This was hugely overblown in the media... While the device operates like a stingray, they were using it to spam and phish. The whole claim of "we've never seen this type of device before in Canada" is a lie, because the government and law enforcement both use them. I guess it's okay if they do it, but nobody else can...
Yes I think they mean they hadn’t seen it used before outside of sanctioned organizations. Though one could argue some bad actors inside the org likely used it outside of official capacity though not likely with knowledge or approval by superiors.
To add, ISED literally goes around in cars to scan for non registered BTS (or even non conforming ones) and report them, sometimes (or a lot of times) they catch false positives when the interference happens to be a strong LED lol. The gov uses the tech to ID individuals however, especially in group gatherings or around certain locations, always look around for big vans with no windows :), I either don’t take my phone or it’s always on airplane mode until I want to disable it briefly before activating it again.
Isn’t it less of a government backdoor and more of a result of generally old and insecure protocols still being in use for telecom?
Like, the phones happily connect to these fake towers because the signal is strongest from that one and there is no authentication to verify who the tower belongs to, nor encryption of SMSes?
It’s not exactly a back door. It’s a fake radio cell, mimicking your network provider and acting like a man in the middle. In that sense, it’s like a stingray. The differences are
1. The Stingray eavesdrops, but avoids interfering with user traffic
2. The stingray is operated by law enforcement, not by fraudsters looking to steal your money
How is this possible? Are phones willing to connect to any cell and blindly trust that text messages from there are genuine and really coming from the numbers they claim to be coming from? Isn't there some cryptographic verification?
Agree. I do a lot of travel and in 3rd-world countries it is quite common to get 2g spam, it's really unacceptable that Apple doesn't offer a way to turn off 2g short of lockdown mode.
It doesn't matter what the network is doing; the phone needs to disable 2g. There's various ways to get the phone to downgrade to 2g otherwise, eg https://montsecure.com/files/2021_downgrade.pdf
And if you have a modern enough SIM+phone combo, it won’t even display the 2g network as an available network, nor 3G on my device.
I wonder if this mostly hit international SIMs, since they wouldn’t be running the same level of SIM code to prefer various network locks like a local SIM.
Helps you stay under the radar and gov services over SMS is a lot more advanced outside of Canada if you want to do some fraud.
>And if you have a modern enough SIM+phone combo, it won’t even display the 2g network as an available network, nor 3G on my device.
Source? It might just be that your carrier retired its 2g/3g network, not that the phone/sim refuses 2g/3g connections. If some cell tower popped up claiming to 2g/3g, your phone still might happily connect.
The original standards weren't expecting anyone but carriers to send messages and ramping up security has been a slow process, so downgrade attacks probably work nicely.
Guessing the spammer doesn't want to overload towers or be foxed within the same 3 so they're driving. Maybe the hats(?) shut off on rotation... or eSIM?
Well, based on what I'm gleaning from https://www.smsbroadcaster.com/ (yes, they sell these brazenly in the open), I suspect they're doing some SDR shenanigans to bring up fake cell networks and leverage Cell Broadcast instead of just SMS.
They are also interfering with connections and attempting downgrade attacks to do 2G SMS messages as well (and is likely where Canadian carriers were picking up the 'millions' of attacks against its network and failed authentication attempts).
Amusingly this was all also caught because of Telus reviewing those SMS messages that were reported as spam from people on iOS/Android and realizing that the messages weren't being terminated inside the cell network at all when they tried tracing them out and suspected that this was the case.
> This wasn’t targeting a single individual or business. It had the ability to reach thousands of devices at once.
This statement reads as AI-assisted — kinda interesting to see, because I am not sure it even is? This type of formal speech language is basically unintelligible from slop now.
It’s there to prevent “public panic” ie they weren’t after you specifically or after xyz group, but just random mass attacks, or to prevent more cases and parties to be involved
SIM farm is a different scenario and arguably not even illegal. This story is about scammers operating a DIY stingray that broadcasts phishing messages via SMS to nearby devices.
SIM farms are devices with a lot of SIM cards aka numbers used to scam/flood victims numbers after these were acquired through ad companies, purchased these numbers online, etc.
The OP ones are actively scanning the vicinity and acting like BTS to connect to phones automatically, equipped with radio antennas, SDR, etc. to gather the victims numbers in real time and send them spam/phishing while the phones are connected to to these BTS
The real story is the government didn’t really care about users being spammed, you get those all the times and there’s little regulation to protect you (like preventing corporate from selling your number etc.), they cared because with these devices people can and will communicate outside of the approved channels, that also might be encrypted too, so harsh charges and make it as public as possible to deter others from doing the same, even if they were not in it to scam or phish people, and notice on the emphasis on “blocking the 911 calls!!” so jamming charges are there too.
People I know in US telecom are not surprised by these SIM farms. These people are either:
a) Doing some weird grey market VoIP thing. 32-in-1 GSM to SIP gateways have been a thing for a very long time in the developing world. Maybe they think they found some arbitrage route for phone traffic to/from the US PSTN that they can profit from. Anyone who interacts with grey market voip stuff will recognize these things immediately.
b) Using them for something like receiving 2FA authentication codes to create bot/socketpuppet social media accounts. In this sort of scenario they'd have live phone numbers/service and the cheapest possible phone plan, and ability to receive incoming SMS. The accounts then get provided to some other group of people who are doing mass advertising/social media manipulation.
c) grey route outbound sms. Even cheap US plans tend to have 'unlimited' sms, sometimes even to selected foreign destinations. Sometimes carrier billed SMS is cheaper than aggregators (but not too often) or may have better routing to difficult destinations.
Yes, I can definitely see that being plausible, particularly if they've gone to the efforts to make software tooling to spread out the outbound SMS volume around many different SIM and self-rate limit their volume, to avoid getting cut off, rate limited, or account banned.
To point A: I remember a long while ago making a 'free VoIP' call and my call routed into a MetroPCS recording telling me my service was suspended for nonpayment. Hung up, redialed, number shot through another dodgy route.
"Law enforcement shrugs"? The whole focus of the article is about how the secret service confiscated those devices and charged the SIM farm operators with crimes. Which part of that is shrugging?
Did they graciously forward emergency calls and text messages to the real phone network?
https://www.mcsweeneys.net/articles/an-interactive-guide-to-...
(A long-ish read, but totally worth it. the "punch line" is beautiful.)
Like, the phones happily connect to these fake towers because the signal is strongest from that one and there is no authentication to verify who the tower belongs to, nor encryption of SMSes?
1. The Stingray eavesdrops, but avoids interfering with user traffic
2. The stingray is operated by law enforcement, not by fraudsters looking to steal your money
At least as of today, most phones have an option to turn off 2g but that isn't a default.
Android has it as a toggle: https://source.android.com/docs/security/features/cellular-s...
iPhone disables it for phones in lockdown mode.
I wonder if this mostly hit international SIMs, since they wouldn’t be running the same level of SIM code to prefer various network locks like a local SIM.
Helps you stay under the radar and gov services over SMS is a lot more advanced outside of Canada if you want to do some fraud.
Source? It might just be that your carrier retired its 2g/3g network, not that the phone/sim refuses 2g/3g connections. If some cell tower popped up claiming to 2g/3g, your phone still might happily connect.
https://en.wikipedia.org/wiki/Cell_Broadcast
They are also interfering with connections and attempting downgrade attacks to do 2G SMS messages as well (and is likely where Canadian carriers were picking up the 'millions' of attacks against its network and failed authentication attempts).
Amusingly this was all also caught because of Telus reviewing those SMS messages that were reported as spam from people on iOS/Android and realizing that the messages weren't being terminated inside the cell network at all when they tried tracing them out and suspected that this was the case.
> This wasn’t targeting a single individual or business. It had the ability to reach thousands of devices at once.
This statement reads as AI-assisted — kinda interesting to see, because I am not sure it even is? This type of formal speech language is basically unintelligible from slop now.
I think at some point people see AI everywhere because they look for it everywhere.
[1] https://www.pbs.org/newshour/nation/how-sim-farms-like-the-o...
The OP ones are actively scanning the vicinity and acting like BTS to connect to phones automatically, equipped with radio antennas, SDR, etc. to gather the victims numbers in real time and send them spam/phishing while the phones are connected to to these BTS
The real story is the government didn’t really care about users being spammed, you get those all the times and there’s little regulation to protect you (like preventing corporate from selling your number etc.), they cared because with these devices people can and will communicate outside of the approved channels, that also might be encrypted too, so harsh charges and make it as public as possible to deter others from doing the same, even if they were not in it to scam or phish people, and notice on the emphasis on “blocking the 911 calls!!” so jamming charges are there too.
a) Doing some weird grey market VoIP thing. 32-in-1 GSM to SIP gateways have been a thing for a very long time in the developing world. Maybe they think they found some arbitrage route for phone traffic to/from the US PSTN that they can profit from. Anyone who interacts with grey market voip stuff will recognize these things immediately.
b) Using them for something like receiving 2FA authentication codes to create bot/socketpuppet social media accounts. In this sort of scenario they'd have live phone numbers/service and the cheapest possible phone plan, and ability to receive incoming SMS. The accounts then get provided to some other group of people who are doing mass advertising/social media manipulation.
If they are using it for 2FA it's likely for some US-only service.
Good times!