Re: Android IMSI-Catcher Detector (AIMSICD)

[charles () thefnf org]

On 2014-03-26 13:43, SecUpwN wrote:
> Dear security enthusiasts and developers,
>
> Providers are making it fairly easy to let smartphones connect to
> IMSI-Catchers, which then in turn are able to listen and record voice
> calls of a victim, even reading their SMS and tapping all
> communication is possible.


How is this the providers fault? Isn't this a core issue with the GSM 
protocol, and simply camping to the strongest source? Which is why the 
catchers are usually mobile (like the recent case in Florida with the 
Verizon data card). Also not sure how this works with CDMA. I guess they 
can push a forced PRL update perhaps?

 To get back to my point: IMSI-Catchers are a real problem.
> And since such surveillance is not easily spotted,

It's not? Then how does your program work?


 I would like to
> introduce AIMSICD - the Android IMSI-Catcher Detector to you:
> http://secupwn.github.io/Android-IMSI-Catcher-Detector/.


I've forked it and starred it.

Didn't know about https://www.gsmmap.org/ , that's pretty neat.

So can't the base stations all be turned into IMSI catchers essentially? 
Why even bother with MITM and passthrough, when you can just NSL a 
telco. I'm pretty sure all the gear is CALEA compliant. I mean sure, 
criminals can make use of a mobile IMSI catcher. However I think it's 
far more effective to stick with phishing and other traditional internet 
attack vectors. Not to mention Android malware. Why spend the time/money 
to hack layer 1 (which requires proximity) when layer 7 is wide open?


> E:V:A, the starter of this project and I, as well as a few coders,
> writers and security freaks are currently working to develop this app
> to detect and prevent IMSI-Catcher attacks on the Android platform.


> These days IMSI-Catchers are "not only" affordable for governments,
> but fairly easy to build with a rather small amount of money and work
> - thus enabling any criminals to intercept your phone calls, read &
> spoof your text messages and do a lot of other kinky scary stuff with
> YOUR mobile phone.

Or they'll just infect the users with malware. Way easier.


The purpose of our app is to warn the privacy-aware
> user that he is being subject to surveillance and maybe give some
> hints on what to do next.


Can you explain in a few sentences the core of the idea/algorithm you 
are using to do this? I'm looking over all the linked materials and 
haven't really seen that detailed.


Our hardest
> issue is yet to come: We are looking out to find people who are able
> to help us deploying the baseband - indicators for an IMSI-Catcher
> attack are very subtle, thus we need to digg down very deep into
> closed-source internals. Any hint or help to find someone for this is
> highly appreciated.


I presume you are in close touch with oscombb already?



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/