Does not detect fake BTS

[smarek]

Hello,

We've tested with Samsung Galaxy Nexus (i9250) and LG Nexus 5.
We've provided our own BTS with LAC/CID/MCC/MNC in various configurations (either more or less similar to valid BTS in the location.

Application shows no warning about BTS not being in the OpenCellID database or the CID not matching known CIDs for given MCC/MNC.

If I understand the purpose of the application correctly, it should warn you about suspicious networks being joined or passed by. If that's correct, it does not do this for us.

Also we've tried setting up the BTS using informations of BTS from OpenCellID in distant location, and application does not warn that the BTS we're connected to should not be located where the device is.

[E3V3A]

Hi @smarek and Welcome to our project!

Thank you very much for testing this on a real fBTS. That is very useful and you can be of great help with access to that equipment. But you may have missed the point that our app is in alpha stage of development and a very few of the 22+ Detection Mechanisms (#230) have been implemented. In addition we have not yet configured our new map to distinguish between the cells (#250). Once this is done you should see some badness going on.

If you have any app dev skills, please feel free to dig into our code and current issues and let us know how to fix it.

I'll close this issue for now as invalid, so take no offense please.

[E3V3A]

Currently you'll have to look in the debug logs (logcat) to see some alerts.
In addition for a changing LAC, there should be a yellow flag, which has been tested.

[smarek]

@E3V3A thanks for the feedback, yes, I assumed in this stage of project some of the detections would be working, my fault I didn't check the other issues in tracker.

Regarding the LAC/CID there is no warning, and I've also seen nothing relevant in LogCat. In testing the phone was switching between real BTS and fBTS, while all of the attributes were changing.
Only issues I've seen in LogCat were touching the problem of device location, as the test was done indoor, is it possible that this caused the app to mistreat the test results? Eg. not having really up-to-date location and changing BTS wold not cause the new BTS info being verified against last known location?

I'll look into contributing with my colleagues.

[E3V3A]

@smarek Awesome, unless you make your own builds, please send me an email, and I'll give you a link to the most recent build and our internal chat if interested. Also, it seem that the device need to have GPS lock before downloading OCID data.

[smarek]

@E3V3A We've made our own builds after quickly reviewing the code.
We've also tried our device both with and without making the GPS lock before installing/using the application.

Few observations:

1. Downloading OCID data doesn't work reliable, sometimes the device downloaded data for MCC 260/262 (which is Poland/Germany), sometimes it correctly downloaded data for MCC 230 (Czech Republic, the actual testing location)
2. We've had to switch between screens on application and/or switch WiFi on/off to get new BTS data, don't know what timeout the devices uses or in what period it does fetch the new network data, we've clearly seen that mobile connected to fBTS, however the data in application remained the same.
3. We've never seen the flag changed, even with correct OCID data downloaded the flag was still green, and data about fBTS appeared in local database (Unique BTS Data)
4. Our fBTS doesn't advertise any Neighboring Cells, don't know if this should be/is treated as validation param or not

[E3V3A]

Interesting.

1. I just fixed the OCID data download last nights commit. It was using a bounding box too large for free 1000 BTS downloads, for default MCC that could be huge, and thus missing many BTS.
2. Yes, that is an annoyance bug, not officially reported, and we havent a clue what's causing it. But then it "kind'a works" after a while. Please open a new issue and post a bug report.
3. We don't know to what degree your fBTS is working. I don't have an answer to this. Most likely just not enough detection parameters implemented.
4. Not sure what you mean, but this should be one of our detections in Detection List  #230. Also not yet implemented... :(

[He3556]

Hello @smarek , thanks for testing our App.

The problem with the "changing LAC" alert is, that you may not be running a "catcher firmware" on the OpenBTS. You have to change only the LAC of your OpenBTS and leave the CID like it is.
Thanks again!

[smarek]

@E3V3A

1. Thanks, I've just tested again (fresh build against 300ceef ), and OCID data downloaded correctly for GPS location
2. I'll do
3. We've just tested (and ping to @He3556 too), simply being connected, and changing just LAC and no other param, will trigger the yellow flag. Previously we've been changing multiple params at time, and it didn't passed the trigger validation probably
4. Great, thanks

I'm considering this done, we'll be watching closely on your progress.
Keep up the great work guys, really appreciate that !

[E3V3A]

@smarek Thank you very much for testing and reporting. That is invaluable to us.
It's all our pleasure, and let's keep in touch for more testing in the near future.