[Gsmmap] IMSI_Catcher_Score wiki page says nothing about c5 (+ lots of events in Paris)

axel simon axel+srlabs at axelsimon.net
Fri Aug 7 14:06:02 CEST 2015


Hi Luca,

Thanks for the answer.

I have 4G enabled and am often on 4G. I'll try disabling it to see if
that makes a difference.

I'd be interested in checking if something really is wrong too, so I'll
send you my app id (I've enabled auto-upload of catcher events).

Cheers,

axel

On 06/08/15 19:48, Luca Melette wrote:
> Hi Axel,
>
> Certainly no encryption would be a problem in many countries.
> What I can say is that cipher detection is difficult when 4G is in use
> and sometimes also for 3G. Both systems keep connections alive for
> long time without renewing the cipher mode and we miss that information.
> The only way to know if something is really wrong is to send me
> privately your appid, so I can have a look at the radio frames.
> (hopefully you uploaded your catcher events)
>
> Cheers,
>
> LM
>
>> Hi again,
>>
>> Answering myself.
>>
>> if I'm not mistaken, c5 is "no encryption".
>> https://opensource.srlabs.de/projects/snoopsnitch/repository/revisions/f39a7fada2e2607bd7359180b868a029d38eea3e
>>> Add new C5 criterion (no encryption)
>> That's a pretty terrible warning indeed.
>>
>> Can anyone confirm this?
>>
>> If this is the case, I'm seeing literally tens of events where we have
>> encryption downgrade (c1) and no more encryption (c5)…
>>
>> I'd like to hear your opinion on this.
>>
>> Cheers
>>
>> axel
>>
>> On 05/08/15 12:19, axel simon wrote:
>>> Hi everyone,
>>>
>>> First time poster here. I'm axel, I'm from Paris and I take part in
>>> different activist-y things. Not sure my bio is very relevant right
>>> now :)
>>>
>>> So, here's the thing. I've been running SnoopSnitch for a few
>>> months in Paris, I used to get a few IMSI catcher alerts here and
>>> there, but now (since version 0.9.7?) I'm seeing many more. I'm up
>>> to 95 in the last 7 days, 5 in the last 24 hours.
>>>
>>> A lot (most I think) of these happen when I'm on the metro, and I'm
>>> thinking (poorly-educated guess here) that it's a misconfiguration
>>> of the handover between overground and underground cells.
>>>
>>> In any case, the majority of the IMSI catcher events have a score
>>> of 3: Score: 3.00, c1=1.0, c5=2.0
>>>
>>> I've searched the wiki (and this list's archives) for mentions of
>>> c5, but it seems to be the one type of event about which there is no
>>> information.
>>>
>>> Can anyone explain what I should expect from a c5 event? and how
>>> bad a score of 2.0 is? :)
>>>
>>> Thanks for your help and for this really interesting tool!
>>>
>>> Take care,
>>>
>>> axel
>>>


More information about the Gsmmap mailing list