| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Mar 2014 13:11:54 +0100 From: "SecUpwN" <secupwn@....biz> To: "Justin Oberdorf" <justin@...rtsimplesecure.net> Cc: fulldisclosure@...lists.org Subject: Re: [FD] Android IMSI-Catcher Detector (AIMSICD) Hi there, Justin! > The project page states your looking for crowd funding/sourcing. Considering > the mention of whisper systems this seemed obvious. > > https://github.com/WhisperSystems/BitHub Yes, I've been thinking about that, too. Great you suggested it! > Might take some tweaking but designed with bit coin in mind and pays out > per commit. Not exactly what you want, but would help drive incentive for > developers. Hm.. I'll discuss that with the other developers and keep you updated. Thanks! Greetings, SecUpwN > > On Mar 27, 2014 5:36 AM, SecUpwN <secupwn@....biz> wrote: > > Good morning, George! > > > Hey, how are you? > > Fine, a little tired, but weather outside rocks. And you? :) > > > I've been going through some of your code and want to congratulate you > > > on the amazing job you've done so far! > > Thank you, I will forward these warm words to our current main developer > "xLaMbChOpSx" and Jofre Palau, who coded RawPhone in the first > place. As much as I'd like to be the one who coded the stuff that is already > there - I haven't. Nevertheless, I'm still learning and will continue to > contribute. > > > I might be possible to contribute a bit to your project, whenever I > can > > squeeze some free time and do what I can to help you through towards > > > completing it. > > Oh, is that the case? Thank for your offer, you're very welcome to do so! > > > > These are some of the things I can help you with: > > - - Reverse engineering vendor RILs and/or firmware > > - - Have been playing around with osmocom the past year for some > > pentests and I think it could be ported to Android using direct AT > > commands ( /dev/sc - something, have them written down somewhere... > ) > > - - Help with some C/C++ coding > > If you're not yet registered at XDA, I encourage you to so. You should definately > participate in our official development thread here where most of the talking > takes place: http://forum.xda-developers.com/showthread.php?t=1422969 - I'll > be happy to see you there! > > > Have you had a chance to get a look at the replicant spin, they've > > reversed engineer some of the samsung modem interfaces which could > be > > helpful. ( > > https://gitorious.org/replicant/external_libsamsung-ipc/source/7d789225fbfe14034b2fcc63dd1d1e92f5482dd2: > > > Would you please re-post this on mentioned XDA-thread? I'm sure others will > profit from that, too. > > > Let me know what I can do for you, but I cant promise a full time > > commitment. > > No worries. Having you here as a support is awesome enough. ;-) > > > > On 26/03/2014 20:43, SecUpwN wrote: > > > > > > Dear security enthusiasts and developers, > > > > > > as you all may know, smartphones are facing a difficult time with > all > > > > the tracing and data collection that is going on. The biggest security > > > hole is, beneath the user itself, the network of the providers. > > Providers are making it fairly easy to let smartphones connect to > > IMSI-Catchers, which then in turn are able to listen and record voice > > > calls of a victim, even reading their SMS and tapping all communication > > > is possible. Of course this is not, where the story ends: Have aread > of > > > > this article: > > https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/ > > > > > to get updated that the NSA is using unmanned drones to detect and KILL > > > their targets solely based on metadata (websites, calls, SMS, etc.). > > > Those drones do not care whether the targeted person is the "terrorist" > > > > > or simply an innocent guy with a borrowed phone in his hands. To get > > > back to my point: IMSI-Catchers are a real problem. > > > And since such surveillance is not easily spotted, I would like > to > > introduce AIMSICD - the Android IMSI-Catcher Detector to you: > > http://secupwn.github.io/Android-IMSI-Catcher-Detector/. If you can > read > > > > german (or know how to use an online translator), I highly recommend > to > > read this to get you started on the basics why our project is so > > important: > > http://www.kuketz-blog.de/imsi-catcher-erkennung-fuer-android-aimsicd/ > > > > > > > E:V:A, the starter of this project and I, as well as a few coders, > > > > > writers and security freaks are currently working to develop this app > to > > > > detect and prevent IMSI-Catcher attacks on the Android platform. These > > > days IMSI-Catchers are "not only" affordable for governments, > but > > fairly > > easy to build with a rather small amount of money and work - thus > > enabling any criminals to intercept your phone calls, read & spoof > your > > > > text messages and do a lot of other kinky scary stuff with YOUR mobile > > > phone. The purpose of our app is to warn the privacy-aware user that > he > > is being subject to surveillance and maybe give some hints on what to > do > > > > next. > > > > > > Is our app ready to use yet? No, by far not. But hey, we did start! > > > > > Feel free to check out our GitHub here: > > https://github.com/SecUpwN/Android-IMSI-Catcher-Detector. If you are > one > > > > of those people like me, who is happy to use apps like Xprivacy, > > TextSecure, RedPhone and Pry-Fi, don't hesitate to spread the word, > star > > > > this project on GitHub and (if you can) contribute. Our hardest issue > is > > > > yet to come: We are looking out to find people who are able to help > us > > deploying the baseband - indicators for an IMSI-Catcher attack are very > > > subtle, thus we need to digg down very deep into closed-source > > internals. Any hint or help to find someone for this is highly appreciated. > > > > > > > > > In the name of creator E:V:A and myself, as well as the thousands > of > > > > users out there being subject to such heavy surveillance, I would like > > > to welcome anyone who wants this app to come alive to have a sneak at > > > the already existing development roadmap as well as on our primary > > discussion thread on XDA here: > > http://forum.xda-developers.com/showthread.php?t=1422969. Don't be > too > > shy to post your constructive criticism, feedback and contributions > into > > > > that thread! Most importantly though, if you know any Android developer > > > or security enthusiasts, feel free to forward this E-Mail with warmest > > > recommendations. We are aiming to let this App get added to the the > > > Surveillance Self-Defense Project of the EFF as well as the list of > apps > > > > recommended by the Guardian-Project. > > > > > > Thank you very much for checking it out and saving our privacy. > > > > > > > With very much respect to all of you > > > > > > SecUpwN and E:V:A > > > > > > ______________________________________________________ > > > powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and > > > secure internet. > > > > > > > > > _______________________________________________ > > > Sent through the Full Disclosure mailing list > > > http://nmap.org/mailman/listinfo/fulldisclosure > > > Web Archives & RSS: http://seclists.org/fulldisclosure/ > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v2.0.17 (MingW32) > > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > > > iQEcBAEBAgAGBQJTMzwBAAoJEHdW/pe+q+B4+5UIAJe3dCJ9YC9f2qE3RzaLj+Yb > > MrIH1zAqucWmf9WAGiicGgXgdPB8YYTEL5N/VIMkumj4cK6NBg5B6D0UjKbzEHMQ > > BSGTgbLLtqQtwIto+TnjabwAvjWL4dlbjGGhyNQl08hl2dMN3bsDUpbMl073ZTT4 > > d0h+XnxP8l3Z4/EKhE6nuLbg/dQXFzWNZ5J+ubterTz4D3QEpojemY6Ni049ZAnL > > eVDmM4NtlAoUgtGi5t+5ZoOaQeiWwLgP1s49DO68aW0mIb8ecSDqvhmiQt/Iz6zC > > cRyj7hxLdmMPTbieb45lQuROQrC5m9DaUt/wOrzgrEw4XzDQCl/7UP9QqPj/mog= > > =Io+f > > -----END PGP SIGNATURE----- > > > > > ______________________________________________________ > powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet. > > > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > ______________________________________________________ powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists