IDD, I've searched for an Android API for detecting crypto algo for ages and turned up empty. However, you can get the tower ID, so a distributed, communally (cantenna?) verified whitelist of 'good' towers is doable, with automatic disconnection if an unwhitelisted tower connects..?

Can/do IMSI systems spoof tower id: is there anything in GSM to make towers self-verifying? I'm guessing no, in which the above would be very poor.

Also of note is API for signal strength, so a mapping of known towers to expected strength at location XYZ could be used to detect systems used to home in on phones, which usually max out on signal and tell your phone to do likewise. Indeed, a strong signal tower which still asks your phone to dial up the juice should be regarded as an attack.

Matej Kovacic <matej.kovacic@owca.info> wrote:
Hi,

it doesn't "function" yet, period. *grin*

i leave it as an exercise for the reader to implement A0 detection on Android...
Unfortunaltely I have no idea how to implement detection of A5/x
ciphering used or detection of silent SMS'es on Android. However, it is
very simple on Osmocom platform.

Anyway, IMSI Catcher detection project needs developers.

P. S. A little more info about GSM hacking is here:
http://matej.owca.info/predavanja/GSM_security_2012.pdf
We also have some nice videos showing identity theft in GSM network... :-))

I have also found out how to completely fake traffic data (data
retention anyone :-)) ) and even how to insert arbitrary voice recording
into eavesdropping database (in case police is eavesdropping to some
mobile phone). Nice to know how "strong" could be computer generated
evidence...

Regards,

M.

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.