UPDATE: 2015-01-14
Call for help to develop an IMSI catcher detector application for Android OS.
Q: What is an IMSI catcher?
A: It is a fake cell tower (aka. Base Transceiver Station, BTS) used to track and monitor specific (groups of) people in the near vicinity of that BTS.
In the light of last years highly publicized events in the many Arabic nations and the German state sponsored rootkit discovery, etc etc. It is of the highest priority to start developing anti/counter-spy applications for the people living in rogue states such as Syria, Iran etc. In addition, it may play an important role in finding (and preventing) other rogue applications that attempt to send silent SMS's to high-cost premium services.
Recently there have been some publicity surrounding the Osmocom BB's, application patch known as "Catcher Catcher" which is used to detect mobile phone tracking and spying, originating from the Mobile Phone Service Provider side. (I.e. something that generally can only be provided by state sponsored government and security forces.)
Relevant links include:
http://bb.osmocom.org/trac/
http://www.youtube.com/watch?v=YWdHSJsEOck
http://events.ccc.de/congress/2011/Fahrplan/events/4736.en.html
http://gsmmap.org/cgi-bin/gsmmap.fcgi?risk=1
http://lab.ks.uni-freiburg.de/projects/imsi-catcher-detection/wiki/Software
http://opensource.srlabs.de/projects/catcher/wiki
For a tutorial on how to compile and help populate the Gsmmap database, see here.
In the News:
http://www.h-online.com/security/ne...iles-and-security-measures-shown-1401668.html
http://www.actualtoday.com/gsm-hacking-osmocom-patch-discovered-silent-sms-and-eavesdropping
This information started 2010 and was extended to last years 28C3 event...
How can you help?
I would very much like to have contact with anyone who can provide more in-depth knowledge how this could possibly be implemented on the AOS. There are several way you can help, eventhough you may not be an expert on HW or even android.
NOTE: This is not to prevent IMSI catchers, but to inform the "victims" that they are being subject to tracking/monitoring.
A few other items:
---
IMPORTANT!
Although this thread is still open, it is no longer updated with relevant info.
Please go to our official GitHub Site for the latest developer news and join
our development efforts in our back rooms...
Although this thread is still open, it is no longer updated with relevant info.
Please go to our official GitHub Site for the latest developer news and join
our development efforts in our back rooms...
For all the latest changes see our CHANGELOG.
For all the latest WIP alpha releases, see RELEASES.
The minimum supported AOS API version is 16, thus
AIMSICD will only work on Jelly Bean 4.1 or later.
---For all the latest WIP alpha releases, see RELEASES.
The minimum supported AOS API version is 16, thus
AIMSICD will only work on Jelly Bean 4.1 or later.
Call for help to develop an IMSI catcher detector application for Android OS.
Q: What is an IMSI catcher?
A: It is a fake cell tower (aka. Base Transceiver Station, BTS) used to track and monitor specific (groups of) people in the near vicinity of that BTS.
In the light of last years highly publicized events in the many Arabic nations and the German state sponsored rootkit discovery, etc etc. It is of the highest priority to start developing anti/counter-spy applications for the people living in rogue states such as Syria, Iran etc. In addition, it may play an important role in finding (and preventing) other rogue applications that attempt to send silent SMS's to high-cost premium services.
Recently there have been some publicity surrounding the Osmocom BB's, application patch known as "Catcher Catcher" which is used to detect mobile phone tracking and spying, originating from the Mobile Phone Service Provider side. (I.e. something that generally can only be provided by state sponsored government and security forces.)
Relevant links include:
http://bb.osmocom.org/trac/
http://www.youtube.com/watch?v=YWdHSJsEOck
http://events.ccc.de/congress/2011/Fahrplan/events/4736.en.html
http://gsmmap.org/cgi-bin/gsmmap.fcgi?risk=1
http://lab.ks.uni-freiburg.de/projects/imsi-catcher-detection/wiki/Software
http://opensource.srlabs.de/projects/catcher/wiki
For a tutorial on how to compile and help populate the Gsmmap database, see here.
In the News:
http://www.h-online.com/security/ne...iles-and-security-measures-shown-1401668.html
http://www.actualtoday.com/gsm-hacking-osmocom-patch-discovered-silent-sms-and-eavesdropping
This information started 2010 and was extended to last years 28C3 event...
How can you help?
I would very much like to have contact with anyone who can provide more in-depth knowledge how this could possibly be implemented on the AOS. There are several way you can help, eventhough you may not be an expert on HW or even android.
- Help populate the Gsmmap database.
- Follow and help/develop the OsmocomBB project.
- Compile OsmocomBB for an Android phone, so that it can be used as a USB host. (Preferably for one of the more popular models like the Samsung galaxy S.)
- Help mapping out the Android baseband AT command set or the internal RIL function, so that we can obtain as many GSM radio parameters as possible.
- Reverse engineer the vendor RIL of the phone above.
- Reverse engineer the Modem firmware so that we can use the phone as a native catcher-catcher.
- Find provide documentation of the closed source modem(s) most used in androids.
- Share other relevant experience you may have in this matter.
- Find or provide links to documentation of anything baseband related, not already widely known!
- Stay legal, or this project will close really quickly!
NOTE: This is not to prevent IMSI catchers, but to inform the "victims" that they are being subject to tracking/monitoring.
A few other items:
- For the Software Change Log, our Github.
- For Phone Support Log, see Post #7 below.
- We have contacted EFF and The Guardian Project and hope to join their efforts and provide support to counter illegal tracking and tapping.
- Thanks to SecUpwN, we now have our own GitHub HERE.
- Have made a preliminary Developer Roadmap.
- Added some important links.
- Licensing Proposal: This will be a community project licensed under a GPLv3 license:
Glossary: (Harald Welte)
The BSS (Base Station Subsystem)
MS (Mobile Station): Your phone
BTS (Base Transceiver Station): The cell tower
BSC (Base Station Controller): Controlling up to hundreds of BTS
BP/CP (Baseband/Cellular Processor): Your phone radio/modem processor (usually an ARM 7/9)
The NSS (Network Sub System)
MSC (Mobile Switching Center): The central switch
HLR (Home Location Register): Database of subscribers
AUC (Authentication Center): Database of authentication keys
VLR (Visitor Location Register): For roaming users
EIR (Equipment Identity Register): To block stolen phones
The BSS (Base Station Subsystem)
MS (Mobile Station): Your phone
BTS (Base Transceiver Station): The cell tower
BSC (Base Station Controller): Controlling up to hundreds of BTS
BP/CP (Baseband/Cellular Processor): Your phone radio/modem processor (usually an ARM 7/9)
The NSS (Network Sub System)
MSC (Mobile Switching Center): The central switch
HLR (Home Location Register): Database of subscribers
AUC (Authentication Center): Database of authentication keys
VLR (Visitor Location Register): For roaming users
EIR (Equipment Identity Register): To block stolen phones
Our Support:
We have as a goal to become a strong supporter of the EFF and The Guardian Project.
Part of all future donations will go to EFF. Intellectual and technological support will
also be given where possible.
We have as a goal to become a strong supporter of the EFF and The Guardian Project.
Part of all future donations will go to EFF. Intellectual and technological support will
also be given where possible.
Attachments
Last edited: