Mitigation? Effectively none for end-users. You can always monitor your connection and if you go down to 2G, run. But no one does that. You can also test each and every app on your phone to ensure:
a) It's using HTTPS for every request / response which is rendered in the app &
b) It's validating the server public. This one's easier said than done and well beyond the capabilities of most pen-testers. They might think they have it covered but rarely test for all man in the middle conditions.
I've not looked at it in detail, but someone I know tried out Network Signal Info on Android claiming it could help detect a femtocell attack:
However, they didn't really know what the app was telling them and kept accusing me of running a femtocell so I wasn't impressed. As far as I'm concerned it's an interesting app to use in attempting to get a confession out of someone you are pretty sure is running a femtocell but likely if that person is running a femtocell they wouldn't "fall for it."
patcheudor|10 years ago
https://webcache.googleusercontent.com/search?q=cache:7r-Vd2...
Mitigation? Effectively none for end-users. You can always monitor your connection and if you go down to 2G, run. But no one does that. You can also test each and every app on your phone to ensure:
a) It's using HTTPS for every request / response which is rendered in the app & b) It's validating the server public. This one's easier said than done and well beyond the capabilities of most pen-testers. They might think they have it covered but rarely test for all man in the middle conditions.
I've not looked at it in detail, but someone I know tried out Network Signal Info on Android claiming it could help detect a femtocell attack:
https://play.google.com/store/apps/details?id=de.android.tel...
However, they didn't really know what the app was telling them and kept accusing me of running a femtocell so I wasn't impressed. As far as I'm concerned it's an interesting app to use in attempting to get a confession out of someone you are pretty sure is running a femtocell but likely if that person is running a femtocell they wouldn't "fall for it."