COVID-bit attack
This article takes us to the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev in Israel, which has found problems with so-called airgapped networks.
2024 has been here for a while now, and it’s not just another year – it’s a fresh chapter for soaking up wisdom, leveling up, and widening your Stealth Phone knowledge.
Of course, we’d like to throw some fuel into your learning journey for the year. There’s a golden ticket for our users, and a backstage pass for our resellers that we’re sending to you so you can dive back into epic insights of the XStealth project.
And by that, we mean:
You already know that a regular cell phone that has no IMEI or an invalid IMEI, cannot connect to the mobile network, being rejected. Hence, no calls, SMSs, or data connection are possible. A simple Google search will reveal this situation, encountered by many cell phones after flashing a custom ROM or new firmware or updating the existing one.
Mobile operators regularly update their network software and protocols to fix bugs, enhance performance, and improve efficiency. The latest 4G protocol update has a serious issue. Our programmers and telco engineers did a great job by exploiting this major loophole discovered in mobile network protocol, making possible phone calls and SMSs, with no IMEI on the phone. No, is not a malformed IMEI, hidden IMEI, or type 0 IMEI (000000000000000). The phone that has literally no IMEI number, can make and receive phone calls, and send and receive SMSs. All XStealth Pro phones will be delivered with this new special function, enabled.
Important: you should check which local network allows the ZERO IMEI function. Some networks allow ZERO IMEI only on 4G bands since other networks allow this function on 2G, 3G, and 4G bands. Also, some carriers allow only incoming phone calls but not outgoing phone calls. All this came from the home network settings, technology, and software used for BTS/BSC/HLR.
If the user cannot find any mobile network that allows ZERO IMEI function (pretty much unlikely), then will have to manually write the IMEI on the phone, which is provided in User Instructions.
IMEI ZERO is available only for XStealth Pro.
First, a short introduction to Classmark and IMEI.
The International Mobile Equipment Identity (IMEI) and Cell Phone Classmark are distinct identifiers associated with mobile phones, but they serve different purposes.
IMEI (International Mobile Equipment Identity):
Purpose: the IMEI is a unique identifier assigned to each mobile device globally. It is a 15-digit number that serves as a digital fingerprint for a specific mobile phone.
Usage:
Cell Phone Classmark:
Purpose: the cell phone classmark, on the other hand, is not a unique identifier like the IMEI. Instead, it refers to the characteristics or capabilities of a mobile device related to its compatibility with various network technologies.
Usage:
In summary, while the IMEI is a unique identifier for a mobile device used for identification and security purposes, the cell phone classmark provides information about the technical capabilities of a mobile device relevant to its interaction with the mobile network. The IMEI is more focused on device identification and security, while the classmark is more about network optimization and compatibility.
Here is how a Classmark analysis is done by a GSM Interceptor:
The Keep Classmark special function is now available along with the IMEI Change function. When enabling Keep Classmark, newly generated IMEIs will match with the phone classmark. This way, no alerts will be triggered on carrier servers, and no suspicions will arise from the human operator of a GSM Interceptor. When there is no match between IMEI and Classmark, the conclusion is that the phone uses IMEI change technology, a situation that can draw unwanted attention from both the network provider and the GSM Interceptor. For instance, if the phone IMEI impersonates a Nokia phone, and the phone Classmark displays a Samsung phone, then an alert will be triggered in the carrier servers. Usually, they don’t take any action because this mismatch does not affect the network function, and in the real world are millions of cell phones that have no match between IMEI and Classmark. From the point of view of a GSM Interceptor human operator, this kind of mismatch is a clear indicator that a phone can change its IMEI, which will draw further attention.
Why there is a button to enable/disable Classmark match?
Well, sometimes, the phone user needs to use this kind of mismatch just to generate errors on a GSM Interceptor, which will skip the phone from monitoring. For instance, if the phone displays 2 identical IMEIs and a single Classmark, this peculiar situation is registered as an error, and the GSM Interceptor will skip both IMEIs from surveillance.
Also, the user has to disable the Keep Classmark function, before using XTerminator, a special function that uses malformed IMEIs or/and unmatched IMEIs with Classmark for OTA attacks.
To force a mobile phone to leave the home network and connect to the GSM Interceptor is not enough to manipulate the C2 parameter along with the LAC value and output power. The assignment of an IMSI catcher has several difficulties. The target cell phone should be in standby mode before attempting to enforce the connection. There is no way to enforce the cell phone connection during an active phone call due to the C2 assignment. Also, the IMSI Catcher human operator needs to identify the correct network operator used by the target phone. Otherwise, from the point of view of the target cell phone, there is no need to log into the simulated base station (IMSI Catcher/GSM Interceptor). Here comes Sentinel’s special function, which mimics an active MO phone call as long as the function is enabled. This is done by exploiting the MOC (mobile originating call) Immediate Assignment procedure. The phone will continuously send IA requests via SDCCH, in a way that does not interfere with the already assigned SDCCH for MOC and MTC (Mobile Terminated Call). Putting all these in other words, Sentinel is an anti-standby mode function, which does not allow phone connection to another BS. There are some backdraws: the phone might experience low signal and even signal loss difficulties. Disabling and enabling again Sentinel will solve the problem (if occurs).
You are probably aware of the newest method used mainly by the US LEA/Govt to spy on people’s cell phones, taking advantage of Google and Apple products installed on cell phones. More here: https://sg.finance.yahoo.com/news/governments-spying-apple-google-users-111228279.html?guccounter=1
XStealth Pro does not have this security flaw, since Google is 100% removed from the phone. However, XStealth Ultra is a fully enabled Google cell phone but with a push-notification data filter: no matter which apps the phone user installs, all notifications are secured by a new kind of firewall. No other details can be disclosed at this time regarding the firewall.
Thank you for your time.
This article takes us to the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev in Israel, which has found problems with so-called airgapped networks.
This case, discovered by Indian cybersecurity researcher Anand Prakash, was just a bug of bad programming, and is euphemistically called IDOR, short for Insecure Direct Object Reference.
Remember our warnings regarding VPN use and security flaws that all VPNs have? Now this: FBI warning: This zero-day VPN software flaw was exploited by APT hackers.