Replies: 3 comments 1 reply
-
|
I believe this is the same discussion as #784 -- I have this heuristic disabled via config for this reason. IIRC parts of the heuristic assumes you are in a country without 2G, i.e. the US.
Good question, tbh I don't know either. @cooperq ? |
Beta Was this translation helpful? Give feedback.
-
|
Peter can you send me this pcap file to my work signal: @cooperq.01 |
Beta Was this translation helpful? Give feedback.
-
|
Sorry, just saw your reply now. Thanks |
Beta Was this translation helpful? Give feedback.
-
|
We have fixed the false positive that @untitaker mentions above. This heuristic can be safely enabled in EU again. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi guys,
First of all, thanks for this great project. Much appreciated!
I've been walking around a European capital with my rayhunter on a TP Link M7350 running v0.9.0 for a few weeks.
Today I got my first critical alert when out to lunch but I believe it is most likely a false positive.
The alert (8 of them in a row) was triggered by the LTE SIB 6/7 Downgrade v1 heuristics, and it specifically mentions "LTE cell advertised a 3G cell for priority 0 reselection". The reasons I suspect this is a false positive:
The cell network in that specific area has always been pretty bad so perhaps it would make sense for the network to try to push my device from 4G to 3G since LTE/4G is very weak there?
AFAIK 3G supports mutual auth so it is not vulnerable to stingrays. If it were truly an attack wouldn't they jam/downgrade my phone to 2G?
Anyway, I thought that sharing real world testing info could be helpful to the project. Happy to provide the pcap files to the team if they think it would be useful.
Cheers,
Peter
Beta Was this translation helpful? Give feedback.
All reactions