I had picked up a GSM/GPRS shield for my Arduino a while back without any specific plans for it — I just thought it would be cool to have a project in the future that was able to communicate wireless over the Internet for either report purposes or to react to events (texts, tweets, etc).
After reports came out regarding local law enforcement’s use of IMSI catching devices like the Harris Stingray, I decided to start experimenting with the shield as means of at least detecting the use of IMSI catching devices. Since I believe in the balance of power between law enforcement and citizens, and strongly believe in privacy rights, I wish there were countermeasures (blacklisting after discovery?) that could be developed, but perhaps that is the next step after accurate detection of the devices in the first place. The project is still under development, but so far here are my assumptions and how they figure into my plan of action.
Assumptions & Background Knowledge
IMSI catchers generally broadcast an extraordinarily strong signal in order to ensure that target cell phones in the area opt to connect to it versus other, real, cell phone towers. This means signal strength analysis is important to identifying an IMSI catcher.
Further, most, if not all IMSI catchers interrupt service to some degree. Since they aren’t part of the true cell phone network, typically issues arise when receiving calls and/or texts. This information should also be possible to leverage during the IMSI catcher identification process. I’m thinking an SMS notification service like Amazon’s SNS could be useful in this case to have the Arduino trigger texts to itself (since data typically still operates even when connected to an IMSI catcher) and see if they are actually delivered in a timely manner or not. This could indicate whether the Arduino is connected to a false tower.
We also know there are multiple physical deployment options for IMSI catchers, from stationary devices, to ground-based semi-mobile (i.e. surveillance vans), to airborne (i.e. drones & specially equipped planes (with assistance from the CIA). Since may of these can be mobile, I think my detection of the devices will have to be from stationary position(s) such that it is possible to detect the movement of the “tower” through signal strength changes and/or triangulation.
It may also be an interesting exercise to toggle through a number of directional antennae (or a single, rotating directional antenna) to see if the direction of the tower or IMSI device could be deduced, potentially leading to the ability to confront and shame law enforcement personnel utilizing the device (say, from a surveillance van) against innocent individuals’ devices (i.e. my Arduino “phone” which has never even made a call).
Out of convenience, and for lack of an adapter for my phone’s existing nano SIM card, I picked up a prepaid GSM SIM from the local Dollar General for about $10 for the kit, and $35 for the first month of service.
I plan to get acquainted with the GSM shield and commands to see what I need to do to create a device that can alert to and log the presence of potentially fake GSM towers, preferably with GPS coordinates marking the location of detection, and possible base station locations.
More to come as this project progresses. I also recently picked up an RTL-SDR device that should allow straight up spectrum analysis in GSM frequency ranges, so that may change the direction of this project as well.
Since novel legal techniques are being used to suppress information regarding the use of these devices by law enforcement (non-disclose agreements between law enforcement and the manufacturer, which somehow trump Constitutional concerns, WTF?) it is time for this citizen to take matters into his own hands to at least reveal the extent of surveillance being performed on the average American using Stingray-like IMSI capturing devices. It has become clear from the Snowden revelations that the court system cannot be relied upon to protect citizens, or even to provide information with respect to FOIA requests. The only alternative is to play the same game the government is playing, utilizing technology, but play it back harder in order to force transparency in these programs.