Full Disclosure mailing list archives
Re: Android IMSI-Catcher Detector (AIMSICD)
From: "SecUpwN" <secupwn () z1p biz>
Date: Thu, 27 Mar 2014 13:11:54 +0100
Hi there, Justin!
The project page states your looking for crowd funding/sourcing. Considering the mention of whisper systems this seemed obvious. https://github.com/WhisperSystems/BitHub
Yes, I've been thinking about that, too. Great you suggested it!
Might take some tweaking but designed with bit coin in mind and pays out per commit. Not exactly what you want, but would help drive incentive for developers.
Hm.. I'll discuss that with the other developers and keep you updated. Thanks! Greetings, SecUpwN
On Mar 27, 2014 5:36 AM, SecUpwN <secupwn () z1p biz> wrote: Good morning, George!Hey, how are you?Fine, a little tired, but weather outside rocks. And you? :)I've been going through some of your code and want to congratulate youon the amazing job you've done so far!Thank you, I will forward these warm words to our current main developer "xLaMbChOpSx" and Jofre Palau, who coded RawPhone in the first place. As much as I'd like to be the one who coded the stuff that is already there - I haven't. Nevertheless, I'm still learning and will continue to contribute.I might be possible to contribute a bit to your project, whenever Icansqueeze some free time and do what I can to help you through towardscompleting it.Oh, is that the case? Thank for your offer, you're very welcome to do so!These are some of the things I can help you with: - - Reverse engineering vendor RILs and/or firmware - - Have been playing around with osmocom the past year for some pentests and I think it could be ported to Android using direct AT commands ( /dev/sc - something, have them written down somewhere...)- - Help with some C/C++ codingIf you're not yet registered at XDA, I encourage you to so. You should definately participate in our official development thread here where most of the talking takes place: http://forum.xda-developers.com/showthread.php?t=1422969 - I'll be happy to see you there!Have you had a chance to get a look at the replicant spin, they've reversed engineer some of the samsung modem interfaces which couldbehelpful. ( https://gitorious.org/replicant/external_libsamsung-ipc/source/7d789225fbfe14034b2fcc63dd1d1e92f5482dd2:Would you please re-post this on mentioned XDA-thread? I'm sure others will profit from that, too.Let me know what I can do for you, but I cant promise a full time commitment.No worries. Having you here as a support is awesome enough. ;-)On 26/03/2014 20:43, SecUpwN wrote:Dear security enthusiasts and developers, as you all may know, smartphones are facing a difficult time withallthe tracing and data collection that is going on. The biggest securityhole is, beneath the user itself, the network of the providers. Providers are making it fairly easy to let smartphones connect to IMSI-Catchers, which then in turn are able to listen and record voicecalls of a victim, even reading their SMS and tapping all communicationis possible. Of course this is not, where the story ends: Have areadofthis article: https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/to get updated that the NSA is using unmanned drones to detect and KILLtheir targets solely based on metadata (websites, calls, SMS, etc.).Those drones do not care whether the targeted person is the "terrorist"or simply an innocent guy with a borrowed phone in his hands. To getback to my point: IMSI-Catchers are a real problem.And since such surveillance is not easily spotted, I would liketointroduce AIMSICD - the Android IMSI-Catcher Detector to you: http://secupwn.github.io/Android-IMSI-Catcher-Detector/. If you canreadgerman (or know how to use an online translator), I highly recommendtoread this to get you started on the basics why our project is so important: http://www.kuketz-blog.de/imsi-catcher-erkennung-fuer-android-aimsicd/E:V:A, the starter of this project and I, as well as a few coders,writers and security freaks are currently working to develop this apptodetect and prevent IMSI-Catcher attacks on the Android platform. Thesedays IMSI-Catchers are "not only" affordable for governments,butfairly easy to build with a rather small amount of money and work - thus enabling any criminals to intercept your phone calls, read & spoofyourtext messages and do a lot of other kinky scary stuff with YOUR mobilephone. The purpose of our app is to warn the privacy-aware user thatheis being subject to surveillance and maybe give some hints on what todonext.Is our app ready to use yet? No, by far not. But hey, we did start!Feel free to check out our GitHub here: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector. If you areoneof those people like me, who is happy to use apps like Xprivacy, TextSecure, RedPhone and Pry-Fi, don't hesitate to spread the word,starthis project on GitHub and (if you can) contribute. Our hardest issueisyet to come: We are looking out to find people who are able to helpusdeploying the baseband - indicators for an IMSI-Catcher attack are verysubtle, thus we need to digg down very deep into closed-source internals. Any hint or help to find someone for this is highly appreciated.In the name of creator E:V:A and myself, as well as the thousandsofusers out there being subject to such heavy surveillance, I would liketo welcome anyone who wants this app to come alive to have a sneak atthe already existing development roadmap as well as on our primary discussion thread on XDA here: http://forum.xda-developers.com/showthread.php?t=1422969. Don't betooshy to post your constructive criticism, feedback and contributionsintothat thread! Most importantly though, if you know any Android developeror security enthusiasts, feel free to forward this E-Mail with warmestrecommendations. We are aiming to let this App get added to the theSurveillance Self-Defense Project of the EFF as well as the list ofappsrecommended by the Guardian-Project.Thank you very much for checking it out and saving our privacy.With very much respect to all of you SecUpwN and E:V:A ______________________________________________________ powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous andsecure internet._______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTMzwBAAoJEHdW/pe+q+B4+5UIAJe3dCJ9YC9f2qE3RzaLj+Yb MrIH1zAqucWmf9WAGiicGgXgdPB8YYTEL5N/VIMkumj4cK6NBg5B6D0UjKbzEHMQ BSGTgbLLtqQtwIto+TnjabwAvjWL4dlbjGGhyNQl08hl2dMN3bsDUpbMl073ZTT4 d0h+XnxP8l3Z4/EKhE6nuLbg/dQXFzWNZ5J+ubterTz4D3QEpojemY6Ni049ZAnL eVDmM4NtlAoUgtGi5t+5ZoOaQeiWwLgP1s49DO68aW0mIb8ecSDqvhmiQt/Iz6zC cRyj7hxLdmMPTbieb45lQuROQrC5m9DaUt/wOrzgrEw4XzDQCl/7UP9QqPj/mog= =Io+f -----END PGP SIGNATURE-----______________________________________________________ powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
______________________________________________________ powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Android IMSI-Catcher Detector (AIMSICD) SecUpwN (Mar 26)
- Re: Android IMSI-Catcher Detector (AIMSICD) charles (Mar 26)
- Message not available
- Re: Android IMSI-Catcher Detector (AIMSICD) SecUpwN (Mar 27)
- Message not available
- Re: Android IMSI-Catcher Detector (AIMSICD) SecUpwN (Mar 27)
- Re: Android IMSI-Catcher Detector (AIMSICD) SecUpwN (Mar 27)
- Re: Android IMSI-Catcher Detector (AIMSICD) † (Mar 27)