Android IMSI Catcher detection
Cathal Garvey (Phone)
cathalgarvey at cathalgarvey.me
Mon Dec 9 14:31:11 PST 2013
IDD, I've searched for an Android API for detecting crypto algo for ages and turned up empty. However, you can get the tower ID, so a distributed, communally (cantenna?) verified whitelist of 'good' towers is doable, with automatic disconnection if an unwhitelisted tower connects..?
Can/do IMSI systems spoof tower id: is there anything in GSM to make towers self-verifying? I'm guessing no, in which the above would be very poor.
Also of note is API for signal strength, so a mapping of known towers to expected strength at location XYZ could be used to detect systems used to home in on phones, which usually max out on signal and tell your phone to do likewise. Indeed, a strong signal tower which still asks your phone to dial up the juice should be regarded as an attack.
Matej Kovacic <matej.kovacic at owca.info> wrote:
>Hi,
>
>> it doesn't "function" yet, period. *grin*
>>
>> i leave it as an exercise for the reader to implement A0 detection on
>Android...
>Unfortunaltely I have no idea how to implement detection of A5/x
>ciphering used or detection of silent SMS'es on Android. However, it is
>very simple on Osmocom platform.
>
>Anyway, IMSI Catcher detection project needs developers.
>
>P. S. A little more info about GSM hacking is here:
>http://matej.owca.info/predavanja/GSM_security_2012.pdf
>We also have some nice videos showing identity theft in GSM network...
>:-))
>
>I have also found out how to completely fake traffic data (data
>retention anyone :-)) ) and even how to insert arbitrary voice
>recording
>into eavesdropping database (in case police is eavesdropping to some
>mobile phone). Nice to know how "strong" could be computer generated
>evidence...
>
>Regards,
>
>M.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2357 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131209/859019d8/attachment-0001.txt>
More information about the cypherpunks
mailing list