Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] New Satphone Safety Guide

Brian Conley brianc at
Wed Mar 21 22:08:21 PDT 2012

However none of this deals with the fatal flaw of being under threat of
Radio Transmission triangulation, no?

As I understand it, you may have to be within a few kilometers to pick up
the signal, but if you know the transmission is coming from with in X
neighborhood or Y town, the GPS issue isn't necessarily the primary/only

On Wed, Mar 21, 2012 at 10:00 PM, Jacob Appelbaum <jacob at>wrote:

> On 03/21/2012 09:19 PM, Collin Anderson wrote:
> > Would anyone in this conversation be so kind as to satisfy a tangential
> > curiosity of mine. The case of Alan Gross in Cuba seems so wrapped up in
> an
> > under-explained and over-hyped piece of equipment:
> >
> > On his final trip, he brought in a "discreet" SIM card -- or subscriber
> >> identity module card -- intended to keep satellite phone transmissions
> from
> >> being pinpointed within 250 miles (400 kilometers), if they were
> detected
> >> at all.
> >
> >
> >
> >
> > Beyond the obvious issues with that statement; does anyone know what they
> > are referring to?
> >
> Whoa - I had not caught that part of the story with Alan Gross... I
> wonder how he got his hands on the SIM? I've tried to get them and it's
> non-trivial. It requires either favors, a trade or basically a ton of
> cash from the "right" group of people.
> My understanding is that there are some special SIM cards that have two
> unique properties that matter for location privacy. The first property
> is that the HLR database knows that the SIM is special and so it will
> authorize a connection without a GPS location in the initial uplink. The
> second is that the device (phone, modem, etc) firmware knows that this
> SIM is special by checking some field on the SIM itself and so it won't
> send the GPS coordinates but rather the spot beam. We can easily
> discover what the field is with a SIMTrace[0] tap if we acquire one of
> these SIMs.
> My understanding is that the firmware still fetches the GPS coordinates.
> It then looks up the GPS location in a coverage table of all spot beams
> for the planet and then the firmware returns the spot beam where the GPS
> coordinates are located. The device then sends the spot beam into space,
> etc.
> A few years ago I found some public data on this and I think the company
> offering these SIMS in public is Deltawave[1] - I haven't however found
> an obvious way to buy them on their website. This is also very specific
> to BGAN and it is quite clearly a network by network, firmware by
> firmware specific information.
> In theory if we capture the setup with a discreet SIM with SIMTrace, we
> can MITM a normal BGAN SIM and fake a a discreet SIM response with just
> a few dollars of hardware. The network might reject it, obviously. But
> hey, if anyone has a discreet SIM sitting around, I'd be more than happy
> to see if it works in a country where it is legal to not send the GPS
> location of the device.
> Alternatively, one could pick a BGAN device and build a GPS MITM tool
> for the actual hardware without any such special SIM...
> All the best,
> Jacob
> [0]
> [1]


Brian Conley

Director, Small World News

m: 646.285.2046

Skype: brianjoelconley

public key:<>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list