Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Android IMSI-Catcher Detector (AIMSICD)

From: "SecUpwN" <secupwn () z1p biz>
Date: Thu, 27 Mar 2014 13:11:54 +0100

Hi there, Justin!


The project page states your looking for crowd funding/sourcing. Considering
the mention of whisper systems this seemed obvious.

https://github.com/WhisperSystems/BitHub


Yes, I've been thinking about that, too. Great you suggested it!


Might take some tweaking but designed with bit coin in mind and pays out
per commit. Not exactly what you want, but would help drive incentive for
developers.


Hm.. I'll discuss that with the other developers and keep you updated. Thanks!

Greetings,

SecUpwN



On Mar 27, 2014 5:36 AM, SecUpwN <secupwn () z1p biz> wrote:

Good morning, George!


Hey, how are you?


Fine, a little tired, but weather outside rocks. And you? :)


I've been going through some of your code and want to congratulate you



on the amazing job you've done so far!


Thank you, I will forward these warm words to our current main developer
"xLaMbChOpSx" and Jofre Palau, who coded RawPhone in the first
place. As much as I'd like to be the one who coded the stuff that is already
there - I haven't. Nevertheless, I'm still learning and will continue to
contribute.


I might be possible to contribute a bit to your project, whenever I

can

squeeze some free time and do what I can to help you through towards



completing it.


Oh, is that the case? Thank for your offer, you're very welcome to do so!



These are some of the things I can help you with:
- - Reverse engineering vendor RILs and/or firmware
- - Have been playing around with osmocom the past year for some
pentests and I think it could be ported to Android using direct AT
commands ( /dev/sc - something, have them written down somewhere...

)

- - Help with some C/C++ coding


If you're not yet registered at XDA, I encourage you to so. You should definately
participate in our official development thread here where most of the talking
takes place: http://forum.xda-developers.com/showthread.php?t=1422969 - I'll
be happy to see you there!


Have you had a chance to get a look at the replicant spin, they've
reversed engineer some of the samsung modem interfaces which could

be

helpful. (
https://gitorious.org/replicant/external_libsamsung-ipc/source/7d789225fbfe14034b2fcc63dd1d1e92f5482dd2:



Would you please re-post this on mentioned XDA-thread? I'm sure others will
profit from that, too.


Let me know what I can do for you, but I cant promise a full time
commitment.


No worries. Having you here as a support is awesome enough. ;-)



On 26/03/2014 20:43, SecUpwN wrote:


Dear security enthusiasts and developers,

as you all may know, smartphones are facing a difficult time with

all


the tracing and data collection that is going on. The biggest security



hole is, beneath the user itself, the network of the providers.
Providers are making it fairly easy to let smartphones connect to
IMSI-Catchers, which then in turn are able to listen and record voice



calls of a victim, even reading their SMS and tapping all communication



is possible. Of course this is not, where the story ends: Have aread

of


this article:
https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/




to get updated that the NSA is using unmanned drones to detect and KILL



their targets solely based on metadata (websites, calls, SMS, etc.).



Those drones do not care whether the targeted person is the "terrorist"




or simply an innocent guy with a borrowed phone in his hands. To get



back to my point: IMSI-Catchers are a real problem.

And since such surveillance is not easily spotted, I would like

to

introduce AIMSICD - the Android IMSI-Catcher Detector to you:
http://secupwn.github.io/Android-IMSI-Catcher-Detector/. If you can

read


german (or know how to use an online translator), I highly recommend

to

read this to get you started on the basics why our project is so
important:
http://www.kuketz-blog.de/imsi-catcher-erkennung-fuer-android-aimsicd/




E:V:A, the starter of this project and I, as well as a few coders,




writers and security freaks are currently working to develop this app

to


detect and prevent IMSI-Catcher attacks on the Android platform. These



days IMSI-Catchers are "not only" affordable for governments,

but

fairly
easy to build with a rather small amount of money and work - thus
enabling any criminals to intercept your phone calls, read & spoof

your


text messages and do a lot of other kinky scary stuff with YOUR mobile



phone. The purpose of our app is to warn the privacy-aware user that

he

is being subject to surveillance and maybe give some hints on what to

do


next.


Is our app ready to use yet? No, by far not. But hey, we did start!




Feel free to check out our GitHub here:
https://github.com/SecUpwN/Android-IMSI-Catcher-Detector. If you are

one


of those people like me, who is happy to use apps like Xprivacy,
TextSecure, RedPhone and Pry-Fi, don't hesitate to spread the word,

star


this project on GitHub and (if you can) contribute. Our hardest issue

is


yet to come: We are looking out to find people who are able to help

us

deploying the baseband - indicators for an IMSI-Catcher attack are very



subtle, thus we need to digg down very deep into closed-source
internals. Any hint or help to find someone for this is highly appreciated.






In the name of creator E:V:A and myself, as well as the thousands

of


users out there being subject to such heavy surveillance, I would like



to welcome anyone who wants this app to come alive to have a sneak at



the already existing development roadmap as well as on our primary
discussion thread on XDA here:
http://forum.xda-developers.com/showthread.php?t=1422969. Don't be

too

shy to post your constructive criticism, feedback and contributions

into


that thread! Most importantly though, if you know any Android developer



or security enthusiasts, feel free to forward this E-Mail with warmest



recommendations. We are aiming to let this App get added to the the



Surveillance Self-Defense Project of the EFF as well as the list of

apps


recommended by the Guardian-Project.


Thank you very much for checking it out and saving our privacy.




With very much respect to all of you

SecUpwN and E:V:A

______________________________________________________
powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and



secure internet.



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTMzwBAAoJEHdW/pe+q+B4+5UIAJe3dCJ9YC9f2qE3RzaLj+Yb
MrIH1zAqucWmf9WAGiicGgXgdPB8YYTEL5N/VIMkumj4cK6NBg5B6D0UjKbzEHMQ
BSGTgbLLtqQtwIto+TnjabwAvjWL4dlbjGGhyNQl08hl2dMN3bsDUpbMl073ZTT4
d0h+XnxP8l3Z4/EKhE6nuLbg/dQXFzWNZ5J+ubterTz4D3QEpojemY6Ni049ZAnL
eVDmM4NtlAoUgtGi5t+5ZoOaQeiWwLgP1s49DO68aW0mIb8ecSDqvhmiQt/Iz6zC
cRyj7hxLdmMPTbieb45lQuROQrC5m9DaUt/wOrzgrEw4XzDQCl/7UP9QqPj/mog=
=Io+f
-----END PGP SIGNATURE-----




______________________________________________________
powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet.



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/




______________________________________________________
powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet.


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: