This app was mentioned in 69 comments, with an average of 24.86 upvotes
> "We found several vendors that didn’t install a single patch but changed the patch date forward by several months," Nohl says. "That’s deliberate deception, and it's not very common."
That is such a crap move. However, I always wondered if manufacturers ever did this and now there's proof that does indeed happen.
> In an effort to solve that missing patch transparency problem, SRL Labs is also releasing an update to its Android app SnoopSnitch that will let users check their phone's code for the actual state of its security updates
How to detect these fake cellphone towers with your Android phone:
Android IMSI-Catcher Detector (#AIMSICD):
SnoopSnitch:
I'm just going to post this on here for others to see again. Here are two android apps made for detecting when you are connected to such a device or being monitored. I am not sure of there being any for iOS, but read up! Please pass these on, it's important to know when you're under the influence of these devices, even if you're doing nothing wrong.
Here's the one I have stayed with, actually found out we have a stingray in the town I live in
Here's another one I have no experience with
There is another app under the name of SpideyApp that has not had any activity on it for a year or so and is only an e-mail list submission now, don't mess with that one, sketchy.
They are not illegal!
Two example of counter technologies for mobile devices:
https://secupwn.github.io/Android-IMSI-Catcher-Detector/
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
There are a some apps (requiring a rooted phone) that will use the known FCC GPS location of all cellphone towers, and if it detects you are connected to a tower who's GPS doesn't match one listed, it flags it as suspicious.
I'm on my phone now, and having trouble Googling it, I'll look again later when I'm on my PC.
Edit: Here is one called SnoopSnitch. Also, if you are interested in this kind of stuff, check out: /r/Intelligence.
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch
Have a rooted Nexus device? A select group of devices with the Qualcomm chipset that this app is designed to use will let you know when your phone is passing through a stingray device. Nexus devices are what this app was designed to use.
So weit ich verstanden habe stammt die App von den Herrschaften des CCC.
Nachteil: Das ding ist auf Qualcomm Chipsätze ausgelegt und benötigt root-Rechte. Ist auch ziemlich präzise so in der Beschreibung angegeben. Was einen Großteil der Nutzer aber nicht nicht davon abhält, es trotzdem mal zu probieren (gut glück!) und dann dennoch zu meckern, weil es schlussendlich tatsächlich nicht funktioniert... Demensprechend verwässerte Wertungen lassen zurecht einen Zweifel zu.
I'm just going to post this on here for others to see again. Here are two android apps made for detecting when you are connected to such a device or being monitored. I am not sure of there being any for iOS, but read up! Please pass these on, it's important to know when you're under the influence of these devices, even if you're doing nothing wrong.
Here's the one I have stayed with, actually found out we have a stingray in the town I live in
Here's another one I have no experience with
There is another app under the name of SpideyApp that has not had any activity on it for a year or so and is only an e-mail list submission now, don't mess with that one, sketchy.
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch
Snoopsnitch will tell you when your phone is passing through a stingray device. You need to have root and a supported Qualcomm chipset on your phone. Nexus devices are the ones this app was designed for.
"In dangerous environments like war-torn Syria, smartphones become indispensable tools for journalists, human rights workers, and activists. But at the same time they become especially potent tracking devices that can put users in mortal danger by leaking their location."
"National Security Agency whistleblower Edward Snowden has been working with prominent hardware hacker Andrew “Bunnie” Huang to solve this problem. The pair are developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. They argue that a smartphone’s user interface can’t be relied to tell you the truth about that state of its radios. Their initial prototyping work uses an iPhone 6."
Android has a few apps to monitor possible cell simulators, I hope Snowden (or somebody) can get a comparable App into the Apple App store.
There are already Android apps that detect fake base stations and other shenanigans. I haven't used either, but SnoopSnitch ~~and AIMSICD~~ look legit
For anyone interested in a demo of how these things can work defcon 18
Will be interesting to see what comes out of this. I'm wondering what exactly they are recording. Just hits on the tower, or actual calls and text.
Also there is an app called Snoop snitch to detect imsi catchers or "stingrays".
And to answer you question. Of course not. However nothing will change until the technology does. like ditching mobile bands entirely and using carrier provided wifi for calls and data.Meh
How to detect these fake cellphone towers with your Android phone:
Android IMSI-Catcher Detector (#AIMSICD):
SnoopSnitch:
If guys download an app from the Play Store called "SnoopSnitch" you can verify what has been patched. Bear in mind all the tests apart from verifying security patches, require root.
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en_GB
If you're worried about this happening to you, there are apps out there like SnoopSnitch and AIMSICD that attempt to warn you if you've connected to one of these "fake" cell towers.
They're not perfect, and often require you to root your phone, but they're better than nothing.
If you are concerned, there are multiple Stingray detection apps that you can use:
Android IMSI-Catcher Detector (AIMSICD): https://secupwn.github.io/Android-IMSI-Catcher-Detector/
SnoopSnitch: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
Both apps are on F-Droid (Android open source thrid party app store). SnoopSnitch caught multiple Stingrays pretty recently at protests in the U.S.
These apps are in development to help us end users be aware if anyone is listening. They are both completely free with no monetary gain whatsoever with no in app purchases and no in app advertisements.
They do require root access.
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/releases
Here's a neat tool that can detect jammers and signal hijacks, it can even be set to disable radio entirely if one is detected.
https://secupwn.github.io/Android-IMSI-Catcher-Detector/
here's a similar tool
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
I would highly recommend all Android users to install SnoopSnitch on their phones to detect fake cell towers and Stringrays.
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
https://opensource.srlabs.de/projects/snoopsnitch (getting 503 error atm tho)
After first reading about the StingRay, I thought about building an app to GPS locate the cell tower a phone was communicating with and cross reference them with FCC cell tower licenses. I then heard rumors about an app that did something similar, but could never find it. It's called SnoopSnitch, and is available on the Google App Store, but requires a rooted phone.
If you are concerned, there are multiple Stingray detection apps that you can use:
Android IMSI-Catcher Detector (AIMSICD): https://secupwn.github.io/Android-IMSI-Catcher-Detector/
SnoopSnitch: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
Both apps are on F-Droid (Android open source thrid party app store). SnoopSnitch caught multiple Stingrays pretty recently at protests in the U.S.
How to detect these fake cellphone towers with your Android phone:
Android IMSI-Catcher Detector (#AIMSICD):
SnoopSnitch:
Counter IMSI Catcher Technologies (For Android):
Android IMSI-Catcher Detector (#AIMSICD): https://secupwn.github.io/Android-IMSI-Catcher-Detector/
SnoopSnitch: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
The easiest way to check patches is an app called Snoop Snitch. Be prepared for a let down though. Boox is way behind on patches on their other devices. I doubt the Air is any different.
SnoopSnitch can detect stingrays and fake cell towers:
Fucking with cell towers is a great way to get pwnd by the FCC.
> use this > https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch
Cool, thanks!
Turns out that I already had this installed (after someone here tipped it). Just have not used it much recently.
The most recent listed CVEs are from Oct 2018. So I guess that my H990N is still vulnerable to the PNG issue after this update.
If you use snoopstitch you can check just how up to date with security patches your phone is. My RP2 appears to be up to date to the last major version.
You're speaking of SnoopSnitch! Great app, but it will wreck your battery life. I was honestly surprised how much I was being tracked here in the Silicon Valley - and Sacramento/Roseville area.
Edit: F-droid is down apparently. Here is the Play Store link.
Do you mean cell phone carriers? Because that's not true.
It just requires any cell phone manufacturer to do things less stupidly. While the telecoms are certainly in bed with the government (and probably Qualcomm as well), I don't think that the major manufacturers (Samsung and HTC and LG and so on) really are.
edit: And in any case, it's easy to imagine an app that simply says, "hey, I haven't moved according to my GPS, but suddenly there's a HUGE TOWER here. I better warn the user that something may be amiss!"
Actually, a quick google search reveals such an app: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
While it certainly won't destroy a stingray, AIMSICD and SnoopSnitch both will detect the presence of them and some other sneaky stuff, like silent SMS.
Fight back!
I found an app that alerts you when you're connected to a stingray: SnoopSnitch
Unfortunately, it's only available for Android ATM.
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
AIMSICD
Site: http://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/
Fdroid link: https://f-droid.org/app/com.SecUpwN.AIMSICD
SnoopSnitch
Site: https://opensource.srlabs.de/projects/snoopsnitch
Playstore link: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch
Fdroid link: https://f-droid.org/app/de.srlabs.snoopsnitch
What ever happened to that android app in development that alerts you when you are connected to a Stingray?
EDIT: I found things!
Here's the one I found while digging around!
I installed the github link AIMSICD one and have to say it's pretty damn neat. Hope they have some for iOS as well.
SnoopSnitch for android
There's also SnoopSnitch: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
Wer Qualcomm Chipset hat:
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch
Wenn es das gleiche für Exynos gibt, immer her damit.
Help make it dangerous legally, PR-wise, and physically for the RCMP to use mass surveillance and mass hacking tools on the public!
For Android Phones:
AIMSICD : https://secupwn.github.io/Android-IMSI-Catcher-Detector/
F-Droid: https://f-droid.org/repository/browse/?fdid=com.SecUpwN.AIMSICD
GitHub: https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/releases
Apitode: http://aimsicd.store.aptoide.com/
AIMSICD can always use more help from developers, every little bit helps fuck the RCMP. Don't say to yourself, "someone else will help", because then no one else helps them.
Snoopsnitch: https://opensource.srlabs.de/projects/snoopsnitch
GooglePlay: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch
F-Droid: https://f-droid.org/repository/browse/?fdid=de.srlabs.snoopsnitch
Direct: https://opensource.srlabs.de/attachments/download/115/SnoopSnitch-1.0.1.apk
This app should test those. I ran it and got 0 patch missing.
Ang sikkerhet på mobil så finnes https://copperhead.co/android/ som enda er i alpha/beta fase. Utviklet av en del dyktige folk og burde hjelpe på når vi får noe stabilt.
Utover dette så finnes det et par apps som er greie å ha på android;
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=no
https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector
Jeg anbefaler også alle å bruke Signal over andre apper som Telegram og Whatsapp!
Anbefaler også et par plugins for nettlesere så du kan unngå ting som canvas fingerprinting;
https://addons.mozilla.org/en-US/firefox/addon/privacy-settings/
https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
https://www.eff.org/https-everywhere%20
Alle disser skal finnes for både firefox og chrome. Veldig greit og man slipper unna med en del fingerprinting. Noscript er også veldig greit om du har lyst å ta det steget.
Panopticlick er en tjeneste fra EFF som lar deg sjekke hvor unikt din nettleser er.
https://panopticlick.eff.org/
Help make it dangerous legally, PR-wise, and physically for the RCMP to use mass surveillance and mass hacking tools on the public!
For Android Phones:
AIMSICD : https://secupwn.github.io/Android-IMSI-Catcher-Detector/
F-Droid: https://f-droid.org/repository/browse/?fdid=com.SecUpwN.AIMSICD
GitHub: https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/releases
Apitode: http://aimsicd.store.aptoide.com/
AIMSICD can always use more help from developers, every little bit helps fuck the RCMP. Don't say to yourself, "someone else will help", because then no one else helps them.
Snoopsnitch: https://opensource.srlabs.de/projects/snoopsnitch
GooglePlay: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch
F-Droid: https://f-droid.org/repository/browse/?fdid=de.srlabs.snoopsnitch
Direct: https://opensource.srlabs.de/attachments/download/115/SnoopSnitch-1.0.1.apk
there are a few projects trying to catch IMSI catchers. This App is working on certain Android phones https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=de&gl=US Here is a device that is ready to use (the professional way) https://www.cryptophone.de/en/support/tech-specs/cp600g/ From a technical view it makes more sense to use SDRs and a dedicated computer. Here are some links to projects running mostly on Linux https://www.smartphone-attack-vector.de/imsi-catcher_stingray_detector/
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
But software solutions are not 100% guaranteed...
https://opensource.srlabs.de/projects/snoopsnitch
Cryptophone
http://www.cryptophone.de/en/products/mobile/
https://www.digitaltrends.com/mobile/cryptophone-demand-exceeds-supply/
Of course, you need to agree to pay $3500 USD for one phone... https://www.technologyreview.com/s/525556/for-3500-a-spy-resistant-smartphone/
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
should test for deployed stingrays
Help make it dangerous legally, PR-wise, and physically for the RCMP to use mass surveillance and mass hacking tools on the public!
For Android Phones:
AIMSICD : https://secupwn.github.io/Android-IMSI-Catcher-Detector/
F-Droid: https://f-droid.org/repository/browse/?fdid=com.SecUpwN.AIMSICD
GitHub: https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/releases
Apitode: http://aimsicd.store.aptoide.com/
AIMSICD can always use more help from developers, every little bit helps fuck the RCMP. Don't say to yourself, "someone else will help", because then no one else helps them.
Snoopsnitch: https://opensource.srlabs.de/projects/snoopsnitch
GooglePlay: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch
F-Droid: https://f-droid.org/repository/browse/?fdid=de.srlabs.snoopsnitch
Direct: https://opensource.srlabs.de/attachments/download/115/SnoopSnitch-1.0.1.apk
Did you check with their SnoopSnitch app?
Search for "IMSI catcher detectors" (like Android-IMSI-Catcher-Detector ). An "IMSI catcher detector" is a software that tries to detect an "IMSI catcher". An "IMSI catcher" is a fake mobile phone tower, such as the infamous Stingray. There are several projects along this line, and I imagine all of them will require a rooted Android terminal.
There are other projects that might be useful, such as SnoopSnitch (some functionalities don't require root).
To detect IMSI catchers on your smartphone
SnoopSnitch - Powerful scanner and detector especially for unknown base stations
GSM Spy Finder - non root IMSI catcher's scanner.
(unfortunately this app type is only available on Android)
To protect communication against IMSI catcher like Stingray
To echo u/accik above, This app should test those.
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
Requires root however.
SnoopSnitch but it only works on some phones.
There's a few tools you can use.
These do require root and I believe older devices, I've never been able to get them properly working on newer devices (something to do with the firmware)
https://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/ (needs building from source)
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en (You need a rooted Samsung Galaxy S3 To use these features, a rooted device* with a Qualcomm chipset running stock Android 4.1 or higher is required. Custom ROMs are often unsupported as they can lack necessary proprietary drivers.
https://opensource.srlabs.de/projects/snoopsnitch/wiki/DeviceList
https://github.com/darshakframework/darshak (old not maintained)
https://play.google.com/store/apps/details?id=com.skibapps.cellspycatcher&hl=en (unsure if it's been recently updated)
https://comsecllc.com/imsi-catcher-detector/ (commercial product)
As far as I'm aware there is no current solution for 5G nor is there anyway to snoop on it (don't quote me on that)
> For example, where is Launcher3 support from July of last year?
Firstly, the changes for Launcher3 support were only mainlined into AOSP in December last year, not July. That's when it was merged internally to Google's Android source.
Secondly, the amount of work required to implement them is not insignificant, and is not a guarantee that the issue will be fixed. There are Still complaints today that gestures with third-party launchers are not seamless. I do agree that it's not a great look for them, though, since the (somewhat) fix has been in AOSP for more than 8 months now. I'm guessing they will implement this in Android 12/OneUI 4.0, similar to the commitment Asus made.
> Samsung has gotten better at security updates. The monthly updates typically don't contain any bug fixes from AOSP.
Samsung are at parity with Google with regards to security updates. You can even verify this yourself using an app like SnoopSnitch.
But, monthly updates have never been focused around bug fixes from AOSP. Even Google does this quarterly now, so not really fair to knock any OEM for not doing this.
How to defend against StingRays 3 steps to complete protection.
Read more here:
https://gizmodo.com/this-app-can-tell-when-youre-being-snooped-on-1679140117
Read more here: https://www.wired.com/2014/09/cryptophone-firewall-identifies-rogue-cell-towers/
Read more here: https://forum.xda-developers.com/xposed/modules/xposed-imei-changer-t2847187
A2017G
If you still have it, you can just run the SnoopSnitch app to check.
An IMSI-catcher tracker. Tells you when you're being spied on in the way the article describes.
For Android: https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch
FYI need root and a supported device using Qualcomm chipset
Laut Google Play Store erkennt SnoopSnitch auch IMSI-Catcher.
There is an app on Play Store but it does require root.
https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
There is also snoopsnitch. https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
meh only stupid people get caught