24 comments

[ 2.6 ms ] story [ 64.5 ms ] thread
I can see why they'd write it for a specific cheap device. Is this stuff possible with a typical phone modem, though; or does it rely on some special features? Forgive my ignorance. :)
Possible, yes, it's just looking at various 3GPP network messages and parsing out a few common anomalies. Accessible, not all the time.

This project uses QMDL (Qualcomm debug logging) on a device with an accessible modem debug port and debug logging enabled. Most older Qualcomm devices have this form of debug logging available by default, but on newer devices, the debug interface is usually more locked down, requiring some degree of shenanigans to access.

Take a look at SnoopSnitch (similar project for Qualcomm Android phones), QCSuper and MobileInsight (tools capable of capturing signaling data from QC and Mediatek phones), and SCAT (capable of capturing signaling data from some Samsung basebands).

Other vendors usually have similar debug modes for their modems, but they often aren't reverse engineered or as easy to access as the Qualcomm ones.

(comment deleted)
Amazing reply, thank you!
(comment deleted)
I see the devices vary quite a bit in price on eBay: Verizon, Unlocked, etc. Anyone know if it matters whether locked, Verizon, AT&T, etc.?
You can buy these off eBay for pretty cheap.

Unlocked RC400L's are going for ~$19.99

Gunna look into getting one and making one of these to play with.

How would one test this device to know that it works? It would seem actual cell site simulators would be rare in the wild for many HN readers.
You could bring it to a large festival or even a protest. Law enforcement deploys them all the time. I found one using SnoopSnitch on an Android phone while at a large festival here in Louisiana.
Does that work by comparing known cell sites to found cells sites? I know some StingRay detectors use that method and it's prone to false positives around large events where mobile carriers or 3rd parties bring in legitimate temporary cell sites to improve cell service at the venue and provide more capacity.
They are quite common in some municipalities. There are folks who talk about this at length in cybersecurity circles every year at conferences, it’s been an issue for a long while and the scope of the problem continues to grow.

The EFF also writes in the topic from time to time. See: https://www.eff.org/deeplinks/2024/06/next-generation-cell-s...

Here in Brazil criminals are starting to use those to send phishing SMS, exploiting our ubiquitous mobile payment system (pix) or pretending to be a second authentication factor for banks.
[flagged]
What's inside the Orbic? Any chance to make this work on a different device. Orbics don't seem to be very easy to get in Europe.