Stealth Cell Tower, it is an antagonistic GSM base station concealed in an office printer that could be used for surveillance purposes.
Are you angry with your boss or your colleagues? Do you want to spy on them? The engineer Julian Oliver has demonstrated how to do it with a tiny cellphone base station concealed in an apparently innocuous office printer.
Oliver dubbed his project Stealth Cell Tower, it is an antagonistic GSM base station concealed in an office printer.
The expert explained that the Stealth Cell Tower is part of an ongoing research on the practice of disguising cell towers as other things (i.e. like trees or church spires), in 2014 he wrote an interesting article titled “Stealth Infrastructure.”
Here, Stealth Cell Tower situates this same outdoor practice indoors, where an HP printer is perhaps the most innocuous of flora.
“Stealth Cell Tower is an antagonistic GSM base station in the form of an innocuous office printer. It brings the covert design practice of disguising cellular infrastructure as other things – like trees and lamp-posts – indoors,while mimicking technology used by police and intelligence agencies to surveil mobile phone users.” reads a blog post on the project.
Oliver used a common HP Laserjet 1320 because it has a helpful free space inside the casing, then assembled inside the device a RaspberryPi 3 with a couple of antennas, the BladeRF SDR board and some cabling to power these components.
The complete list of the hardware used by the expert includes:
- A Hewlett Packard Laserjet 1320 printer modified to contain and power components
- BladeRF x40
- Raspberry Pi 3
- 2x short GSM omnidirectional antennae with magnetic base
- 2x SMA cable
- Cigarette-lighter-to-USB-charger circuit (converting 12-24v to 5v)
- 1x USB Micro cable (cut and soldered to output of USB charger)
- 1x USB A cable (cut and soldered to printer mainboard)
Oliver explained that the Raspberry Pi 3 was chosen after failed attempts to achieve stable YateBTSperformance on the Intel Edison, Beaglebone Black and I-MX6 Marsboard, that were first choices due to their small footprint.
“The Raspberry Pi 3 was chosen after failed attempts to achieve stable YateBTS performance on the Intel Edison (tiny – would’ve saved space!), Beaglebone Black and even an I-MX6 Marsboard,” he wrote. “Unlike the antiquated OpenBTS, YateBTS really seems to need those extra cores, otherwise ignoring accelerators like NEON on the Cortex A8/9 platforms.”
The core of the experiment is the code written by Oliver and running on the tiny PC, it operates as a bogus cellphone tower that detects nearby phones and sends them SMS messages.
“Masquerading as a regular cellular service provider, Stealth Cell Tower surreptitiously catches phones and sends them SMSs written to appear they are from someone that knows the recipient. It does this without needing to know any phone numbers.”
The Stealth Cell Tower is able to print for each response to the above messages a transcript that includes various information such as the captured message sent, the victim’s unique IMSI number and other identifying data. The printer also randomly calls victim’s phones in the environment and on answering, Stevie Wonder’s 1984 classic hit I Just Called To Say I Love You is heard.
It is clear that a similar configuration could be used in a real attack scenario, for example by sending out phishing SMS messages or to perform man-in-the-middle attacks against workers.
In short, it could become a very powerful surveillance device, the next time you mount a printer in the office, look inside.
Source:https://securityaffairs.co/
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.