Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] New Satphone Safety Guide

Jacob Appelbaum jacob at appelbaum.net
Tue Mar 20 20:22:41 PDT 2012


On 03/16/2012 02:48 PM, Brian Conley wrote:
> Thanks Jacob, comments in-line.

Hey Brian and other libtechers,

This should be extremely interesting to everyone:
http://pastebin.com/tr38Sy3f

Note the little bit on location info in that pastebin:

        .... ...1 = GCI: MES is GPS capable (1)
        .... ..1. = R: 1
        .... .0.. = O: 0
        GPS Position
            1... .... = CPI: GPS position is current position (1)
            .001 1000 0000 0111 0011 .... = Latitude: 33.78961 N (98419)
            .... 0010 1111 1100 1011 1111 = Longitude: 67.21414 E (195775)
        .... .000 = Number Type: Unknown (0)

I believe that means the caller was here when the intercept caught them:
https://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=+&q=33.78961+N+67.21414+E&ie=UTF8&ll=33.779147,67.241821

Here's the background information:
http://openbts.blogspot.com/2012/03/gmr-1-revisited.html

David Burgess, praise be upon him, says:

"The Channel Request message is the first message sent from the handset
to the satellite at the start of any transaction. This message cannot be
encrypted. This message typically contains the following information:

the IMSI of the satellite phone handset
the called number (in the case of mobile-originated calls) and
the GPS location of the handset."

The best part of his blog post for those who can't load the page is this
part:

"Well, the uplink from the handset is only visible for a kilometer or
so, but the feeder link is visible over roughly 1/3 of the planet's
surface to anyone with a C-Band dish and is not given any additional
encryption."

So - yeah, ouch!

All the best,
Jacob



More information about the liberationtech mailing list