[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Android IMSI Catcher detection
This morning's NSA article from WaPo contains some slides mentioning
USRP equipment[1]. It's hard to say without more context whether it's
referring to the GSM equipment from Ettus...anyone care to speculate?
The USRP series doesn't exactly seem like carrier-grade equipment, but
perhaps the NSA has a good reason to use it. Maybe baseband
exploitation, as coderman has previously mentioned? Simply getting cell
tower database dumps from the telcos would suffice for location info, so
I would guess this has a different purpose.
[1]
http://apps.washingtonpost.com/g/page/national/nsa-signal-surveillance-success-stories/647/#document/p3/a135606
On 12/10/2013 05:56 AM, Matej Kovacic wrote:
> Hi,
>
>> Can/do IMSI systems spoof tower id: is there anything in GSM to make
>> towers self-verifying? I'm guessing no, in which the above would be very
>> poor.
> No, the problem is, that mobile phone authenticates to mobile network,
> but the opposite is not true. Since mobile network does not authenticate
> itself to mobile phone, IMSI Catcher attacks are possible.
>
> There has been also demonstration of "home-made" IMSI Catcher based on
> Osmocom platform last year at the CCC conference.
>
> The video of the presentation "Further hacks on the Calypso platform" by
> Sylvain Munaut is here:
> http://media.ccc.de/browse/congress/2012/29c3-5226-en-further_hacks_calypso_h264.html
>
> So, it is very easy to set up fake cell with any cell ID.
>
>> Also of note is API for signal strength, so a mapping of known towers to
>> expected strength at location XYZ could be used to detect systems used
>> to home in on phones, which usually max out on signal and tell your
>
> This would not work, because cells are not static (new cell emerge,
> covered area changes, etc.) and opencellid database is not regularly
> updated. There could also be femtocells used, etc...
>
>
> Regards,
>
> M.
>
--
http://disman.tl
OpenPGP key: http://disman.tl/pgp.asc
Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9