Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Can IMEI / ICCID / IMSI data be passively "sniffed" from nearby phones?
485 views
Skip to first unread message
Some Dude
Oct 14, 2015, 11:41:15 PM10/14/15
to
During normal operation of the average cell phone, can the phone's IMEI
and/or ICCID and/or IMSI information (which I will simply call DATA) be
"sniffed" with an appropriate receiver?
I am thinking in terms of a phone that is being carried by someone and
they are not necessarily using the phone (to make or receive a call or a
text message).
The workability of this idea depends on
a) the DATA being transmitted by cell phones at some regular interval
when the phone is in call-reception mode
b) the DATA can be extracted from the radio signal broadcast by the
phone with a receiver without needing to perform 2-way
communication with the phone.
I know there are "IMSI Catchers" that are devices meant to act like fake
cell phone towers, but I am wondering if it's possible to have a device
that operates in a passive (receive-only) mode that can detect and
decode the DATA from any nearby cell phone when (or if) said phone
blurts out the DATA to legit cell towers during the normal course of
operation.
The goal of being able to sniff this DATA out of the air would be to log
this data as part of a household security system that would know if
there were people (vandals, theives, tresspassers, etc) nearby at
unusual hours. The theory being that most people now own cell phones,
so why not use and log any information these phones transmit as a way to
know something about the comings and goings of "persons of interest" on
or near your property. Such information, when combined with images
taken with a motion-activated trail cam or conventional CCTV camera
system, could be used by police to use the DATA to identify the owner of
the phone that was detected in the area at the time of a crime.
All phone DATA from occupants of the household, neighbors, etc, would or
could quickly be "learned" by the logging system and be flagged as
normal / non-suspicious, leaving only those new or unusual phones that
are detected infrequently (and especially during the hours of midnight
to 6 AM) as flags of suspicious human activity.
I know that it should be easy to detect and log a phone's wifi MAC
address (assuming that wifi roaming is turned on), which could or would
establish a frequency pattern if the same phone (ie - the same person)
periodically returns to the area being monitored, but the MAC address
probably couldn't be used by authorities to back-track the phone's
ownership.
Ideas?
Comments?
and/or ICCID and/or IMSI information (which I will simply call DATA) be
"sniffed" with an appropriate receiver?
I am thinking in terms of a phone that is being carried by someone and
they are not necessarily using the phone (to make or receive a call or a
text message).
The workability of this idea depends on
a) the DATA being transmitted by cell phones at some regular interval
when the phone is in call-reception mode
b) the DATA can be extracted from the radio signal broadcast by the
phone with a receiver without needing to perform 2-way
communication with the phone.
I know there are "IMSI Catchers" that are devices meant to act like fake
cell phone towers, but I am wondering if it's possible to have a device
that operates in a passive (receive-only) mode that can detect and
decode the DATA from any nearby cell phone when (or if) said phone
blurts out the DATA to legit cell towers during the normal course of
operation.
The goal of being able to sniff this DATA out of the air would be to log
this data as part of a household security system that would know if
there were people (vandals, theives, tresspassers, etc) nearby at
unusual hours. The theory being that most people now own cell phones,
so why not use and log any information these phones transmit as a way to
know something about the comings and goings of "persons of interest" on
or near your property. Such information, when combined with images
taken with a motion-activated trail cam or conventional CCTV camera
system, could be used by police to use the DATA to identify the owner of
the phone that was detected in the area at the time of a crime.
All phone DATA from occupants of the household, neighbors, etc, would or
could quickly be "learned" by the logging system and be flagged as
normal / non-suspicious, leaving only those new or unusual phones that
are detected infrequently (and especially during the hours of midnight
to 6 AM) as flags of suspicious human activity.
I know that it should be easy to detect and log a phone's wifi MAC
address (assuming that wifi roaming is turned on), which could or would
establish a frequency pattern if the same phone (ie - the same person)
periodically returns to the area being monitored, but the MAC address
probably couldn't be used by authorities to back-track the phone's
ownership.
Ideas?
Comments?
tlvp
Oct 15, 2015, 2:15:55 AM10/15/15
to
the streets of the city with her cell phone in her handbag. Her gradfather
back in Peoria calls to ask her to bring back an I [heart] NY T-shirt.
How does her cellular provider know which tower (not in Peoria, nor in
Albany, but in NYC) should try to pass that call along to her? Must have
had some sort of hint what tower her phone is roaming on at the moment, no?
And how does it get such a hint?
HTH. Cheers, -- tlvp
--
Avant de repondre, jeter la poubelle, SVP.
Poutnik
Oct 15, 2015, 2:34:15 AM10/15/15
to
Dne 15/10/2015 v 08:15 tlvp napsal(a):
>
> Well, think for a moment. A visitor to NYC, with home in Peoria, is roaming
> the streets of the city with her cell phone in her handbag. Her gradfather
> back in Peoria calls to ask her to bring back an I [heart] NY T-shirt.
>
> How does her cellular provider know which tower (not in Peoria, nor in
> Albany, but in NYC) should try to pass that call along to her? Must have
> had some sort of hint what tower her phone is roaming on at the moment, no?
> And how does it get such a hint?
>
> HTH. Cheers, -- tlvp
>
But the question is...
..Is this information between the phone and the tower
sent in an open form, as analogy of http ?
OR, is it sent in an encrypted form with a key exchange,
like https analogy ?
--
Poutnik ( the Czech word for a wanderer )
Knowledge makes great men humble, but small men arrogant.
>
> Well, think for a moment. A visitor to NYC, with home in Peoria, is roaming
> the streets of the city with her cell phone in her handbag. Her gradfather
> back in Peoria calls to ask her to bring back an I [heart] NY T-shirt.
>
> How does her cellular provider know which tower (not in Peoria, nor in
> Albany, but in NYC) should try to pass that call along to her? Must have
> had some sort of hint what tower her phone is roaming on at the moment, no?
> And how does it get such a hint?
>
> HTH. Cheers, -- tlvp
>
..Is this information between the phone and the tower
sent in an open form, as analogy of http ?
OR, is it sent in an encrypted form with a key exchange,
like https analogy ?
--
Poutnik ( the Czech word for a wanderer )
Knowledge makes great men humble, but small men arrogant.
Hergen Lehmann
Oct 15, 2015, 3:45:02 AM10/15/15
to
Am 15.10.2015 um 08:34 schrieb Poutnik:
> ..Is this information between the phone and the tower
> sent in an open form, as analogy of http ?
>
> OR, is it sent in an encrypted form with a key exchange,
> like https analogy ?
Most of the communication is encrypted. However
> ..Is this information between the phone and the tower
> sent in an open form, as analogy of http ?
>
> OR, is it sent in an encrypted form with a key exchange,
> like https analogy ?
- There needs to be some kind of initial key agreement handshake, and
that handshake likely contains some detail, which allows the unique
addressing of an individual handset. Might be the IMEI itself, might be
something derived from the IMEI - i don't know.
- For compatibility reasons (old hardware), outdated encryption
standards are still supported, and in many cases, the cell tower and the
handset might agree on such a standard. Obscurity is then the only
remaining security layer, and that certainly doesn't work with every
potential listener.
0 new messages