Android IMSI Catcher (aka Stingray) Detector

[btq96r]

For some general information on what IMSI catchers do, read these links.

http://www.npr.org/blogs/alltechconsidered/2014/10/21/356191015/whos-catching-your-cellphone-conversations

http://www.washingtonpost.com/world/national-security/secrecy-around-police-surveillance-equipment-proves-a-cases-undoing/2015/02/22/ce72308a-b7ac-11e4-aa05-1ce812b3fdd2_story.html

 

I find it shady as hell on the part of law enforcement agencies, federal, state & local.  But, "it's for the children," and all that.  No way the methods used would pass Constitutional muster...hence why they are so tight lipped about it.  The technology is also cheap enough for hackers and other tech savy criminals to get in the game.

 

Now, for the good news...there is finally a way for Android users to see if they might be having their cell signal intercepted by cops and/or crooks.  I've been using it for about a week now, it isn't messing with my phone in any negative way, and the battery is still about the same.  Since the source I got this from had better instructions that I ever could write, I'm just posting it here with his permission.  I should be able to answer most questions if you guys have any. 

 

 

 

Sunshine is the best disinfectant.

https://secupwn.github.io/Android-IM...cher-Detector/

Read everything on every link on that page. Then the Git, then the Wiki.

Doesn't need root! (unless you want to send AT commands to your Baseband Modem - you don't)

It's on F-Droid (Open Source Alternate Market)

https://f-droid.org/

Android Settings>Security>Unknown Sources (Select It) - then download F-Droid and install it. Search for "IMSI" and you should see AIMSICD. Install. Go back to the Security settings and Un-Select 'Unknown Sources'.

Open the app. You'll get a pop up about GPS if you normally don't leave GPS on (most don't). Just hit 'Cancel'. Go into the preferences and un-select GPS Cell Tower Tracking, but leave Cell Monitoring Selected. This will provide protection without the battery drain of GPS. Select Auto-Start and Persistent Service. Default 'Auto' refresh rate is 15 seconds. On my custom device, this add ~0.5% per hour more battery drain - pretty damn good. I'm experimenting with extending the refresh rate to 25-45 seconds, to see if I can get that down without compromising protection.

The last thing to do is hit 'Request OCID API Key'. This is optional, but it helps the Open Cell Tower Project plot legitimate cell towers.... to better be able to find fake ones.

You can play around with the other stuff like BTS data and the mapping if you want - but that ^ will be all most need.

This is 'Alpha' software, but I tested it on a KK 4.4.4 CyanogenMod Galaxy Nexus, and a Custom ROM/Kernel Lollipop Nexus 5 - 0 problems. I even detected a cell tower in my area using less than A5/3 encryption (Yellow Icon).

Do your duty as a Citizen - defend the Bill of Rights. And at last check, the cost to build an IMSI Catcher was down to about $500... if you don't think nerdy thieves are doing what the state is, you're nuts.

[Sam1]

Good info man, thanks.  I knew they were doing this, but didn't know we had any options to alert us as end users that it was happening.

[btq96r]

Good info man, thanks.  I knew they were doing this, but didn't know we had any options to alert us as end users that it was happening.

 

This has been in the works for a bit now.  It's going to be an evolving game, of measure/countermeasure, but I am all about having options to defend against mass collection.

[Sam1]

Yeah, I've seen the secure phones out now, but those things are impractically priced for 'normal' people.

[btq96r]

Yeah, I've seen the secure phones out now, but those things are impractically priced for 'normal' people.

 

Love the concept of a secure phone out of the box, love the idea that this is finally getting into people's head.  However, they aren't using anything that isn't available for free or at a reasonable price.  It's also not too hard to learn how to secure your own stuff with some time, patience, and willingness to learn.   But, I can see the allure of an out of the box secure phone for those not too technically inclined.

 

For me, this is how I roll...

• Unlocked Nexus 5, wiped clean and installed CyanogenMod; got rid of the "Google knows best" bloatware and give me instant root access
• Avast Antivirus for Android; similar to desktop version, plus I can remotely wipe or lock the phone
• Installed my VPN providers mobile version
• TextSecure for end to end encrypted text messages over data
• RedPhone for end to end encrypted calls over data

That's just my protections on my cell from the mass collection being done by the big .gov (really .mil since the NSA is a military organization operating domestically) and anyone with a hard-on for hacking cell phones.  I could keep going on what I've done to protect my cell from local law enforcement...but this isn't one of those threads. :D

 

Enjoy being able to protect your privacy through open-source means before it becomes treason.

Edited May 9, 2015 by btq96r

[Dustbuster]

This is cool stuff. As much as I love technology and the open android architecture, One needs to stop and think. A stingray is device used for a man in the middle attack deployed to locate a target. It is not automated, it takes a trained operator to use it.
When you sign your agreement with your carrier you actually consent to allowing everything and anything to go on as they desire. The only way to detect a mitm attack is to know what towers are in your area and look for the rogue cell or equipment. Mitm attacks or intercepts are coordinated efforts focused on one or a small cluster.....
Chances of detecting an agency using a piece of gear like an older stingray are very slim as by the time you figure out you're compromised it's too late as the door is blown off the hinges.....
Good stuff though.....
On a side note the cost to train someone to use that intercept technology is very expensive, and it is a perishable skill set.

Thanks for the post

[btq96r]

Chances of detecting an agency using a piece of gear like an older stingray are very slim as by the time you figure out you're compromised it's too late as the door is blown off the hinges.....
Good stuff though.....

 

 

That's what the software in the first post is supposed to be able to do, let you know when your cell is possibly being compromised by virtue of dropping to a less secure connection unexpectedly, which is a sign that a Stingray might be in use and other methods.  When you have some time, read through the links in the first post.  They lay it out pretty well. 

 

Basically, after installing, you turn it on, let it run when your phone runs, and it will give you a warning when it thinks something is amiss.  Some stock photos from the site...

 

 

 

 

This is what the notification menu on my phone looks like with it running.  I keep it running 24/7 and have it refresh every 60 seconds.  I need to try it out in a big area like Nashville to see how well mapped we are there and what not.

 

 

Also worth mentioning, that this was just released not too long ago.  They're in the alpha stage (beginnings) and are sure to have updated versions as they go.  They're still building up a database of what places should be good, and what ones aren't based on user feedback.

[10-Ring]

On one hand I feel that any conversation on my phone is between me and the person who I am talking to and is no one else's business.  On the other hand I think it would be funny if someone tapped my phone they sure wold waste a lot of time for absolutely nothing of interest.