Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Android IMSI-Catcher Detector (AIMSICD)
From: charles () thefnf org
Date: Wed, 26 Mar 2014 15:31:51 -0500

On 2014-03-26 13:43, SecUpwN wrote:
Dear security enthusiasts and developers,

Providers are making it fairly easy to let smartphones connect to
IMSI-Catchers, which then in turn are able to listen and record voice
calls of a victim, even reading their SMS and tapping all
communication is possible.

How is this the providers fault? Isn't this a core issue with the GSM protocol, and simply camping to the strongest source? Which is why the catchers are usually mobile (like the recent case in Florida with the Verizon data card). Also not sure how this works with CDMA. I guess they can push a forced PRL update perhaps?

 To get back to my point: IMSI-Catchers are a real problem.
And since such surveillance is not easily spotted,

It's not? Then how does your program work?

 I would like to
introduce AIMSICD - the Android IMSI-Catcher Detector to you:

I've forked it and starred it.

Didn't know about https://www.gsmmap.org/ , that's pretty neat.

So can't the base stations all be turned into IMSI catchers essentially? Why even bother with MITM and passthrough, when you can just NSL a telco. I'm pretty sure all the gear is CALEA compliant. I mean sure, criminals can make use of a mobile IMSI catcher. However I think it's far more effective to stick with phishing and other traditional internet attack vectors. Not to mention Android malware. Why spend the time/money to hack layer 1 (which requires proximity) when layer 7 is wide open?

E:V:A, the starter of this project and I, as well as a few coders,
writers and security freaks are currently working to develop this app
to detect and prevent IMSI-Catcher attacks on the Android platform.

These days IMSI-Catchers are "not only" affordable for governments,
but fairly easy to build with a rather small amount of money and work
- thus enabling any criminals to intercept your phone calls, read &
spoof your text messages and do a lot of other kinky scary stuff with
YOUR mobile phone.

Or they'll just infect the users with malware. Way easier.

The purpose of our app is to warn the privacy-aware
user that he is being subject to surveillance and maybe give some
hints on what to do next.

Can you explain in a few sentences the core of the idea/algorithm you are using to do this? I'm looking over all the linked materials and haven't really seen that detailed.

Our hardest
issue is yet to come: We are looking out to find people who are able
to help us deploying the baseband - indicators for an IMSI-Catcher
attack are very subtle, thus we need to digg down very deep into
closed-source internals. Any hint or help to find someone for this is
highly appreciated.

I presume you are in close touch with oscombb already?

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]