Cell towers tracking (Network surveillance)

Tracking methods: trilateration/triangulation, Stingrays, IMEI/IMSI, Surveillance Capabilities - Whonix, Malicious SMS Re-routing, Mobile Devices Privacy and Security, Bluetooth, Airtags.

Full resource: https://buggedplanet.info/index.php?title=Main_Page
Matt Blaze: How Law Enforcement Tracks Cellular Phones

Mitigations:


Info:

2 Likes
1 Like

https://www.stoutner.com/privacy-cell/

VERIFY THAT A PHONE IS USING THE MOST SECURE CELL PROTOCOLS.

At the time of this writing, many cell phone networks are switching from 4G (4th Generation) to 5G networks. The 5G network protocols were specifically designed to protect against some of the known insecurities of the older protocols, including those that allowed stingrays (IMSI catchers) to perform man-in-the-middle attacks on cell phone networks. To ease deployment and backwards compatibility, 4G and 5G networks can run together in what is known as 5G NR (New Radio) NSA (Non-Standalone) mode. This uses the 4G network for the control channel and the 5G network for the data communication. However, 5G NR NSA does not provide protection against stingrays. Android has access to all the information it needs to know if it is connected to a 5G NR NSA or a 5G NR SA (Standalone) network, but it doesn’t display that information to the user. The purpose of Privacy Cell is to make that information easy to access.

Privacy Cell can also warn you when you are connected to antiquated 2G and 3G networks.

Privacy Cell is available on F-Droid, Google Play

At 37C3 “What your phone won’t tell you”, the CellGuard app, an IMSI catcher for iPhones, was announced in the presentation What your phone won’t tell you. The app is due to be released in 2024

Something like this now is must have, not paranoia, unfortunately…

1 Like

Anytime phones get brought up, I’m always surprised cars are not brought up more often. Your car’s location data is recorded and sold to data brokers around the web. LexusNexus gets near-realtime updates.

With your phone you can at least throw it in airplane mode.

2 Likes

Yep, they have a great guide here https://raw.githubusercontent.com/srlabs/blue-merle/main/Documentation.pdf

Blue Merle: Reducing your Cellular Footprint

In general you must NOT use phones without IMEI change option (for example MTK based phones HAVE this setting in engineer menu).

Or… Use something like external device that will connect to cellular network by itself and will share network to other devices.

It is extremely complicated (but not impossible) to make you anonymous on cellular network.

For example if you even change MAC and IMEI you still have IMSI, which means that you need new SIM each time that you change IMEI. Otherwise you will look from ISP side like you but from different phone.

Another option is to just untie your device from your SIM by setting new IMEI each time you insert new SIM. This will cut ties between you and your previous SIM and ISP will see you as completely new user.

Another thing is your MAC. If you are using your phone between different wireless networks you will share (in most cases) just randomised MAC. But if you are using hotspot mode, you will reveal your real MAC. Luckily there is the way to fix this issue using Magisk (or Exposed) modules.

But! Even in this scenario some apps will see your real phone IMEI. So you will need to use specific module that spoofs local (for apps) IMEI or use phones with IMEI changing option.

More info about IMEI change (unfortunately works not on all phones)

1. Nokia 8110 4G (also known as Banana phone)

2. Nitro Wall NW750

Seems like IMSI will make tracking fundamentally unavoidable, right?

edit: unless you actually go and get a new eSIM every day like suggested in that article - what an effort!

Unfortunately, yes. But it is strongly recommended to cut ties with your previous ISP (if you are changing it) by changing IMEI.

That’s why Blue-Merle recommends to set new IMEI only if SIM changes.

Location Tracking on the Battlefield
https://info.enea.com/tracking_on_the_battlefield_report

and

1 Like

IMEI changing is illegal in some places and not really practical considering you also have IMSI to worry about. Really what you should do is just realize that when you use the cell network, your location is being tracked. Use airplane mode or devices without cellular connectivity when you don’t want to be tracked in this way.

As far as Bluetooth and WiFi tracking, devices nowadays support automatic MAC randomization as an option in the settings most of the time. Bluetooth has a feature called BLE privacy that will randomize your hardware address to prevent tracking, you’ll have to check with your manufacturer to see if your device supports this.

As far as disabling older protocols, iOS lockdown mode has an option to disable 2G and I believe pixels do as well.