top | item 8111111

(no title)

Hello, everyone! Since Google does not seem to be interested in fixing the huge security hole of not showing a ciphering indicator on Android, it appears as if they get paid (or are forced to) not fix it. For all of you that are sick of getting spied on through IMSI-Catchers, Silent SMS and alike and want to do something about it, here's a great project you should check out: "The Android-IMSI-Catcher-Detector" (AIMSICD). It is an Android open-source based project to detect and (hopefully one day) avoid fake base stations (IMSI-Catchers) or other base-stations (mobile antennas) with poor/no encryption.

This project aims to warn users if the ciphering is turned off and also enables several other protection-mechanisms. Since it is under constant development, they are constantly searching for testers and security-enthusiastic developers with balls. Don't be shy, feel free to contribute, in any way you can on GitHub: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector

discuss

telecuda|11 years ago

Thanks for working on this important project! Maybe I missed this in reading your site, but how do you know it detects fake base stations? Have you been able to test it against a Stingray, or are you basing the app on a set of assumptions derived from recently leaked product specs?

andor|11 years ago

Their development roadmap has some details, not all of which seem viable. They want to make 2-3 apps:

1. Detect hidden SMS and (SIM card?) app installations through public APIs. I don't think this will work.

2. Send AT commands to the baseband processor and use the results to detect anomalies. My guess is that the baseband doesn't expose enough information for this to work.

3. Connect to an OsmocomBB phone running CatcherCatcher [0] via USB. This should work, since CatcherCatcher seems to work.

[0] https://opensource.srlabs.de/projects/mobile-network-assessm...

mike_hearn|11 years ago

> it appears as if they get paid (or are forced to) not fix it

Occam's Razor says ... perhaps they believe 99.9% of people do not care and are not capable of understanding which encryption standard is being used to communicate with their base station, and thus Google prefers to focus its efforts on things that 99.9% of people would consider when buying a phone?

slashdotaccount|11 years ago

I don't think so. As a matter of fact, the Issue of not having a ciphering indicator within Android has been filed on December 10, 2009! But see for yourself: https://code.google.com/p/android/issues/detail?id=5353

unknown|11 years ago

[deleted]

tmosleyIII|11 years ago

It isn't an Android only thing, all devices will be found and you would not know.

rinon|11 years ago

However, rooting and interfacing with underlying hardware is significantly harder on other platforms.

nradov|11 years ago

Do you intend to add CDMA support?

E3V3A|11 years ago

We had partial CDMA support with an extra feature to detect Verizon Pico/Micro (?) cells. However, the lack of CDMA testers put this on hold.

slashdotaccount|11 years ago

This entirely depends on peoples contributions on GitHub.