On Mon, Dec 9, 2013 at 2:31 PM, Cathal Garvey (Phone) <cathalgarvey@cathalgarvey.me> wrote:
IDD, I've searched for an Android API for detecting crypto algo for ages and turned up empty.
i feel your pain... (~_~;)
However, you can get the tower ID, so a distributed, communally (cantenna?) verified whitelist of 'good' towers is doable, with automatic disconnection if an unwhitelisted tower connects..?
sort of; there are some interesting attacks using a force-pushed silent PRL update (see DC19/DC20 cell attacks threads) which would be observable by tower ID oddities, not to mention decremented or zero PRL version. however, you'd have to be paying attention (who checks their PRL regularly? :). if you simply check if a tower is in http://www.opencellid.org/cell/list for example, you're open to attacks spoofing a legitimate but remote (out of range) tower. using direction finding techniques to cross reference the transmitter location against the expected GPS coordinates in a tower database relative to your position would also detect these tower impersonators, but requires more hardware than a mobile baseband...
Can/do IMSI systems spoof tower id: is there anything in GSM to make towers self-verifying? I'm guessing no, in which the above would be very poor.
the expensive, limited distribution kit will be hard to distinguish without a high performance software defined radio. if you're able to detect an identically spoofed tower using OsmocomBB with high confidence i'd love to know how you did it!
Also of note is API for signal strength, so a mapping of known towers to expected strength at location XYZ could be used to detect systems used to home in on phones, which usually max out on signal and tell your phone to do likewise. Indeed, a strong signal tower which still asks your phone to dial up the juice should be regarded as an attack.
truth. also, an inversion of observed data link capacity (suddenly seeing receive bandwidth drop in half or more while transmit rate doubles) is no bueno. best regards,