13

will it be possible to build a low cost hardware/software device which can capture mobile numbers within a specified radius and then use that information to transmit an sms to those numbers? From what I've read online, the actual phone numbers are encrypted. What if we could simply capture the unique mobile identity information and use that to transmit the sms? We do not want the mobile numbers or any other information.

Just want a hardware/software combo which gives us ability to send sms to all mobiles within specified radius.

Possible?

Innocuous
  • 131
  • 1
  • 1
  • 3
  • Does it need to be an SMS or does Bluejacking qualify? – this.josh Sep 01 '11 at 06:54
  • Yeah I read online and found that technically its possible to 'fake' a basestation, get relevant data and forward to the genuine basestation However I want something totally legal! Another issue is that I want to capture all mobiles in vicinity irrespective of provider! I don't want to intercept calls/sms etc or anything which will create legal issues! Just want to get list of mobiles in vicinity and send legal sms to them :) –  Sep 20 '11 at 16:10
  • 3
    And exactly that is also illegal. – Krzysztof Kotowicz Sep 20 '11 at 16:49

1 Answers1

11

Yes,

You can build a GSM basestation using an USRP and the OpenBTS.

What you do, is announce that you are a basestation for i.e. AT&T, and if you have better signal power than other basestations in the area, AT&T cellular phones will start connecting to your basestation.

Normally, the mobile phones would encrypt the sent data using keys that only AT&T knows, but if you tell the phones not to encrypt, they gladly oblige.

At this point, you will be acting as their basestation. You can intercept calls and SMS's. And you can of course also send SMS's to the phones associated with your basestation.

You will not be sending messages to their phone numbers, but you will sending it to their ISMI's.

More random links:

Airprobe, Monitoring Gsm Traffic With Usrp (Har 2009) - http://www.securitytube.net/video/574

Gsm Srsly (Shmoocon 2010) - http://www.securitytube.net/video/924

Gsm Security At Brucon 2010 - http://www.securitytube.net/video/1293

Dog eat cat world
  • 5,759
  • 1
  • 27
  • 46
  • 2
    The worst thing is that the crypto standard calls for "optional" alerts displayed on the handsets when they fail to negotiate encryption with the base station. AFAIK 100% of operators disable those alerts. –  Sep 01 '11 at 11:44
  • @Graham Lee, the SIM cards have a security flag. When set, they should alert the handset owner that encryption is disabled. Most SIM cards leave this flag disabled. I don't know if phones actually support this at all, as I've never seen this warning. – Dog eat cat world Sep 01 '11 at 17:50
  • 3
    @Innocuous, one warning: setting up a fake station (as Dog eat cat world describes) is likely illegal. If you were asking about whether it's possible to do this, for marketing purposes, then the answer is: It is illegal. On the other hand, if you were asking whether it would be technically feasible for an attacker to do this, then Dog eat cat world's answer has nailed it. – D.W. Sep 01 '11 at 19:53
  • I have been looking for a similar structure like this to emulate and create a prototype, I know it is illegal in some countries but I can't confirm the legality with our area. I am aiming to check this with our regulatory commission. There's this one company that had created an actual setup for production and profitable use, http://www.marketlinkph.com/html/mlink_proximasms.htm I have an assumption that the hardware+software used was the one described by @Dogeatcatworld above. – John Santos Jun 20 '12 at 09:08
  • 1
    And it's only illegal if you're not a national security TLA :-) e.g. http://www.theguardian.com/world/2014/nov/14/government-planes-mimic-cellphone-towers-to-collect-user-data-report – Fizz Sep 27 '15 at 06:46
  • I think you meant IMSI. – Hashim Aziz Jul 15 '20 at 16:49