Archives

San Francisco

A new technique can detect newer 4G ‘stingray’ cell phone snooping

Security researchers say they have developed a new technique to detect modern cell-site simulators.

Cell site simulators, known as “stingrays,” impersonate cell towers and can capture information about any phone in its range — including in some cases calls, messages and data. Police secretly deploy stingrays hundreds of times a year across the United States, often capturing the data on innocent bystanders in the process.

Little is known about stingrays, because they are deliberately shrouded in secrecy. Developed by Harris Corp. and sold exclusively to police and law enforcement, stingrays are covered under strict nondisclosure agreements that prevent police from discussing how the technology works. But what we do know is that stingrays exploit flaws in the way that cell phones connect to 2G cell networks.

Most of those flaws are fixed in the newer, faster and more secure 4G networks, though not all. Newer cell site simulators, called “Hailstorm” devices, take advantage of similar flaws in 4G that let police snoop on newer phones and devices.

Some phone apps claim they can detect stingrays and other cell site simulators, but most produce wrong results.

But now researchers at the Electronic Frontier Foundation have discovered a new technique that can detect Hailstorm devices.

Enter the EFF’s latest project, dubbed “Crocodile Hunter” — named after Australian nature conservationist Steve Irwin who was killed by a stingray’s barb in 2006 — helps detect cell site simulators and decodes nearby 4G signals to determine if a cell tower is legitimate or not.

Every time your phone connects to the 4G network, it runs through a checklist — known as a handshake — to make sure that the phone is allowed to connect to the network. It does this by exchanging a series of unencrypted messages with the cell tower, including unique details about the user’s phone — such as its IMSI number and its approximate location. These messages, known as the master information block (MIB) and the system information block (SIB), are broadcast by the cell tower to help the phone connect to the network.

“This is where the heart of all of the vulnerabilities lie in 4G,” said Cooper Quintin, a senior staff technologist at the EFF, who headed the research.

Quintin and fellow researcher Yomna Nasser, who authored the EFF’s technical paper on how cell site simulators work, found that collecting and decoding the MIB and SIB messages over the air can identify potentially illegitimate cell towers.

This became the foundation of the Crocodile Hunter project.

A rare public photo of a stingray, manufactured by Harris Corp. Image Credits: U.S. Patent and Trademark Office

Crocodile Hunter is open-source, allowing anyone to run it, but it requires a stack of both hardware and software to work. Once up and running, Crocodile Hunter scans for 4G cellular signals, begins decoding the tower data, and uses trilateration to visualize the towers on a map.

But the system does require some thought and human input to find anomalies that could identify a real cell site simulator. Those anomalies can look like cell towers appearing out of nowhere, towers that appear to move or don’t match known mappings of existing towers, or are broadcasting MIB and SIB messages that don’t seem to make sense.

That’s why verification is important, Quintin said, and stingray-detecting apps don’t do this.

“Just because we find an anomaly, doesn’t mean we found the cell site simulator. We actually need to go verify,” he said.

In one test, Quintin traced a suspicious-looking cell tower to a truck outside a conference center in San Francisco. It turned out to be a legitimate mobile cell tower, contracted to expand the cell capacity for a tech conference inside. “Cells on wheels are pretty common,” said Quintin. “But they have some interesting similarities to cell site simulators, namely in that they are a portable cell that isn’t usually there and suddenly it is, and then leaves.”

In another test carried out earlier this year at the ShmooCon security conference in Washington, D.C. where cell site simulators have been found before, Quintin found two suspicious cell towers using Crocodile Hunter: One tower that was broadcasting a mobile network identifier associated with a Bermuda cell network and another tower that didn’t appear to be associated with a cell network at all. Neither made much sense, given Washington, D.C. is nowhere near Bermuda.

Quintin said that the project was aimed at helping to detect cell site simulators, but conceded that police will continue to use cell site simulators for as long as the cell networks are vulnerable to their use, an effort that could take years to fix.

Instead, Quintin said that the phone makers could do more at the device level to prevent attacks by allowing users to switch off access to legacy 2G networks, effectively allowing users to opt-out of legacy stingray attacks. Meanwhile, cell networks and industry groups should work to fix the vulnerabilities that Hailstorm devices exploit.

“None of these solutions are going to be foolproof,” said Quintin. “But we’re not even doing the bare minimum yet.”


Send tips securely over Signal and WhatsApp to +1 646-755-8849 or send an encrypted email to: [email protected]

Microsoft’s new Flight Simulator is a beautiful work in progress

For the last two weeks, I’ve been flying around the world in a preview of Microsoft’s new Flight Simulator. Without a doubt, it’s the most beautiful flight simulator yet, and it’ll make you want to fly low and slow over your favorite cities because — if you pick the right one — every street and house will be there in more detail than you’ve ever seen in a game. Weather effects, day and night cycles, plane models — it all looks amazing. You can’t start it up and not fawn over the graphics.

But the new Flight Simulator is also still very much a work in progress, too, even just a few weeks before the scheduled launch date on August 18. It’s officially still in beta, so there’s still time to fix at least some of the issues I list below. Because Microsoft and Asobo Studios, which was responsible for the development of the simulator, are using Microsoft’s AI tech in Azure to automatically generate much of the scenery based on Microsoft’s Bing Maps data, you’ll find a lot of weirdness in the world. There are taxiway lights in the middle of runways, giant hangars and crew buses at small private fields, cars randomly driving across airports, giant trees growing everywhere (while palms often look like giant sticks), bridges that are either under water or big blocks of black over a river — and there are a lot of sunken boats, too.

When the system works well, it’s absolutely amazing. Cities like Barcelona, Berlin, San Francisco, Seattle, New York and others that are rendered using Microsoft’s photogrammetry method look great — including and maybe especially at night.

Image Credits: Microsoft

The rendering engine on my i7-9700K with an Nvidia 2070 Super graphics card never let the frame rate drop under 30 frames per second (which is perfectly fine for a flight simulator) and usually hovered well over 40, all with the graphics setting pushed up to the maximum and with a 2K resolution.

When things don’t work, though, the effect is stark because it’s so obvious. Some cities, like Las Vegas, look like they suffered some kind of catastrophe, as if the city was abandoned and nature took over (which in the case of the Vegas Strip doesn’t sound like such a bad thing, to be honest).

Image Credits: TechCrunch

Thankfully, all of this is something that Microsoft and Asobo can fix. They’ll just need to adjust their algorithms, and because a lot of the data is streamed, the updates should be virtually automatic. The fact that they haven’t done so yet is a bit of a surprise.

Image Credits: TechCrunch

Chances are you’ll want to fly over your house the day you get Flight Simulator. If you live in the right city (and the right part of that city), you’ll likely be lucky and actually see your house with its individual texture. But for some cities, including London, for example, the game only shows standard textures, and while Microsoft does a good job at matching the outlines of buildings in cities where it doesn’t do photogrammetry, it’s odd that London or Amsterdam aren’t on that list (though London apparently features a couple of wind turbines in the city center now), while Münster, Germany is.

Once you get to altitude, all of those problems obviously go away (or at least you won’t see them). But given the graphics, you’ll want to spend a lot of time at 2,000 feet or below.

Image Credits: TechCrunch

What really struck me in playing the game in its current state is how those graphical inconsistencies set the standard for the rest of the experience. The team says its focus is 100% on making the simulator as realistic as possible, but then the virtual air traffic control often doesn’t use standard phraseology, for example, or fails to hand you off to the right departure control when you leave a major airport, for example. The airplane models look great and feel pretty close to real (at least for the ones I’ve flown myself), but some currently show the wrong airspeed, for example. Some planes use modern glass cockpits with the Garmin 1000 and G3X, but those still feel severely limited.

But let me be clear here. Despite all of this, even in its beta state, Flight Simulator is a technical marvel and it will only get better over time.

Image Credits: TechCrunch

Let’s walk through the user experience a bit. The install on PC (the Xbox version will come at some point in the future) is a process that downloads a good 90GB so that you can play offline as well. The install process asks you if you are OK with streaming data, too, and that can quickly add up. After reinstalling the game and doing a few flights for screenshots, the game had downloaded about 10GB already — it adds up quickly and is something you should be aware of if you’re on a metered connection.

Once past the long install, you’ll be greeted by a menu screen that lets you start a new flight, go for one of the landing challenges or other activities the team has set up (they are really proud of their Courchevel scenery) and go through the games’ flight training program.

Image Credits: Microsoft

That training section walks you through eight activities that will help you get the basics of flying a Cessna 152. Most take fewer than 10 minutes and you’ll get a bit of a de-brief after, but I’m not sure it’s enough to keep a novice from getting frustrated quickly (while more advanced players will just skip this section altogether anyway).

I mostly spent my time flying the small general aviation planes in the sim, but if you prefer a Boeing 747 or Airbus 320neo, you get that option, too, as well as some turboprops and business jets. I’ll spend some more time with those before the official launch. All of the planes are beautifully detailed inside and out and except for a few bugs, everything works as expected.

To actually start playing, you’ll head for the world map and choose where you want to start your flight. What’s nice here is that you can pick any spot on your map, not just airports. That makes it easy to start flying over a city, for example. As you zoom into the map, you can see airports and landmarks (where the landmarks are either real sights like Germany’s Neuschwanstein Castle or cities that have photogrammetry data). If a town doesn’t have photogrammetry data, it will not appear on the map.

As of now, the flight planning features are pretty basic. For visual flights, you can go direct or VOR to VOR, and that’s it. For IFR flights, you choose low or high-altitude airways. You can’t really adjust any of these, just accept what the simulator gives you. That’s not really how flight planning works (at the very least you would want to take the local weather into account), so it would be nice if you could customize your route a bit more. Microsoft partnered with NavBlue for airspace data, though the built-in maps don’t do much with this data and don’t even show you the vertical boundaries of the airspace you are in.

Image Credits: TechCrunch

It’s always hard to compare the plane models and how they react to the real thing. Best I can tell, at least the single-engine Cessnas that I’m familiar with mostly handle in the same way I would expect them to in reality. Rudder controls feel a bit overly sensitive by default, but that’s relatively easy to adjust. I only played with a HOTAS-style joystick and rudder setup. I wouldn’t recommend playing with a mouse and keyboard, but your mileage may vary.

Live traffic works well, but none of the general aviation traffic around my local airports seems to show up, even though Microsoft partner FlightAware shows it.

As for the real/AI traffic in general, the sim does a pretty good job managing that. In the beta, you won’t really see the liveries of any real airlines yet — at least for the most part — I spotted the occasional United plane in the latest builds. Given some of Microsoft’s own videos, more are coming soon. Except for the built-in models you can fly in the sim, Flight Simulator is still missing a library of other airplane models for AI traffic, though again, I would assume that’s in the works, too.

Image Credits: TechCrunch

We’re three weeks out from launch. I would expect the team to be able to fix many of these issues and we’ll revisit all of them for our final review. My frustration with the current state of the game is that it’s so often so close to perfect that when it falls short of that, it’s especially jarring because it yanks you out of the experience.

Don’t get me wrong, though, flying in FS2020 is already a great experience. Even when there’s no photogrammetry, cities and villages look great once you get over 3,000 feet or so. The weather and cloud simulation — in real time — beats any add-on for today’s flight simulators. Airports still need work, but having cars drive around and flaggers walking around planes that are pushing back help make the world feel more alive. Wind affects the waves on lakes and oceans (and windsocks on airports). This is truly a next-generation flight simulator.

Image Credits: Microsoft

Microsoft and Asobo have to walk a fine line between making Flight Simulator the sim that hardcore fans want and an accessible game that brings in new players. I’ve played every version of Flight Simulator since the 90s, so getting started took exactly zero time. My sense is that new players simply looking for a good time may feel a bit lost at first, despite Microsoft adding landing challenges and other more gamified elements to the sim. In a press briefing, the Asobo team regularly stressed that it aimed for realism over anything else — and I’m perfectly ok with that. We’ll have to see if that translates to being a fun experience for casual players, too.

Kibbo wants to remake the trailer park so #vanlife can be a life and not a lifestyle

Colin O’Donnell was already rethinking the notion of what makes cities and communities function even before the COVID-19 epidemic swept through the U.S. and revealed some of the cracks in centuries-old structures of urban life.

O’Donnell was part of the early wave of urban tech innovation, which began to rise about six years ago. He co-founded Intersection, a company manufacturing digital kiosks for public transportation services, which was eventually rolled up in one of the first big acquisitions from the Alphabet-owned subsidiary Sidewalk Labs .

While the initial optimism for — and interest in — technology’s ability to reshape the built environment has stumbled thanks to both Sidewalk’s data collection overreach in its initial Toronto project and the financial stresses that the COVID-19 epidemic has placed on cities across the country, experiments with how to integrate technology into society more intelligently continue on the margins. And investments in real estate technology continue to rise.

O’Donnell’s new company, Kibbo, takes advantage of both trends. The San Francisco-based startup aims to upgrade the American trailer park, making it a network of intentional communities for the remote-working, previously urban professionals (PUPs?).

To ensure that these remote working puppies (I’m going with it) can navigate the American roadways in the manner to which they’re accustomed, Kibbo pitches exclusive RV parks outfitted with amenities like kitchen supplies and basic staples like coffee and snacks, a gym and recreational facilities for congregating. The company is now taking applications for membership and will be charging $1,000 per month to access its locations of sites near major national parks across the West Coast.

For members who don’t have their own vehicles, Kibbo offers access to top-of-the-line Mercedes Sprinters outfitted with the latest in #vanlife amenities. The vans cost roughly $1,000 per month to rent.

Beginning in the fall, members who get past Kibbo’s virtual velvet rope and gain access to the company’s communities will be able to visit spots in Ojai, Zion, Black Rock Desert and Big Sur. Those locations will be complemented by spots in urban cores in Los Angeles, San Francisco and somewhere in Silicon Valley, according to a statement from O’Donnell.

“With the pressure of months of quarantine fueling the desire for people to get out of their expensive apartments in the city to explore nature and connect with people, we now have the demand and opportunity to rethink how we live, work, have fun, and find meaning,” he said. “We get to rethink the urban experience and define what we want cities of the future to really look like.”

With Kibbo’s launch, would-be puppies (still going with it) attracted to its vision of a network of community spaces shared by professionals whose companies have embraced remote work, can now pay $100 to apply to be part of the network.

Image Credit: Kibbo

The company is tapping in to a part of the American zeitgeist that’s nearly as old as the country itself. From its inception, people came (and colonized) the country in an effort to create communities that would reflect their values and beliefs and afford them an opportunity to flourish (at the expense of others).

It’s also working off of the glamping phenomenon that netted HipCamp a valuation over $100 million and grabbed Tentrr an $11 million round of financing. HipCamp offers a database of campsites that earns money by taking a commission from the bookings it facilitates to over 300,000 sites across the U.S.

Like Tentrr, Kibbo is using private land to set up sites accessible to membership. But unlike Tentrr, Kibbo owns its own real estate and is setting up its sites to be part of a community rather than just an experience for travelers looking for a different option from a city vacation or competing for campsites at national parks.

Kibbo also thinks of itself as developing a new kind of roving cities comprised of a certain kind of membership.

“Unlike, traditional top-down designed and built real estate developments, Kibbo is setting out to build the first of the next generation of cities: flexible, reconfigurable, designed and defined by the people that live in it, off the grid and sustainable,” O’Donnell said. 

That’s what attracted Urban.us investor Shaun Abrahamson.

“In the short and medium term, I think this looks like a specialty part of the RV market. However, our sense is that RV experience was designed for vacations or retirees and trends like remote work and van life suggest there is demand for different kind of infrastructure and experience… Our longer term interest is climate and affordable housing,” Abrahamson said.  

Climate change and the resulting flooding, fires and rising sea levels are going to change the kinds of infrastructure to support permanent housing, Abrahamson said.

Van life is benefitting from mobile infrastructure — solar + batteries make off-grid easier. As prices come down, mobile housing and infrastructure will become more attractive. And Kibbo is filling in other lightweight pieces of infrastructure related to things like sanitation and security and, yes, they’ll layer in experiences, too,” he said.  

Both Abrahamson and O’Donnell think there will be more nomadic communities far beyond vacations and retirement, and Kibbo is the firm’s attempt to tap into that trend. It’s a vision for a future of cities that doesn’t include them, and one that O’Donnell, a New York transplant living in a communal space in San Francisco, embraces.

“While Kibbo offers an exciting lifestyle from day one, we’re making a bet that the future of cities is electric, autonomous, distributed, renewable and user-generated,” O’Donnell said.

Image Credit: Kibbo