[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8745cc8bccecbf4839f7edd70c67a339@mail.secure-mail.biz>
Date: Thu, 27 Mar 2014 13:11:54 +0100
From: "SecUpwN" <secupwn@....biz>
To: "Justin Oberdorf" <justin@...rtsimplesecure.net>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Android IMSI-Catcher Detector (AIMSICD)
Hi there, Justin!
> The project page states your looking for crowd funding/sourcing. Considering
> the mention of whisper systems this seemed obvious.
>
> https://github.com/WhisperSystems/BitHub
Yes, I've been thinking about that, too. Great you suggested it!
> Might take some tweaking but designed with bit coin in mind and pays out
> per commit. Not exactly what you want, but would help drive incentive for
> developers.
Hm.. I'll discuss that with the other developers and keep you updated. Thanks!
Greetings,
SecUpwN
>
> On Mar 27, 2014 5:36 AM, SecUpwN <secupwn@....biz> wrote:
>
> Good morning, George!
>
> > Hey, how are you?
>
> Fine, a little tired, but weather outside rocks. And you? :)
>
> > I've been going through some of your code and want to congratulate you
>
> > on the amazing job you've done so far!
>
> Thank you, I will forward these warm words to our current main developer
> "xLaMbChOpSx" and Jofre Palau, who coded RawPhone in the first
> place. As much as I'd like to be the one who coded the stuff that is already
> there - I haven't. Nevertheless, I'm still learning and will continue to
> contribute.
>
> > I might be possible to contribute a bit to your project, whenever I
> can
> > squeeze some free time and do what I can to help you through towards
>
> > completing it.
>
> Oh, is that the case? Thank for your offer, you're very welcome to do so!
>
>
> > These are some of the things I can help you with:
> > - - Reverse engineering vendor RILs and/or firmware
> > - - Have been playing around with osmocom the past year for some
> > pentests and I think it could be ported to Android using direct AT
> > commands ( /dev/sc - something, have them written down somewhere...
> )
> > - - Help with some C/C++ coding
>
> If you're not yet registered at XDA, I encourage you to so. You should definately
> participate in our official development thread here where most of the talking
> takes place: http://forum.xda-developers.com/showthread.php?t=1422969 - I'll
> be happy to see you there!
>
> > Have you had a chance to get a look at the replicant spin, they've
> > reversed engineer some of the samsung modem interfaces which could
> be
> > helpful. (
> > https://gitorious.org/replicant/external_libsamsung-ipc/source/7d789225fbfe14034b2fcc63dd1d1e92f5482dd2:
>
>
> Would you please re-post this on mentioned XDA-thread? I'm sure others will
> profit from that, too.
>
> > Let me know what I can do for you, but I cant promise a full time
> > commitment.
>
> No worries. Having you here as a support is awesome enough. ;-)
>
>
> > On 26/03/2014 20:43, SecUpwN wrote:
> > >
> > > Dear security enthusiasts and developers,
> > >
> > > as you all may know, smartphones are facing a difficult time with
> all
> >
> > the tracing and data collection that is going on. The biggest security
>
> > hole is, beneath the user itself, the network of the providers.
> > Providers are making it fairly easy to let smartphones connect to
> > IMSI-Catchers, which then in turn are able to listen and record voice
>
> > calls of a victim, even reading their SMS and tapping all communication
>
> > is possible. Of course this is not, where the story ends: Have aread
> of
> >
> > this article:
> > https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/
>
> >
> > to get updated that the NSA is using unmanned drones to detect and KILL
>
> > their targets solely based on metadata (websites, calls, SMS, etc.).
>
> > Those drones do not care whether the targeted person is the "terrorist"
>
> >
> > or simply an innocent guy with a borrowed phone in his hands. To get
>
> > back to my point: IMSI-Catchers are a real problem.
> > > And since such surveillance is not easily spotted, I would like
> to
> > introduce AIMSICD - the Android IMSI-Catcher Detector to you:
> > http://secupwn.github.io/Android-IMSI-Catcher-Detector/. If you can
> read
> >
> > german (or know how to use an online translator), I highly recommend
> to
> > read this to get you started on the basics why our project is so
> > important:
> > http://www.kuketz-blog.de/imsi-catcher-erkennung-fuer-android-aimsicd/
>
> > >
> > > E:V:A, the starter of this project and I, as well as a few coders,
>
> >
> > writers and security freaks are currently working to develop this app
> to
> >
> > detect and prevent IMSI-Catcher attacks on the Android platform. These
>
> > days IMSI-Catchers are "not only" affordable for governments,
> but
> > fairly
> > easy to build with a rather small amount of money and work - thus
> > enabling any criminals to intercept your phone calls, read & spoof
> your
> >
> > text messages and do a lot of other kinky scary stuff with YOUR mobile
>
> > phone. The purpose of our app is to warn the privacy-aware user that
> he
> > is being subject to surveillance and maybe give some hints on what to
> do
> >
> > next.
> > >
> > > Is our app ready to use yet? No, by far not. But hey, we did start!
>
> >
> > Feel free to check out our GitHub here:
> > https://github.com/SecUpwN/Android-IMSI-Catcher-Detector. If you are
> one
> >
> > of those people like me, who is happy to use apps like Xprivacy,
> > TextSecure, RedPhone and Pry-Fi, don't hesitate to spread the word,
> star
> >
> > this project on GitHub and (if you can) contribute. Our hardest issue
> is
> >
> > yet to come: We are looking out to find people who are able to help
> us
> > deploying the baseband - indicators for an IMSI-Catcher attack are very
>
> > subtle, thus we need to digg down very deep into closed-source
> > internals. Any hint or help to find someone for this is highly appreciated.
>
> >
> > >
> > > In the name of creator E:V:A and myself, as well as the thousands
> of
> >
> > users out there being subject to such heavy surveillance, I would like
>
> > to welcome anyone who wants this app to come alive to have a sneak at
>
> > the already existing development roadmap as well as on our primary
> > discussion thread on XDA here:
> > http://forum.xda-developers.com/showthread.php?t=1422969. Don't be
> too
> > shy to post your constructive criticism, feedback and contributions
> into
> >
> > that thread! Most importantly though, if you know any Android developer
>
> > or security enthusiasts, feel free to forward this E-Mail with warmest
>
> > recommendations. We are aiming to let this App get added to the the
>
> > Surveillance Self-Defense Project of the EFF as well as the list of
> apps
> >
> > recommended by the Guardian-Project.
> > >
> > > Thank you very much for checking it out and saving our privacy.
>
> > >
> > > With very much respect to all of you
> > >
> > > SecUpwN and E:V:A
> > >
> > > ______________________________________________________
> > > powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and
>
> > secure internet.
> > >
> > >
> > > _______________________________________________
> > > Sent through the Full Disclosure mailing list
> > > http://nmap.org/mailman/listinfo/fulldisclosure
> > > Web Archives & RSS: http://seclists.org/fulldisclosure/
> > >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.17 (MingW32)
> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> >
> > iQEcBAEBAgAGBQJTMzwBAAoJEHdW/pe+q+B4+5UIAJe3dCJ9YC9f2qE3RzaLj+Yb
> > MrIH1zAqucWmf9WAGiicGgXgdPB8YYTEL5N/VIMkumj4cK6NBg5B6D0UjKbzEHMQ
> > BSGTgbLLtqQtwIto+TnjabwAvjWL4dlbjGGhyNQl08hl2dMN3bsDUpbMl073ZTT4
> > d0h+XnxP8l3Z4/EKhE6nuLbg/dQXFzWNZ5J+ubterTz4D3QEpojemY6Ni049ZAnL
> > eVDmM4NtlAoUgtGi5t+5ZoOaQeiWwLgP1s49DO68aW0mIb8ecSDqvhmiQt/Iz6zC
> > cRyj7hxLdmMPTbieb45lQuROQrC5m9DaUt/wOrzgrEw4XzDQCl/7UP9QqPj/mog=
> > =Io+f
> > -----END PGP SIGNATURE-----
> >
>
>
> ______________________________________________________
> powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet.
>
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
______________________________________________________
powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet.
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists