[Gsmmap] IMSI_Catcher_Score wiki page says nothing about c5 (+ lots of events in Paris)

axel simon axel+srlabs at axelsimon.net
Thu Aug 6 18:30:00 CEST 2015


Hi again,

Answering myself.

if I'm not mistaken, c5 is "no encryption".
https://opensource.srlabs.de/projects/snoopsnitch/repository/revisions/f39a7fada2e2607bd7359180b868a029d38eea3e
> Add new C5 criterion (no encryption)
That's a pretty terrible warning indeed.

Can anyone confirm this?

If this is the case, I'm seeing literally tens of events where we have
encryption downgrade (c1) and no more encryption (c5)…

I'd like to hear your opinion on this.

Cheers

axel

On 05/08/15 12:19, axel simon wrote:
> Hi everyone,
>
> First time poster here. I'm axel, I'm from Paris and I take part in
> different activist-y things. Not sure my bio is very relevant right now :)
>
> So, here's the thing. I've been running SnoopSnitch for a few months in
> Paris, I used to get a few IMSI catcher alerts here and there, but now
> (since version 0.9.7?) I'm seeing many more. I'm up to 95 in the last 7
> days, 5 in the last 24 hours.
>
> A lot (most I think) of these happen when I'm on the metro, and I'm
> thinking (poorly-educated guess here) that it's a misconfiguration of
> the handover between overground and underground cells.
>
> In any case, the majority of the IMSI catcher events have a score of 3:
> Score: 3.00, c1=1.0, c5=2.0
>
> I've searched the wiki (and this list's archives) for mentions of c5,
> but it seems to be the one type of event about which there is no
> information.
>
> Can anyone explain what I should expect from a c5 event? and how bad a
> score of 2.0 is? :)
>
> Thanks for your help and for this really interesting tool!
>
> Take care,
>
> axel
>



More information about the Gsmmap mailing list