Hello, everyone! Since Google does not seem to be interested in fixing the huge security hole of not showing a ciphering indicator on Android, it appears as if they get paid (or are forced to) not fix it. For all of you that are sick of getting spied on through IMSI-Catchers, Silent SMS and alike and want to do something about it, here's a great project you should check out: "The Android-IMSI-Catcher-Detector" (AIMSICD). It is an Android open-source based project to detect and (hopefully one day) avoid fake base stations (IMSI-Catchers) or other base-stations (mobile antennas) with poor/no encryption.
This project aims to warn users if the ciphering is turned off and also enables several other protection-mechanisms. Since it is under constant development, they are constantly searching for testers and security-enthusiastic developers with balls. Don't be shy, feel free to contribute, in any way you can on GitHub: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector
Thanks for working on this important project! Maybe I missed this in reading your site, but how do you know it detects fake base stations? Have you been able to test it against a Stingray, or are you basing the app on a set of assumptions derived from recently leaked product specs?
Their development roadmap has some details, not all of which seem viable. They want to make 2-3 apps:
1. Detect hidden SMS and (SIM card?) app installations through public APIs. I don't think this will work.
2. Send AT commands to the baseband processor and use the results to detect anomalies. My guess is that the baseband doesn't expose enough information for this to work.
3. Connect to an OsmocomBB phone running CatcherCatcher [0] via USB. This should work, since CatcherCatcher seems to work.
We're merely using any possible way to overcome the ridiculous AOS limitations on displaying highly important and relevant network variables and data. One of those is the Ciphering Indicator that has been 3GPP "required" for the last 10-15 years, but which Google and most Network providers choose to ignore. (Since they didn't wanna implement better encryption, until very recently.) Another is finding the Timing Advance and various Network (RRC) Timers.
(1) There are several types of silent SMS, most of which are already detectable and there is nothing strange with that. It does need further testing for a greater variety of devices, and to see what would happen on a real IMSI catcher.
(2) Your guess is partially right, since it is strongly HW dependent, some basebands expose everything (MTK) and other (Qualcomm) expose very little, since they have their own protocols (DM/QMI). But the SIM card filesystem does provide useful info. So a combination of AT commands, SIM card readings and also API access to Service Mode (Samsung) menus, can provide all that we need and more. But it is a rather technical challenge for our developers to do this, and for me to collect all support material needed.
(3) OBB support would be trivial, but we're not really proposing this. Very few people would bother going through the pain of finding an appropriate OBB compatible phone, less implementing it as a piggy-back to an Android. So unless some OBB developer serves the required Java + binaries to us on a silver platter, this will not be a feature of AIMSICD.
Well, the development roadmap is just what it says: A roadmap. Essentially this shall be one, unified App in the final end. And that is exactly the reason why it's open source: Your contributions shall help the project evolve and add all these things.
> it appears as if they get paid (or are forced to) not fix it
Occam's Razor says ... perhaps they believe 99.9% of people do not care and are not capable of understanding which encryption standard is being used to communicate with their base station, and thus Google prefers to focus its efforts on things that 99.9% of people would consider when buying a phone?
You probably shouldn't put the EFF, Guardian Project and Privacy International logos so prominently on your website if you are not affiliated with or supported by those projects.
Sadly, this Project is not yet officially supported by them. But it is one of the GOALS to support FF, Guardian Project and Privacy International. Not necessarily the other way around. :)
This reminds me of the early days of GSM where Nokia phones showed a broken lock icon if the air interface between the mobile phone and the base station did not use encryption. At the time at least France had disabled the encryption and the indicator caused some interesting discussions.
2G is insecure regardless of whether encryption has been turned off or not, it can be decrypted on the fly with very modest hardware so the indicator telling you what connection you have is as good as telling you whether it is "secure" or not.
> Detect hidden SMS
Not really feasible - there are tons of different types of "hidden" sms that are routinely used by the network but can be spoofed by a third party.
> Detect SIM card app installations through public APIs
This won't work unless it is rooted and this messages have to be signed from the network anyway.
It seems only 2G connection is crackable. Are we safe as long as the device is on 3G/4G network? We should just disable cellular radio when you see the device is on 2G suspiciously in the middle of city(around demonstrations, I suppose)
I'm just going to quote the GitHub README here: "Although A5/3 withstands passive eavesdropping, it can be bypassed by deploying an IMSI-Catcher which can force a mobile device into 2G mode and downgrade then the encryption to A5/1 or disable it."
Here is the best hint I can give you: LEAVE YOUR PHOEN AT HOME when you really have to participate in demonstrations! The main reason why the use of IMSI-Catchers, Stingrays and alike is such a popular tactic for law enforcement agencies is because people are not SMART ENOUGH to think ahaed and leave their phones at home!
No solution for you? Well then, at the very least make yourself your own signal blocking pouch to fully block all Silent SMS: www.killyourphone.com
How will they outlaw an open-source project? They can "outlaw" all they want, they're already doing what they want, when they want it. It's time for the brave people out there to fight back! Have some balls and stand against the massive abuse of your most private data!
Look at the attempts to outlaw apps like Trapster. You give away the position of speed traps and DUI checkpoints and cops don't like that.
Last I heard, Trapster was forced to remove DUI checkpoints to stay on the app store. That was after attempts to rule it illegal in court failed. Same result. Crowdsourced DUI checkpoint apps are effectively gone if the stores don't have them. If only a few sideloaders have them, then there's no crowd to source.
This would work in a similar manner, but would expose the cops' fake cell towers. I fully expect this to suffer a similar fate.
That is not to say I don't like the project. I commented just so I could find it again in the future :)
That is exactly the reason why we keep this porject as open-source as possible, have a disclaimer for it which basically tells YOU to be responsible what you do with the code and most importantly, we are on NO STORE, especially not GooglePlay. If an App moves to GooglePlay and does something that not plays by the rediculous "rules" (serach for what happened to the awesome HushSMS), they're kicked.
Also, as much as I appreciate your comment just to find this thread later on, this is NOT the official discussion of the App. I HIGHLY recommend just starring the GitHub and (if you have balls) contribute to it's success by submitting pull requests. Thanks for listening, spread the link to the GitHub in all social media and places where potential developers and good Hackers hang out! ;-)
Of course law enforcements won't like the Project. Of course there will always be people in this world who think they can do whatever they want, when they want it and kill people using fully automated drones with IMSI-Catchers on board. But why should we think we "can't do anything"? We are the people, we have RIGHTS! So grab your balls and contribute! Oh, and for the shy ones, here's the disclaimer: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/blo...
This project aims to warn users if the ciphering is turned off and also enables several other protection-mechanisms. Since it is under constant development, they are constantly searching for testers and security-enthusiastic developers with balls. Don't be shy, feel free to contribute, in any way you can on GitHub: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector