFFING and voice call #interceptior on #CELLULAR #NETWORKS is illegal & punishable by hefty fines & imprisonment
#GSM #2G #SDR #GRsdm
The GSM data used in the making of this video was recorded and decrypted with unanimous consent from the owner(s) for the purpose of demonstrating the 2G decoding features of gr-gsm and for evaluating cellular network security.
Due to it's complexity and difficulty, decoding 2G phone calls is considered by most to be the hardest task to accomplish in the realm of GSM decoding. Differing voice codecs, varying channel data rates, arbitrary allocation of frequency hopping and carrier-specific network configurations add too many variables into the mix to make it a straight-forward enough goal to achieve.
I showcase the entire 2G voice decryption process from start to finish, excluding the actual recording of the GSM data
This video was made for purposes of education & experimentation only #IMSI-CATCHING, #SMS-SNIFFING and voice call #interceptior on #CELLULAR #NETWORKS is illegal & punishable by hefty fines & imprisonment
#GSM #2G #SDR #GRsdm
itsecbot@schleuss.online -
Android 14 to let you block connections to unencrypted cellular networks - Google has announced new cellular security features for its upcoming Android 14, expected...
#security #google #mobile #Cellular #Android #IMSI
Android 14 to let you block connections to unencrypted cellular networks - Google has announced new cellular security features for its upcoming Android 14, expected...
#security #google #mobile #Cellular #Android #IMSI
BleepingComputer
Android 14 to let you block connections to unencrypted cellular networks
Google has announced new cellular security features for its upcoming Android 14, expected later this month, that aim to protect business data and communications.
Forwarded from GJ `°÷°` 🇵🇸🕊
🇵🇸 Paltel (@Paltelco): "We would like to announce the partial restoration of telecom services in various areas within Gaza Strip. This comes after a limited quantity of fuel was provided through #UNRWA to operate our main generators. #KeepGazaConnected 1/2" | nitter –
#Palestine #Gaza #Genocide #Communication #Network #Internet #Cellular #Telecom
Nov 17, 2023 · 8:15 PM UTC
#Palestine #Gaza #Genocide #Communication #Network #Internet #Cellular #Telecom
Nov 17, 2023 · 8:15 PM UTC
Forwarded from GJ `°÷°` 🇵🇸🕊
🇵🇸 Paltel (@Paltelco): "We regret to announce that all telecom services in Gaza Strip have been lost due to the ongoing aggression. Gaza is blacked out again. #KeepGazaConnected" | nitter –
NetBlocks (@netblocks): "⚠ Confirmed: Live network data show a new collapse in connectivity in the #Gaza Strip; the incident affects areas in the south where telecoms had been partially restored over the last few days, while other areas have remained offline since the previous blackout 📉" | nitter –
#Gaza #Internet #Communications #Telecom #Cellular
Dec 20, 2023 · 7:54 AM UTC
NetBlocks (@netblocks): "⚠ Confirmed: Live network data show a new collapse in connectivity in the #Gaza Strip; the incident affects areas in the south where telecoms had been partially restored over the last few days, while other areas have remained offline since the previous blackout 📉" | nitter –
#Gaza #Internet #Communications #Telecom #Cellular
Dec 20, 2023 · 7:54 AM UTC
Forwarded from Pegasus NSO & other spyware
When You Roam, You’re Not Alone | Lawfare –
A fix is long overdue for one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the world’s mobile communications networks
We’ve all been there before: You’re traveling abroad, and as your plane lands and is taxiing to the gate, you reach for your phone, wait for it to connect to the local network, and then you are greeted with a text message: “Welcome abroad, you’re now roaming!” Beyond the exorbitant fees, few of us are likely to give the matter much thought.
However, hidden within this seemingly routine transaction lies one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the world’s mobile communications networks.
#Mobile #Network #Cellular #Roaming #Vulnerabilities
A fix is long overdue for one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the world’s mobile communications networks
We’ve all been there before: You’re traveling abroad, and as your plane lands and is taxiing to the gate, you reach for your phone, wait for it to connect to the local network, and then you are greeted with a text message: “Welcome abroad, you’re now roaming!” Beyond the exorbitant fees, few of us are likely to give the matter much thought.
However, hidden within this seemingly routine transaction lies one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the world’s mobile communications networks.
#Mobile #Network #Cellular #Roaming #Vulnerabilities