[Gsmmap] IMSI_Catcher_Score wiki page says nothing about c5 (+ lots of events in Paris)

Luca Melette luca at srlabs.de
Thu Aug 6 19:48:20 CEST 2015


Hi Axel,

Certainly no encryption would be a problem in many countries.
What I can say is that cipher detection is difficult when 4G is in use
and sometimes also for 3G. Both systems keep connections alive for
long time without renewing the cipher mode and we miss that information.
The only way to know if something is really wrong is to send me
privately your appid, so I can have a look at the radio frames.
(hopefully you uploaded your catcher events)

Cheers,

LM

> Hi again,
> 
> Answering myself.
> 
> if I'm not mistaken, c5 is "no encryption".
> https://opensource.srlabs.de/projects/snoopsnitch/repository/revisions/f39a7fada2e2607bd7359180b868a029d38eea3e
> > Add new C5 criterion (no encryption)
> That's a pretty terrible warning indeed.
> 
> Can anyone confirm this?
> 
> If this is the case, I'm seeing literally tens of events where we have
> encryption downgrade (c1) and no more encryption (c5)…
> 
> I'd like to hear your opinion on this.
> 
> Cheers
> 
> axel
> 
> On 05/08/15 12:19, axel simon wrote:
> > Hi everyone,
> >
> > First time poster here. I'm axel, I'm from Paris and I take part in
> > different activist-y things. Not sure my bio is very relevant right
> > now :)
> >
> > So, here's the thing. I've been running SnoopSnitch for a few
> > months in Paris, I used to get a few IMSI catcher alerts here and
> > there, but now (since version 0.9.7?) I'm seeing many more. I'm up
> > to 95 in the last 7 days, 5 in the last 24 hours.
> >
> > A lot (most I think) of these happen when I'm on the metro, and I'm
> > thinking (poorly-educated guess here) that it's a misconfiguration
> > of the handover between overground and underground cells.
> >
> > In any case, the majority of the IMSI catcher events have a score
> > of 3: Score: 3.00, c1=1.0, c5=2.0
> >
> > I've searched the wiki (and this list's archives) for mentions of
> > c5, but it seems to be the one type of event about which there is no
> > information.
> >
> > Can anyone explain what I should expect from a c5 event? and how
> > bad a score of 2.0 is? :)
> >
> > Thanks for your help and for this really interesting tool!
> >
> > Take care,
> >
> > axel
> >
> 
> _______________________________________________
> Gsmmap mailing list
> Gsmmap at lists.srlabs.de
> https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap



More information about the Gsmmap mailing list