[Gsmmap] What does the red events mean

Alexander Senier alex at srlabs.de
Mon May 4 18:14:45 CEST 2015

Hi Arvind,

On 25.04.2015 15:40, Arvind Chaudhary wrote:
> In last 24 hours it has reported 13 "red" IMSI Catcher events and one
> "yellow" SMS and SS& Attacks events. I have also uploaded all the events.
> However, I am not clear on what all this data represents?

With this amount of information I cannot tell either. You can, however,
send me your App ID (top left corner of the main screen) in a private
email an I can have a look into the uploaded information.

> Can some one tell what exactly what the figures in Score and CellID of
> the IMS catcher event means?

The cell ID is the MCC/MNC/LAC/CID values of the cell, i.e. the unique
identifier of the cell that SnoopSnitch found suspicious. What the score
value expresses is not easily explained, as the calculation is a bit
more complicated. I'm working on an FAQ covering that topic. Generally,
every value above 2.0 is reported, but a real IMSI catcher would rather
have a score between 5-12.

> Do the "red" flag certainly mean that my Phone is tracked and all my
> calls are being listened to.

Not necessarily. It could also be an IMSI catcher in identification
mode, i.e. a device that just collects the IMSIs of all phones passing
by. In that case no interception takes place.

> From last few years I am having this doubt that some one is listening to
> my calls and I had indirect proofs (like, some one knowing something
> which I had only spoken over phone to a confident). Can SnoopSnitch
> present a direct confirmed proof that someone is
> really snooping around?

It can give you some indication, but keep in mind that SnoopSnitch uses
a heuristic to detect catchers. Hence, you may encounter false positives
as well as false negatives.


SnoopSnitch maintainer

More information about the Gsmmap mailing list