FBI's Smartphone Surveillance Tool Explained In Court Battle

concealment writes with news that a court battle has brought to light details on how the FBI's "stingray" surveillance tool works, and how they used it with Verizon's help to collect evidence about an alleged identity thief. Quoting: "Air cards are devices that plug into a computer and use the wireless cellular networks of phone providers to connect the computer to the internet. The devices are not phones and therefore don’t have the ability to receive incoming calls, but in this case Rigmaiden asserts that Verizon reconfigured his air card to respond to surreptitious voice calls from a landline controlled by the FBI. The FBI calls, which contacted the air card silently in the background, operated as pings to force the air card into revealing its location. In order to do this, Verizon reprogrammed the device so that when an incoming voice call arrived, the card would disconnect from any legitimate cell tower to which it was already connected, and send real-time cell-site location data to Verizon, which forwarded the data to the FBI. This allowed the FBI to position its stingray in the neighborhood where Rigmaiden resided. The stingray then "broadcast a very strong signal" to force the air card into connecting to it, instead of reconnecting to a legitimate cell tower, so that agents could then triangulate signals coming from the air card and zoom-in on Rigmaiden’s location. To make sure the air card connected to the FBI’s simulator, Rigmaiden says that Verizon altered his air card’s Preferred Roaming List so that it would accept the FBI’s stingray as a legitimate cell site and not a rogue site, and also changed a data table on the air card designating the priority of cell sites so that the FBI’s fake site was at the top of the list."

Supply Chain Attack

[dunkindave]

This is basically a supply chain attack. People worry about others breaking into their devices, but the user has to trust the device supplier not to tamper with it before they receive it. This situation is analogous to your PC phoning home to Microsoft for updates, then having a special version sent to your machine at the request of the FBI. No matter how careful you are about what software you run or what security software you employ, Microsoft can compromise your machine.

Re:Ok..So verizon has shown they cant be trusted..

[alen]

FBI got a warrant and verizon helped catch a suspected scumbag
what's the problem here?

Re:Ok..So verizon has shown they cant be trusted..

[Hatta]

A court order is not a warrant, and the judge who issued that court order may not have been fully informed. FTFA:

The government has conceded, however, that it needed a warrant in his case alone â" because the stingray reached into his apartment remotely to locate the air card â" and that the activities performed by Verizon and the FBI to locate Rigmaiden were all authorized by a court order signed by a magistrate.

The Electronic Frontier Foundation and the American Civil Liberties Union of Northern California, who have filed an amicus brief in support of Rigmaidenâ(TM)s motion, maintain that the order does not qualify as a warrant and that the government withheld crucial information from the magistrate â" such as identifying that the tracking device they planned to use was a stingray and that its use involved intrusive measures â" thus preventing the court from properly fulfilling its oversight function.

âoeIt shows you just how crazy the technology is, and [supports] all the more the need to explain to the court what they are doing,â says EFF Staff Attorney Hanni Fakhoury. âoeThis is more than just [saying to Verizon] give us some records that you have sitting on your server. This is reconfiguring and changing the characteristics of the [suspect's] property, without informing the judge whatâ(TM)s going on.â

Re:Holy crap ...

[plover]

That's one of the issues in this case. A Stingray is not discriminating and could impact other cellular devices. The FBI also claims they "throw away" all data that is not pertinent to their investigation, meaning there is no way to determine what they did or did not see regarding other people's communications. (Kind of a damned if you do, damned if you don't situation.)

There is also the difference between wiretaps and pen trace registers. Wiretaps require a warrant, but pen traces don't. The Stingray doesn't record the call or data contents, so it could be claimed to be more like a pen trace. But a Stingray is actively pinging the target's machine to generate data to be used against the owner, which is a completely different use (abuse?) of the technology.

Anything like this would be perfectly legal with a warrant. The real question is if this is legal without one.

Re:Ok..So verizon has shown they cant be trusted..

[wierd_w]

Reading comprehension fail.

The FBI agreed that it *needed* a warranted (eg, that what they were doing with the stingray needed one), but said that what verizon did for them was authorized by a court order, and did not need one.

This does not say that they in fact obtained such warrant, which they did not.

Re:Weak hack.

[SpectreBlofeld]

That's because he spoofed a GSM tower. You'll find that doing the same with CDMA is impossible without Verizon's help - see the bit about reprogramming the phone's roaming list in order to make the phone accept the spoofed tower.

Re:Weak hack.

[Obfuscant]

How would it look if Gumshoe Freddy tried to hack a cell phone tower and crapped an entire communities' access? 911 calls that go nowhere, customer service lines jammed, people stranded because their GPS glitched out...

If Gumshoe Freddy was able to hack a cellphone tower and cause somone's GPS to "glitch out", I'd say Gumshoe Freddy was a remarkably skilled hacker. GPS and cellphones use entirely different sets of frequencies, and I doubt that you could coerce a cellphone tower into transmitting on a GPS frequency no matter how good you are at it. Maybe those cell transmitters have a DDS system that can go where the GPS lives, but I doubt the amps or combiners would pass the signal. They kinda have to be selective enough so that the transmitted signal doesn't block the received one, so transmitting out of band is not going to be highly efficient if possible at all.

For what? I can walk into a cell phone store and get a cell phone "mini cell" to put in my house to help with reception. FCC approved. I don't need a license to do that. Unless he's causing harmful interference to a licensed broadcaster and the broadcaster reports it, the FCC isn't going to do anything.

You can buy a type certificated cell phone mini cell because the cell phone companies have agreed to allow it and the FCC has created a specification for what they can do and manufacturers have to meet that spec. They aren't just deciding on their own say so that they can do this.

You don't have to be causing interference to a licensed broadcaster before the FCC cares, all you have to be doing is causing interference. True, most cases come to the attention of the FCC because the licensee complains, but the FCC can act without a complaint. You don't think Verizon or any of the other cell phone companies would complain about someone creating interference publicly?

The FCC is an administrative government entity. It is not really law enforcement in any meaningful sense.

That would be news to the FCC Enforcement Bureau [fcc.gov], and the people to whom they've issued notices of apparent liability and levied fines.