Anyone know if this Android "fake IMSI catchers" software works & exists for iOS?

Does anyone use this "IMSI-Catcher Detector" on their mobile device? Does it work? Is there an equivalent for iOS?

Description: Detect fake base stations (IMSI-Catchers) in GSM/UMTS Networks.

Site:

formatting link

Freeware:

formatting link

Reply to
Arthur Jones
Loading thread data ...

Here is my analysis:

This goal is certainly doable: a. Collects relevant RF related variables using public AOS API calls. (LAC, CID, TA etc)

This simply won't be enough: b. Collects detailed BTS information from a pulic database such as OpenCellID or Mozilla Location Services

Say the cops/NSA/whomever set up a fake tower but give it connectivity. That is, they set up a man in the middle tower. You sniff it and it isn't in the database. So what do you do? Do you log it as a new tower? Hey, maybe it is new, or maybe it is a Stingray.

If you attend some event, the odds are there will be a COW. Do you log it?

No problem: c. Save everything in our SQLite database

This is a good idea, but everybody should block SMS at the carrier: d. Detect hidden/silent (Type-0) SMS's

Who knows if this can be done: e. Detect hidden App installations (Googles INSTALL/REMOVE_ASSET)

I think the fundamental problem with IMSI catching is getting a reliable database. The carriers don't provide this database since it would be useful to the competition. [We know blah blah blah only has so many towers because blah blah blah's database says so.]

Potentially a MVNO might be able to provide a IMSI sniffer capable service.

Reply to
miso

The similar Roaming Info reports when the carrier has changed on you.

formatting link

Reply to
Andrew Beckett

There is also a GSM security mapper available for some devices.

formatting link

Reply to
Andrew Beckett

I agree.

Not likely. And, it's ok not to be 100% anyway.

Again, less likely than a real tower. And, again, doesn't need to be 100%, just like anti virus heuristics aren't 100%.

Two ways to create a "reliable" database, in so much as /any/ database is reliable. First is to use known published databases (for example fcc databases) and second is to check with openness (crowd sourcing).

Lots of databases are maintained that way.

Reply to
Arthur Jones

I just installed the imsi catcher detector on my android phone. It reports a single screen with three items on the screen.

formatting link

I'm not sure what I'm supposed to do with that information though. How can I tell it's a /real/ tower or not?

Reply to
Andrew Beckett

An even more relevant question since this is an iPhone forum; is there such an app for iPhone?

Reply to
BobbyK

It should exist, since an iPhone is just as vulnerable to cell tower spoofing as an Android phone.

I've been testing the two apps on Android, and while imsi catcher detector reports the cellphone tower, what I really want is a /log/ of the changes.

Then, all I'd want is a pop up when a cellphone tower is deemed suspicious (based on a given set of conditions).

Neither of the three free apps I tested do that, but, two of the three I tested (1 and 2 below) tell you a lot of cell tower information, while I couldn't get the third to tell me anything, and the fourth free app only works on rooted Samsung phones.

  1. wigle
  2. imsi catcher detector
  3. roaming info
  4. gsmmap
Reply to
Andrew Beckett

Andrew Beckett wrote

The problem is whether iOS allows the app access to the data that it needed to decide if it?s a fake IMSI catcher.

I ran into that problem with something as simple as an OBDII adapter for cars which allow you to see the engine diagnostic codes and sensor data on a phone or tablet. The ones that use bluetooth don?t work with iphones and ipads because of the detail of how bluetooth is done by iOS. They work fine with android phones and tablets.

Reply to
Rod Speed

Here's a quick summary of my testing, after a day:

  1. wigle => reports the current cell tower (lots of numbers)
  2. imsi catcher detector => reports the current cell tower
  3. roaming info => I can't figure out what this one does
  4. gsmmap => only works on rooted Samsung devices

None of them, to my knowledge, pop up a warning when/if the tower does something funky, and none leave a log that I know of for you to manually check.

Given that you have to check in real time, they're not all that useful.

But, it's a start.

Reply to
Andrew Beckett

I'm assuming you haven't been reading everything on alt.internet.wireless, especially since this thread is cross posted.

For all intents and purposes, there is no FCC database. Not since 2003. The FCC grants a regional license. If the cellular provider can get their tower past the local authority (planning commission, city council, county, whatever), the FCC is fine with that, provided it is in the geographical region. There are problem some rules with towers near the border of the region, but basically the FCC is hands off.

There is a Google database of tower locations, and it is shit.

COWS are quite common.

Reply to
miso

"IMSI catcher catcher" StingRay counter surveillance project proposal from

formatting link
in Madrid, Spain now open for international comments at http:// goo.gl/iKPwQ8

We are looking for partners in every European country interested in R&D and judicial actions, in an European Economic Interest Grouping (EEIG), or wit h a contract to negotiate in each case but now we appreciate comments and p roposals considering the draft at

formatting link

After years researching and expert witnessing on counter surveillance right now we work on

  1. Any technology or equipment that can get audio or metadata from GSM mobi le phones
  2. Any instrument useful to detect IMSI catchers or StingRay or fake GSM ba se stations
  3. Any expert witnessing approach for Courts of Law while and after any GSM surveillance considering telcos responsibilities on their customers and co nsumers damages and risks.

Norway, Sweden, Finland and Germany noticed fake base stations with cheap s ystems used by journalists unofficially but in Spain there is a criminal ca se with evidences of illegal use of an IMSI catcher or StingRay in Madrid, so we have the chance to expert witness and learn about judiciary limits re

link

formatting link
kJbA/edit?pli=1

IMSI catching is also competition. Whatever is legal for one, must be also legal for everybody, but when a Court forbids an activity, it must be forbi dden for everybody. The Government must use IMSI catchers for law enforceme nt only for legal purposes, but if public officials use anything like that for their own profit or to protect personal interests, the crime is on thei r side. We suspect why some officials in Spain are 'desperately' trying to hide use of surveillance cell towers.

We are ready to make a complaint about application of European Union law co nsidering DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNC IL of 25 November 2009 amending Directive 2002/22/EC on universal service a nd users' rights relating to electronic communications networks and service s, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulatio n (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (risks to personal securit y, which may for example arise from disclosure of personal information in c ertain circumstances, as well as risks to privacy and personal data) as wel l as enquiries and complaints about application of Union law at

formatting link
as you can see in our draft (in Spanish but ready for automatic translation to any language) at
formatting link

152o/edit

If you are interested or you can recommend customers, partners o sponsors i n any country please send a message to Eng. Miguel Gallardo E-mail: cita902 snipped-for-privacy@gmail.com or call us by phone +34 902998352 CITA & APEDANICA from 9 am to 11 pm Madri d time or just comment this document draft using the option up-right "comments" at

formatting link
tLow/edit Short link at
formatting link
We shall appreciate broadcasting in Twitter mentioning @miguelencita

Reply to
cita902998352

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.