Android-based project to detect and (hopefully one day) prevent fake base stations (IMSI-Catchers) in GSM/UMTS Networks. Sounds cool and security is important to you? Feel free to visit our OFFICIAL DEVELOPMENT THREAD ON XDA and contribute!
Found some source code of an app you think is important to add? Contribute it here, but please carefully follow this README.
Unfortunately it seems that IMSI-Catchers have been exponentially popular lately, with an explosion of various "bastards" with governments and criminals all the same, using it. Anyone can now buy an IMSI-Catcher (or build a cheap one on his own). In addition they can all crack the A5.1-3 encryption on the fly! This is why the original author named "E:V:A" started this project. Let's detect and protect against threats like these! Never think that you've got "nothing to hide". You'll very likely regret it one day.
Scary side note on YouTube: How easy it is to clone a phone + call when connected to a femtocell.
Our project would not have been possible without these awesome people. HUGE THANKS! ;-)
This list will be updated as our project evolves and shall be included within the final app.
- a. collects relevant RF related variables using public API calls. (LAC etc)
- b. puts them in an SQLite database
- c. catches hidden SMS's
- d. catches hidden App installations
- e. opens a device local terminal root shell
- f. uses (e.) to connect to the modem AT-Command Processor ATCoP via shared memory interface SHM
- g. displays the results from sent AT commands
- NOTE: This part is crucial to our project. Please help E:V:A to develop a Native AT Command Injector!
- h. use the OTG (USB-host-mode) interface to use FTDI serial cable to interface with another OsmocomBB compatible phone (using Android host as a GUI host)
- i. uses the "CatcherCatcher" detector SW on the 2nd phone
- j. can inject fake 2G GSM location data
- k. find out how to access L0-L2 data using the ATCoP connection
- l. use a statistical algorithm (and smart thinking) on the DB data to detect rogue IMSI catchers
- m. combine all of the above (steps h to l) into a BETA App for testing, (maybe) add other languages
- n. improve BETA app by adding (many more) things like IMSI-Catcher counter measures
Further ideas: Add option to make app device administrator, maybe also use ROOT and the XPosed Framework.
- Detects IMSI based device location tracking
- Provides counter measures for device tracking
- Can provide swarm-wise-decision-based cellular service interruption
- Can provide secure wifi/wimax alternative data routes through MESH-like networking
- Detect and prevent remote hidden application installation
- Detect and prevent remote hidden SMS-based SIM attacks
- Prevent or spoof GPS data
- Does NOT secure any data transmissions
- Does NOT prevent already installed rogue application from full access
- Provide full device encryption
- Provide secure application sand-boxing
- Provide secure data transmission
- Provide firewalls
- Smartphone Attack Vector - smartphone flaws and countermeasures
- Kuketz IT-Security Blog - great security reviews (written in German)
- PRISM Break - alternatives to opt out of global data surveillance
- The Guardian Project - Secure Open Source Mobile Apps
DEVELOPERS are VERY WELCOME and will be REWARDED.
You know of a cool crowdfunding service? Recommend it to us!