[Gsmmap] Android Project

Felipe Zimmerle felipe at zimmerle.org
Thu Sep 13 21:15:34 CEST 2012


Hi K. and J.,

On Tue, Aug 21, 2012 at 11:11:28AM +0200, Karsten Nohl wrote:
> >  Karsten: 
> > Could you post your android source code?
> 
> @Felipe: This may be a question for you.
> 

Sorry for the long delay to reply. I little rush here.

Glad that you have interesting on this Android app. I am
not with the code on hands rigth now, but as soon as I arrive
at home i will publish it, however, I am not sure if we can use this.
Since i grabbed the data from the gsmmap web site without anyone
authorization :D.

I built a pipe line to fetch all images from the website and
by using the `ImageMagick` I was able to compute the chrominance
of the images and finally educated guessed the percentage. That
percentage that you saw on the API for every `vulnerability`. Note
that it should be outdated now. I will make it again and publish
the command line.

My idea is to make this project a gsmmap thing. I mean, part
of gsmmap, so we can contribute somehow to the very same project.
Karsten do you have a word on that? Do you guys have some interest
on that?

My motivation to build this application is to inform the user
about the security of the network that he is connected to, but it also
can provide interesting features like force the user to be
connected on 3G and never let the mobile change to other network
version. Since the attacks vectors may vary from version to version
of the network. (Karsten, correct if I am wrong :P).

After build that features, this application could be part of others
projects like SEAndroid [1]. And thus maybe features like 'catch
catcher' could be part of it, since i am talking about a custom
Android images with possibilities to run the Android api with
steroids, bypassing the technical limitations.

There is a lot of effort to get the mobile phones in a TCB, but
they are not targeting the network. Applications like this can
change this scenario. Analog to this SEAndroid project there are
others which intends to make the ME secure.


[1] http://selinuxproject.org/page/SEAndroid

--
F. 



More information about the Gsmmap mailing list