lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 27 Mar 2014 10:13:49 +0100
From: "SecUpwN" <secupwn@....biz>
To: "George Nicolaou" <nicolaou.george@...il.com>
Cc: Full Disclosure <fulldisclosure@...lists.org>
Subject: Re: [FD] Android IMSI-Catcher Detector (AIMSICD)


Good morning, George!

> Hey, how are you?

Fine, a little tired, but weather outside rocks. And you? :)

> I've been going through some of your code and want to congratulate you
> on the amazing job you've done so far!

Thank you, I will forward these warm words to our current main developer "xLaMbChOpSx" and Jofre Palau, who coded RawPhone in the first place. As much as I'd like to be the one who coded the stuff that is already there - I haven't. Nevertheless, I'm still learning and will continue to contribute.

> I might be possible to contribute a bit to your project, whenever I can
> squeeze some free time and do what I can to help you through towards
> completing it.

Oh, is that the case? Thank for your offer, you're very welcome to do so!

> These are some of the things I can help you with:
> - - Reverse engineering vendor RILs and/or firmware
> - - Have been playing around with osmocom the past year for some
> pentests and I think it could be ported to Android using direct AT
> commands ( /dev/sc - something, have them written down somewhere... )
> - - Help with some C/C++ coding

If you're not yet registered at XDA, I encourage you to so. You should definately participate in our official development thread here where most of the talking takes place: http://forum.xda-developers.com/showthread.php?t=1422969 - I'll be happy to see you there!

> Have you had a chance to get a look at the replicant spin, they've
> reversed engineer some of the samsung modem interfaces which could be
> helpful. (
> https://gitorious.org/replicant/external_libsamsung-ipc/source/7d789225fbfe14034b2fcc63dd1d1e92f5482dd2:

Would you please re-post this on mentioned XDA-thread? I'm sure others will profit from that, too.

> Let me know what I can do for you, but I cant promise a full time
> commitment.

No worries. Having you here as a support is awesome enough. ;-)


> On 26/03/2014 20:43, SecUpwN wrote:
> >
> > Dear security enthusiasts and developers,
> >
> > as you all may know, smartphones are facing a difficult time with all
>
> the tracing and data collection that is going on. The biggest security
> hole is, beneath the user itself, the network of the providers.
> Providers are making it fairly easy to let smartphones connect to
> IMSI-Catchers, which then in turn are able to listen and record voice
> calls of a victim, even reading their SMS and tapping all communication
> is possible. Of course this is not, where the story ends: Have aread of
>
> this article:
> https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/
>
> to get updated that the NSA is using unmanned drones to detect and KILL
> their targets solely based on metadata (websites, calls, SMS, etc.).
> Those drones do not care whether the targeted person is the "terrorist"
>
> or simply an innocent guy with a borrowed phone in his hands. To get
> back to my point: IMSI-Catchers are a real problem.
> > And since such surveillance is not easily spotted, I would like to
> introduce AIMSICD - the Android IMSI-Catcher Detector to you:
> http://secupwn.github.io/Android-IMSI-Catcher-Detector/. If you can read
>
> german (or know how to use an online translator), I highly recommend to
> read this to get you started on the basics why our project is so
> important:
> http://www.kuketz-blog.de/imsi-catcher-erkennung-fuer-android-aimsicd/
> >
> > E:V:A, the starter of this project and I, as well as a few coders,
>
> writers and security freaks are currently working to develop this app to
>
> detect and prevent IMSI-Catcher attacks on the Android platform. These
> days IMSI-Catchers are "not only" affordable for governments, but
> fairly
> easy to build with a rather small amount of money and work - thus
> enabling any criminals to intercept your phone calls, read & spoof your
>
> text messages and do a lot of other kinky scary stuff with YOUR mobile
> phone. The purpose of our app is to warn the privacy-aware user that he
> is being subject to surveillance and maybe give some hints on what to do
>
> next.
> >
> > Is our app ready to use yet? No, by far not. But hey, we did start!
>
> Feel free to check out our GitHub here:
> https://github.com/SecUpwN/Android-IMSI-Catcher-Detector. If you are one
>
> of those people like me, who is happy to use apps like Xprivacy,
> TextSecure, RedPhone and Pry-Fi, don't hesitate to spread the word, star
>
> this project on GitHub and (if you can) contribute. Our hardest issue is
>
> yet to come: We are looking out to find people who are able to help us
> deploying the baseband - indicators for an IMSI-Catcher attack are very
> subtle, thus we need to digg down very deep into closed-source
> internals. Any hint or help to find someone for this is highly appreciated.
>
> >
> > In the name of creator E:V:A and myself, as well as the thousands of
>
> users out there being subject to such heavy surveillance, I would like
> to welcome anyone who wants this app to come alive to have a sneak at
> the already existing development roadmap as well as on our primary
> discussion thread on XDA here:
> http://forum.xda-developers.com/showthread.php?t=1422969. Don't be too
> shy to post your constructive criticism, feedback and contributions into
>
> that thread! Most importantly though, if you know any Android developer
> or security enthusiasts, feel free to forward this E-Mail with warmest
> recommendations. We are aiming to let this App get added to the the
> Surveillance Self-Defense Project of the EFF as well as the list of apps
>
> recommended by the Guardian-Project.
> >
> > Thank you very much for checking it out and saving our privacy.
> >
> > With very much respect to all of you
> >
> > SecUpwN and E:V:A
> >
> > ______________________________________________________
> > powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and
> secure internet.
> >
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJTMzwBAAoJEHdW/pe+q+B4+5UIAJe3dCJ9YC9f2qE3RzaLj+Yb
> MrIH1zAqucWmf9WAGiicGgXgdPB8YYTEL5N/VIMkumj4cK6NBg5B6D0UjKbzEHMQ
> BSGTgbLLtqQtwIto+TnjabwAvjWL4dlbjGGhyNQl08hl2dMN3bsDUpbMl073ZTT4
> d0h+XnxP8l3Z4/EKhE6nuLbg/dQXFzWNZ5J+ubterTz4D3QEpojemY6Ni049ZAnL
> eVDmM4NtlAoUgtGi5t+5ZoOaQeiWwLgP1s49DO68aW0mIb8ecSDqvhmiQt/Iz6zC
> cRyj7hxLdmMPTbieb45lQuROQrC5m9DaUt/wOrzgrEw4XzDQCl/7UP9QqPj/mog=
> =Io+f
> -----END PGP SIGNATURE-----
>


______________________________________________________
powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet.


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ