Are you angry with your boss or your colleagues? Do you want to spy on them? The engineer Julian Oliver has demonstrated how to do it with a tiny cellphone base station concealed in an apparently innocuous office printer.
Oliver dubbed his project Stealth Cell Tower, it is an antagonistic GSM base station concealed in an office printer.
The expert explained that the Stealth Cell Tower is part of an ongoing research on the practice of disguising cell towers as other things (i.e. like trees or church spires), in 2014 he wrote an interesting article titled “Stealth Infrastructure.”
Here, Stealth Cell Tower situates this same outdoor practice indoors, where an HP printer is perhaps the most innocuous of flora.
“Stealth Cell Tower is an antagonistic GSM base station in the form of an innocuous office printer. It brings the covert design practice of disguising cellular infrastructure as other things – like trees and lamp-posts – indoors, while mimicking technology used by police and intelligence agencies to surveil mobile phone users.” reads a blog post on the project.
Oliver used a common HP Laserjet 1320 because it has a helpful free space inside the casing, then assembled inside the device a RaspberryPi 3 with a couple of antennas, the BladeRF SDR board and some cabling to power these components.
The complete list of the hardware used by the expert includes:
Oliver explained that the Raspberry Pi 3 was chosen after failed attempts to achieve stable YateBTS performance on the Intel Edison, Beaglebone Black and I-MX6 Marsboard, that were first choices due to their small footprint.
“The Raspberry Pi 3 was chosen after failed attempts to achieve stable YateBTS performance on the Intel Edison (tiny – would’ve saved space!), Beaglebone Black and even an I-MX6 Marsboard,” he wrote. “Unlike the antiquated OpenBTS, YateBTS really seems to need those extra cores, otherwise ignoring accelerators like NEON on the Cortex A8/9 platforms.”
The core of the experiment is the code written by Oliver and running on the tiny PC, it operates as a bogus cellphone tower that detects nearby phones and sends them SMS messages.
“Masquerading as a regular cellular service provider, Stealth Cell Tower surreptitiously catches phones and sends them SMSs written to appear they are from someone that knows the recipient. It does this without needing to know any phone numbers.”
The Stealth Cell Tower is able to print for each response to the above messages a transcript that includes various information such as the captured message sent, the victim’s unique IMSI number and other identifying data. The printer also randomly calls victim’s phones in the environment and on answering, Stevie Wonder’s 1984 classic hit I Just Called To Say I Love You is heard.
It is clear that a similar configuration could be used in a real attack scenario, for example by sending out phishing SMS messages or to perform man-in-the-middle attacks against workers.
In short, it could become a very powerful surveillance device, the next time you mount a printer in the office, look inside.
You can download the full code used by the expert here (sha256sum eaabeb72eb5bf3e62cbfedb43dbc623437b40728b25555d88c9e8f06ca31d090).
[adrotate banner=”9″]
(Security Affairs – Stealth Cell Tower, espionage)