Android-based project to detect and (hopefully one day) avoid fake base stations (IMSI-Catchers) in GSM/UMTS Networks. Sounds cool and security is important to you? Feel free to contribute! ;-)
German Article about our Project: IMSI-Catcher Erkennung fĂźr Android â AIMSICD.
- Discussion and constructive criticism: Official Development Thread on XDA.
- Before submitting a commit, please carefully read our Styleguide.
- Storage for source code we should add: MERGESOURCE, carefully follow this README.
- Developers will be rewarded. You know of a cool crowdfunding service? Recommend it to us.
- Not a developer? You can help too! Get the GSMmap-APP and submit collected data to the GSM Security Map to enlarge its database for comparison of mobile network protection capabilities!
- Want to know what's boiling under the hood? You're welcome to bookmark our Changelog.
YouTube: DEF CON 18 - Practical Cellphone Spying with Kristin Paget
Unfortunately it seems that IMSI-Catchers have been exponentially popular lately, with an explosion of various "bastards" with governments and criminals all the same, using it. Anyone can now buy an IMSI-Catcher (or build a cheap one on his own). In addition they can all crack the A5.1-3 encryption on the fly! This is why the original author named "E:V:A" started this project. Let's detect and protect against these threats! Never think that you've got "nothing to hide". You'll very likely regret it one day.
- Get scared on YouTube: How easy it is to clone a phone + call when connected to a femtocell.
- Also, check out this talk by Karsten Nohl and Luca Melette on 28c3: Defending mobile phones.
- a. collects relevant RF related variables using public API calls. (LAC etc)
- b. puts them in an SQLite database
- c. catches hidden SMS's
- d. catches hidden App installations
- e. opens a device local terminal root shell
- f. uses (e.) to connect to the modem AT-Command Processor ATCoP via shared memory interface SHM
- g. displays the results from sent AT commands
- NOTE: This is crucial to our project. Please help E:V:A develop a Native AT Command Injector!
- h. use the OTG (USB-host-mode) interface to use FTDI serial cable to interface with another OsmocomBB compatible phone (using Android host as a GUI host)
- i. uses the "CatcherCatcher" detector SW on the 2nd phone
- j. can inject fake 2G GSM location data
- k. find out how to access L0-L2 data using the ATCoP connection
- l. use a statistical algorithm (and smart thinking) on the DB data to detect rogue IMSI catchers
- m. combine all of the above (steps h to l) into a BETA App for testing, add more languages
- n. improve BETA app by adding (many more) things like IMSI-Catcher counter measures
- Add option to make app device administrator
- Add switch to utilize ROOT for digging deeper
- Usage of the XPosed Framework
- Detects IMSI based device location tracking
- Provides counter measures against device tracking
- Can provide swarm-wise-decision-based cellular service interruption
- Can provide secure wifi/wimax alternative data routes through MESH-like networking
- Detect and prevent remote hidden application installation
- Detect and prevent remote hidden SMS-based SIM attacks
- Prevent or spoof GPS data
- Does NOT secure any data transmissions
- Does NOT prevent already installed rogue application from full access
- Provide full device encryption
- Provide secure application sand-boxing
- Provide secure data transmission
- Provide firewalls (awesome solution: AFWall+)
This project is completely licensed under GPL v3+.
Found a bug? Please create an issue here on GitHub!
Our project would not have been possible without these awesome people. HUGE THANKS! ;-)
This list will be updated as our project evolves and shall be included within the final app.
- Smartphone Attack Vector - Smartphone flaws and countermeasures
- Kuketz IT-Security Blog - Great Security Reviews (written in German)
- PRISM Break - Alternatives to opt out of global data surveillance
- The Guardian Project - Secure Open Source Mobile Apps
- Security Research Labs - Stunning Security Revelations made in Berlin
- The Surveillance Self-Defense Project - Defend against the threat of surveillance
- Electronic Frontier Foundation - nonprofit organization defending civil liberties in the digital world
- TextSecure - Secure text messaging application for Android (replace WhatsApp)
- RedPhone - encrypted voice calls for Android
- KillYourPhone - make your own signal blocking phone pouch super fast for little money