lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <342de2e2fd99b2a0ed82faeeb0b0ac6e@thefnf.org>
Date: Wed, 26 Mar 2014 15:31:51 -0500
From: charles@...fnf.org
To: fulldisclosure@...lists.org
Subject: Re: [FD] Android IMSI-Catcher Detector (AIMSICD)

On 2014-03-26 13:43, SecUpwN wrote:
> Dear security enthusiasts and developers,
> 
> Providers are making it fairly easy to let smartphones connect to
> IMSI-Catchers, which then in turn are able to listen and record voice
> calls of a victim, even reading their SMS and tapping all
> communication is possible.


How is this the providers fault? Isn't this a core issue with the GSM 
protocol, and simply camping to the strongest source? Which is why the 
catchers are usually mobile (like the recent case in Florida with the 
Verizon data card). Also not sure how this works with CDMA. I guess they 
can push a forced PRL update perhaps?

  To get back to my point: IMSI-Catchers are a real problem.
> And since such surveillance is not easily spotted,

It's not? Then how does your program work?


  I would like to
> introduce AIMSICD - the Android IMSI-Catcher Detector to you:
> http://secupwn.github.io/Android-IMSI-Catcher-Detector/.


I've forked it and starred it.

Didn't know about https://www.gsmmap.org/ , that's pretty neat.

So can't the base stations all be turned into IMSI catchers essentially? 
Why even bother with MITM and passthrough, when you can just NSL a 
telco. I'm pretty sure all the gear is CALEA compliant. I mean sure, 
criminals can make use of a mobile IMSI catcher. However I think it's 
far more effective to stick with phishing and other traditional internet 
attack vectors. Not to mention Android malware. Why spend the time/money 
to hack layer 1 (which requires proximity) when layer 7 is wide open?


> E:V:A, the starter of this project and I, as well as a few coders,
> writers and security freaks are currently working to develop this app
> to detect and prevent IMSI-Catcher attacks on the Android platform.


> These days IMSI-Catchers are "not only" affordable for governments,
> but fairly easy to build with a rather small amount of money and work
> - thus enabling any criminals to intercept your phone calls, read &
> spoof your text messages and do a lot of other kinky scary stuff with
> YOUR mobile phone.

Or they'll just infect the users with malware. Way easier.


The purpose of our app is to warn the privacy-aware
> user that he is being subject to surveillance and maybe give some
> hints on what to do next.
> 


Can you explain in a few sentences the core of the idea/algorithm you 
are using to do this? I'm looking over all the linked materials and 
haven't really seen that detailed.


Our hardest
> issue is yet to come: We are looking out to find people who are able
> to help us deploying the baseband - indicators for an IMSI-Catcher
> attack are very subtle, thus we need to digg down very deep into
> closed-source internals. Any hint or help to find someone for this is
> highly appreciated.


I presume you are in close touch with oscombb already?



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ