Skip to content

CellularPrivacy/Android-IMSI-Catcher-Detector

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

1cbc244 · Jul 3, 2014
Jul 3, 2014
Jun 14, 2014
Apr 11, 2014
Jun 29, 2014
Jun 12, 2014
Jun 14, 2014
Apr 8, 2014
Nov 23, 2013
Jun 20, 2014
Jun 13, 2014
Jun 30, 2014
Apr 11, 2014
Apr 11, 2014
Apr 25, 2014
Apr 11, 2014

Repository files navigation

Android IMSI-Catcher Detector (AIMSICD)

[alternative name: IMSI-Cure - pronounced I'm-Secure]

Android-based project to detect and (hopefully one day) avoid fake base stations (IMSI-Catchers) in GSM/UMTS Networks. Sounds cool and security is important to you? Feel free to contribute! ;-)

German Article about our Project: IMSI-Catcher Erkennung für Android – AIMSICD.

AIMSICD-Status


Index


Introduction

Both law enforcement agencies and criminals use IMSI-Catchers, which are false mobile towers acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man In the Middle (MITM) attack. The FBI or local police might deploy the device at a protest to obtain a record of everyone who attended with a cell phone. In the USA this technology is known under the name "StingRay", which is even capable to track the people who are traveling together with an owner of a targeted phone across the country. IMSI-Catchers can allow adversaries to intercept your conversations, text messages, and data. Police can also use them to determine your location, or to find out who is in a given geographic area at what time. Identity thieves might sit with an IMSI-Catcher in a parked car in a residential neighborhood, stealing passwords or credit card information from people nearby who make purchases on their phones. All of this surveillance happens in secret.

Powerful, expensive IMSI-Catchers are in use at federal agencies and some police departments. And if you think that IMSI-Catchers are not used in your own town, think twice! If you ever happen to be near a riot or demonstration, pay close attention to cars with numerous (tiny) antennas on their roof - those might be IMSI-Catchers. But most of the time you won't even discover these creepy devices - current technology shrinks them to be as tiny as your phone!

DEF CON 18: Practical Cellphone Spying

YouTube: DEF CON 18 - Practical Cellphone Spying with Kristin Paget

Unfortunately it seems that IMSI-Catchers have been exponentially popular lately, with an explosion of various "bastards" with governments and criminals all the same, using it. Anyone can now buy an IMSI-Catcher (or build a cheap one on his own). Sending spam and phishing SMS via fake base stations is already a lucrative underground market, particularly in Russia, China and Brazil (see The Mobile CybercriminalUnderground Market in China). For example in China, 1.530 people got arrested for using this kind of equipment. Just recently, hackers decided to start reverse-engineering the NSA toolset and are releasing tools like TWILIGHTVEGETABLE - an easy to use, boot and pwn toolkit for passive monitoring of GSM communications. It's just a matter of time of when your own neighbor will spy on you with simple self-build tools!

In addition, they can all crack A5/1 encryption which is most commonly used for GSM traffic on the fly (passively)! Only the latest A5/3 encryption which is used for securing mobile data (4G and 3G) and is offered as new security standard for GSM encryption remains secure in practice while susceptible to theoretical attacks. Although A5/3 withstands passive eavesdropping, it can be bypassed by deploying an IMSI-Catcher which can force a mobile device into 2G mode and downgrade then the encryption to A5/1 or disable it. There are almost no phones on the market which offer an option to check what kind of encryption is used to secure GSM traffic. The only way to protect a mobile device from downgrade attacks is to disable 2G if this option is available. In this case the phone will not be able to receive or make calls in areas without 3G coverage. This is why the original author named "E:V:A" started this project. Let's detect and protect against these threats! Never think that you've got "nothing to hide". You'll very likely regret it one day.


Curious? Want to know what IMSI-Catchers can look like?

  • Current IMSI-Catchers can be as tiny as the portable Septier IMSI-Catcher Mini now:
  • Below, the smartphone takes up the most space. IMSI-Catchers will even get smaller!

Septier IMSI-Catcher Mini

  • This picture has been taken during the riots on Taksim Square in Instanbul:

IMSI-Catcher during the riots on Taksim Square

  • Above example is way too conspicuous and you'll likely never encounter one of these.
  • Todays IMSI-Catchers can be body-worn, or are hidden inside comfortable Spy-Vehicles:

Comfort inside IMSI-Catcher vehicle


Development Roadmap

Make an empty "shell" App that:
  • a. collects relevant RF related variables using public API calls. (LAC etc)
  • b. puts them in an SQLite database
  • c. catches hidden SMS's
  • d. catches hidden App installations
Make another empty "shell" App (or module) that:
  • e. opens a device local terminal root shell
  • f. uses (e.) to connect to the modem AT-Command Processor ATCoP via shared memory interface SHM
  • g. displays the results from sent AT commands
  • CRUCIAL to our project: Please help E:V:A develop a Native AT Command Injector!
[Possibly] Make another App that:
  • h. use the OTG (USB-host-mode) interface to use FTDI serial cable to interface with another OsmocomBB compatible phone (using Android host as a GUI host)
  • i. uses the "CatcherCatcher" detector SW on the 2nd phone
  • j. can inject fake 2G GSM location data
  • k. find out how to access L0-L2 data using the ATCoP connection
  • l. use a statistical algorithm (and smart thinking) on the DB data to detect rogue IMSI catchers
  • m. combine all of the above (steps h to l) into a BETA App for testing, add more languages
  • n. improve BETA app by adding (many more) things like IMSI-Catcher counter measures

Goals (please read carefully!)

This project:

  • Detects IMSI based device location tracking
  • Provides counter measures against device tracking
  • Can provide swarm-wise-decision-based cellular service interruption
  • Can provide secure wifi/wimax alternative data routes through MESH-like networking
  • Detect and prevent remote hidden application installation
  • Detect and prevent remote hidden SMS-based SIM attacks
  • Prevent or spoof GPS data
  • Does NOT secure any data transmissions
  • Does NOT prevent already installed rogue application from full access
  • Aims to be added to the Guardian Project's list of secure Apps
  • Aims to be recommended by the SSD Project of the Electronic Frontier Foundation

Other projects (NOT this one):

  • Provide full device encryption
  • Provide secure application sand-boxing
  • Provide secure data transmission
  • Provide firewalls (awesome solution: AFWall+)

Disclaimer

For our own safety, here's our Disclaimer. In short terms: Think before you act! We're untouchable.


Bug Tracker

Found a bug? Please carefully follow our guide on how to correctly submit Issues!


Support

Although this project is fully Open Source, developing AIMSICD is a lot of work and done by enthusiastic people during their free time. If you're a developer yourself, we welcome you with open arms! To keep developers in a great mood and support development, please consider making a fully anonymous donation through sending DarkCoin to our new OFFICIAL DONATION ADDRESS: XxEJvrYtkTZzvMUjtbZwPY34MyCGHSu4ys

All collected donations will be split into appropriate pieces and directly sent to developers who contribute useful code. The amount of DarkCoins each developer receives will vary with the value of each merged commit. To be perfectly clear: We will NOT reward junk, only awesome stuff. If you are unsure how to do this, visit our WIKI-Page on Anonymous Donations.


License

This project is completely licensed under GPL v3+.


Credits & Greetings

Our project would not have been possible without these awesome people. HUGE THANKS! ;-)

This list will be updated as our project evolves and shall be included within the final app.


Websites about security worth checking out: