Android IMSI Catcher detection

Matej Kovacic matej.kovacic at owca.info
Tue Dec 10 02:56:39 PST 2013


Hi,

> Can/do IMSI systems spoof tower id: is there anything in GSM to make
> towers self-verifying? I'm guessing no, in which the above would be very
> poor.
No, the problem is, that mobile phone authenticates to mobile network,
but the opposite is not true. Since mobile network does not authenticate
itself to mobile phone, IMSI Catcher attacks are possible.

There has been also demonstration of "home-made" IMSI Catcher based on
Osmocom platform last year at the CCC conference.

The video of the presentation "Further hacks on the Calypso platform" by
Sylvain Munaut is here:
http://media.ccc.de/browse/congress/2012/29c3-5226-en-further_hacks_calypso_h264.html

So, it is very easy to set up fake cell with any cell ID.

> Also of note is API for signal strength, so a mapping of known towers to
> expected strength at location XYZ could be used to detect systems used
> to home in on phones, which usually max out on signal and tell your

This would not work, because cells are not static (new cell emerge,
covered area changes, etc.) and opencellid database is not regularly
updated. There could also be femtocells used, etc...


Regards,

M.



More information about the cypherpunks mailing list