[Replicant] Android IMSI-Catcher Detector (AIMSICD)

SecUpwN secupwn at z1p.biz
Thu Apr 10 19:15:06 UTC 2014

Good evening, lovely Replicants!

I am peronally writing this E-Mail to all of you because developer E:V:A just positively mentioned your work in the process of finding a way to issue AT commands to talk with the modem from within Android. Sounds crazy? Well then, get a cup of coffee!

Let's start from the very beginning: As you may know, smartphones are facing a difficult time with all the tracing and data collection that is going on. The biggest security hole is, beneath the user itself, the encryption used for transmission of calls and data. The encryption of the GSM standard is making it fairly easy to let smartphones connect to so-called IMSI-Catchers, which then in turn are able to listen and record voice calls of a victim, even reading their SMS and tapping all communication is possible. Of course this is not, where the story ends: Have a read of this article: https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/ to get updated that the NSA is using unmanned drones to detect and KILL their targets solely based on metadata (websites, calls, SMS, etc.). Those drones do not care whether the targeted person is the "terrorist" or simply an innocent
guy with a borrowed phone in his hands. To get back to my point: IMSI-Catchers are a real threat for people like me who take it about everywhere they go.

And since such surveillance is not easily spotted, I would like to introduce AIMSICD - the Android IMSI-Catcher Detector to you: http://secupwn.github.io/Android-IMSI-Catcher-Detector/. If you can read german (or know how to use an online translator), I highly recommend to read this to get you started on the basics why our project is so important: http://www.kuketz-blog.de/imsi-catcher-erkennung-fuer-android-aimsicd/

E:V:A, the starter of this project and I, as well as a few coders, writers and security freaks are currently working to develop this app to detect and prevent IMSI-Catcher attacks on the Android platform. These days IMSI-Catchers are "not only" affordable for governments, but fairly easy to build with a rather small amount of money and work - thus enabling any criminals to intercept your phone calls, read & spoof your text messages and do a lot of other kinky scary stuff with YOUR mobile phone. The purpose of our app is to warn the privacy-aware user that he is being subject to surveillance and maybe give some hints on what to do next.

Is our app ready to use yet? Partially. Check out our WIP-Releases: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/releases! And make sure to star our GitHub here: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector. If you are one of those people like me, who is happy to use apps like Xprivacy, TextSecure, RedPhone and Pry-Fi, don't hesitate to spread the word, star this project on GitHub and (if you can) contribute. Our hardest issue is yet to come: We are looking out to find people who are able to help us deploying the baseband - indicators for an IMSI-Catcher attack are very subtle, thus we need to digg down very deep into closed-source internals. Any hint or help to find someone for this is highly appreciated. And if you wanna be really bold to show of with your balls: Post the link of our GitHub below your issue and tell them to start contributing! ;-)

In the name of creator E:V:A and myself, as well as the thousands of users out there being subject to such heavy surveillance, I would like to welcome anyone who wants this app to come alive to have a sneak at the already existing development roadmap as well as on our primary discussion thread on XDA here: http://forum.xda-developers.com/showthread.php?t=1422969. Don't be too shy to post your constructive criticism, feedback and contributions into that thread! Most importantly though, if you know any Android developer or security enthusiasts, feel free to forward this E-Mail with warmest recommendations. We are aiming to let this App get added to the the Surveillance Self-Defense Project of the EFF as well as the list of apps recommended by the Guardian-Project.

Thank you very much for checking it out!

With very much respect to you from Germany


powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet.

More information about the Replicant mailing list