lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Mar 2014 19:43:35 +0100
From: "SecUpwN" <secupwn@....biz>
To: <fulldisclosure@...lists.org>
Subject: [FD] Android IMSI-Catcher Detector (AIMSICD)


Dear security enthusiasts and developers,

as you all may know, smartphones are facing a difficult time with all the tracing and data collection that is going on. The biggest security hole is, beneath the user itself, the network of the providers. Providers are making it fairly easy to let smartphones connect to IMSI-Catchers, which then in turn are able to listen and record voice calls of a victim, even reading their SMS and tapping all communication is possible. Of course this is not, where the story ends: Have aread of this article: https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/ to get updated that the NSA is using unmanned drones to detect and KILL their targets solely based on metadata (websites, calls, SMS, etc.). Those drones do not care whether the targeted person is the "terrorist" or simply an innocent guy with a borrowed phone in his hands. To get back to my point: IMSI-Catchers are a real problem.
And since such surveillance is not easily spotted, I would like to introduce AIMSICD - the Android IMSI-Catcher Detector to you: http://secupwn.github.io/Android-IMSI-Catcher-Detector/. If you can read german (or know how to use an online translator), I highly recommend to read this to get you started on the basics why our project is so important: http://www.kuketz-blog.de/imsi-catcher-erkennung-fuer-android-aimsicd/

E:V:A, the starter of this project and I, as well as a few coders, writers and security freaks are currently working to develop this app to detect and prevent IMSI-Catcher attacks on the Android platform. These days IMSI-Catchers are "not only" affordable for governments, but fairly easy to build with a rather small amount of money and work - thus enabling any criminals to intercept your phone calls, read & spoof your text messages and do a lot of other kinky scary stuff with YOUR mobile phone. The purpose of our app is to warn the privacy-aware user that he is being subject to surveillance and maybe give some hints on what to do next.

Is our app ready to use yet? No, by far not. But hey, we did start! Feel free to check out our GitHub here: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector. If you are one of those people like me, who is happy to use apps like Xprivacy, TextSecure, RedPhone and Pry-Fi, don't hesitate to spread the word, star this project on GitHub and (if you can) contribute. Our hardest issue is yet to come: We are looking out to find people who are able to help us deploying the baseband - indicators for an IMSI-Catcher attack are very subtle, thus we need to digg down very deep into closed-source internals. Any hint or help to find someone for this is highly appreciated.

In the name of creator E:V:A and myself, as well as the thousands of users out there being subject to such heavy surveillance, I would like to welcome anyone who wants this app to come alive to have a sneak at the already existing development roadmap as well as on our primary discussion thread on XDA here: http://forum.xda-developers.com/showthread.php?t=1422969. Don't be too shy to post your constructive criticism, feedback and contributions into that thread! Most importantly though, if you know any Android developer or security enthusiasts, feel free to forward this E-Mail with warmest recommendations. We are aiming to let this App get added to the the Surveillance Self-Defense Project of the EFF as well as the list of apps recommended by the Guardian-Project.

Thank you very much for checking it out and saving our privacy.

With very much respect to all of you

SecUpwN and E:V:A

______________________________________________________
powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet.


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists