Does anyone use this "IMSI-Catcher Detector" on their mobile device? Does it work? Is there an equivalent for iOS?
Description: Detect fake base stations (IMSI-Catchers) in GSM/UMTS Networks.
Site:
Freeware:
Does anyone use this "IMSI-Catcher Detector" on their mobile device? Does it work? Is there an equivalent for iOS?
Description: Detect fake base stations (IMSI-Catchers) in GSM/UMTS Networks.
Site:
Freeware:
Here is my analysis:
This goal is certainly doable: a. Collects relevant RF related variables using public AOS API calls. (LAC, CID, TA etc)
This simply won't be enough: b. Collects detailed BTS information from a pulic database such as OpenCellID or Mozilla Location Services
Say the cops/NSA/whomever set up a fake tower but give it connectivity. That is, they set up a man in the middle tower. You sniff it and it isn't in the database. So what do you do? Do you log it as a new tower? Hey, maybe it is new, or maybe it is a Stingray.
If you attend some event, the odds are there will be a COW. Do you log it?
No problem: c. Save everything in our SQLite database
This is a good idea, but everybody should block SMS at the carrier: d. Detect hidden/silent (Type-0) SMS's
Who knows if this can be done: e. Detect hidden App installations (Googles INSTALL/REMOVE_ASSET)
I think the fundamental problem with IMSI catching is getting a reliable database. The carriers don't provide this database since it would be useful to the competition. [We know blah blah blah only has so many towers because blah blah blah's database says so.]
Potentially a MVNO might be able to provide a IMSI sniffer capable service.
The similar Roaming Info reports when the carrier has changed on you.
There is also a GSM security mapper available for some devices.
I agree.
Not likely. And, it's ok not to be 100% anyway.
Again, less likely than a real tower. And, again, doesn't need to be 100%, just like anti virus heuristics aren't 100%.
Two ways to create a "reliable" database, in so much as /any/ database is reliable. First is to use known published databases (for example fcc databases) and second is to check with openness (crowd sourcing).
Lots of databases are maintained that way.
I just installed the imsi catcher detector on my android phone. It reports a single screen with three items on the screen.
I'm not sure what I'm supposed to do with that information though. How can I tell it's a /real/ tower or not?
An even more relevant question since this is an iPhone forum; is there such an app for iPhone?
It should exist, since an iPhone is just as vulnerable to cell tower spoofing as an Android phone.
I've been testing the two apps on Android, and while imsi catcher detector reports the cellphone tower, what I really want is a /log/ of the changes.
Then, all I'd want is a pop up when a cellphone tower is deemed suspicious (based on a given set of conditions).
Neither of the three free apps I tested do that, but, two of the three I tested (1 and 2 below) tell you a lot of cell tower information, while I couldn't get the third to tell me anything, and the fourth free app only works on rooted Samsung phones.
Andrew Beckett wrote
The problem is whether iOS allows the app access to the data that it needed to decide if it?s a fake IMSI catcher.
I ran into that problem with something as simple as an OBDII adapter for cars which allow you to see the engine diagnostic codes and sensor data on a phone or tablet. The ones that use bluetooth don?t work with iphones and ipads because of the detail of how bluetooth is done by iOS. They work fine with android phones and tablets.
Here's a quick summary of my testing, after a day:
None of them, to my knowledge, pop up a warning when/if the tower does something funky, and none leave a log that I know of for you to manually check.
Given that you have to check in real time, they're not all that useful.
But, it's a start.
I'm assuming you haven't been reading everything on alt.internet.wireless, especially since this thread is cross posted.
For all intents and purposes, there is no FCC database. Not since 2003. The FCC grants a regional license. If the cellular provider can get their tower past the local authority (planning commission, city council, county, whatever), the FCC is fine with that, provided it is in the geographical region. There are problem some rules with towers near the border of the region, but basically the FCC is hands off.
There is a Google database of tower locations, and it is shit.
COWS are quite common.
"IMSI catcher catcher" StingRay counter surveillance project proposal from
We are looking for partners in every European country interested in R&D and judicial actions, in an European Economic Interest Grouping (EEIG), or wit h a contract to negotiate in each case but now we appreciate comments and p roposals considering the draft at
After years researching and expert witnessing on counter surveillance right now we work on
Norway, Sweden, Finland and Germany noticed fake base stations with cheap s ystems used by journalists unofficially but in Spain there is a criminal ca se with evidences of illegal use of an IMSI catcher or StingRay in Madrid, so we have the chance to expert witness and learn about judiciary limits re
link
IMSI catching is also competition. Whatever is legal for one, must be also legal for everybody, but when a Court forbids an activity, it must be forbi dden for everybody. The Government must use IMSI catchers for law enforceme nt only for legal purposes, but if public officials use anything like that for their own profit or to protect personal interests, the crime is on thei r side. We suspect why some officials in Spain are 'desperately' trying to hide use of surveillance cell towers.
We are ready to make a complaint about application of European Union law co nsidering DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNC IL of 25 November 2009 amending Directive 2002/22/EC on universal service a nd users' rights relating to electronic communications networks and service s, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulatio n (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (risks to personal securit y, which may for example arise from disclosure of personal information in c ertain circumstances, as well as risks to privacy and personal data) as wel l as enquiries and complaints about application of Union law at
If you are interested or you can recommend customers, partners o sponsors i n any country please send a message to Eng. Miguel Gallardo E-mail: cita902 snipped-for-privacy@gmail.com or call us by phone +34 902998352 CITA & APEDANICA from 9 am to 11 pm Madri d time or just comment this document draft using the option up-right "comments" at
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.