[Gsmmap] Trouble triggering snoopsnitch

Luca Melette luca at srlabs.de
Mon Nov 28 16:07:03 CET 2016


Thanks Joshua!

Now I can tell you what happened :)

Since OpenBTS-UMTS does not implement CS, the only interaction
with the fake BTS takes place in PS (RAU and PS Attach).
Quite unfortunately I did not include this scenario in the detection
logic because "normal" IMSI catchers would primarily fake a CS
network (call and SMS services are supported by every phone).

So, there is some space for improvement, I will consider to
add this new logic in the next app release.
It would be great if you could send me (privately)
the radio trace (qdmon-*) file that you obtained while playing with
your catcher.

Cheers,

LM

> Yes, pcap is attached.
> 
> Thank you.
> 
> Luca Melette wrote:
> > Hi Joshua,
> >
> > The logic that detects rejected location updates should work for
> > both GSM and UMTS.
> > I can imagine a single case that would stay under the radar, that
> > is, if a mobile already sends the IMSI in the LUR message and the
> > network then rejects it.
> > Would you be able to collect a pcap and share it via mail?
> >
> > Cheers,
> >
> > LM
> >  
> >> Hello,
> >>
> >> I am attempting to trigger an alert on Snoopsnitch 1.0.1. It is
> >> running on a Nexus 5 running CM and seems to be working (runs
> >> analysis, can run active test).
> >>
> >> The phone is running with a valid SIM card and connects to its
> >> normal network fine.
> >>
> >> I an running OpenBTS-UMTS into a Ramsey box. I put the phone in the
> >> box and run OpenBTS and when the phone tries to connect I see the
> >> IMSI when the authentication fails (so I successfully caught the
> >> IMSI) but nothing in Snoopsnitch ever triggers.
> >>
> >> Is this expected to trigger it? If not, why not? Is there a more
> >> efficient way to show it working?
> >>
> >> Thank you.
> >> _______________________________________________
> >> Gsmmap mailing list
> >> Gsmmap at lists.srlabs.de
> >> https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap  
> >
> > _______________________________________________
> > Gsmmap mailing list
> > Gsmmap at lists.srlabs.de
> > https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap  
> 



More information about the Gsmmap mailing list