-
Notifications
You must be signed in to change notification settings - Fork 948
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changing LAC on same CID #91
Comments
Thanks for opening this Issue, @He3556. Makes sense to me and is in line with the Status Icons. But should we really be showing Status Red when it changes more than once? Guess Orange for "HIGH" would be better in this case until we can add additional tests to verify that this particular user is being traced. @E3V3A, your opinion? @xLaMbChOpSx, how far away is this "easy" implementation for you? |
yes right, we have orange, so let's use this first. |
He3556 : Very clean and nice description. Thanks. We probably don't wanna make it "red" immediately (which is why we have that score table) because it could easily change under simple conditions such as:
|
Yes, so here is a good place we can actually use signal strength. Because when connected normally, you will have one, and if for some reason another one pops up with a completely new a better signal, with the same LAC/CID that is rather abnormal. So it's use would be a "relative" signal strength, that suddenly changes in time, but not place. |
Wouldn't it (signal strength) belong to the statistic detection? Because you need data of the BTS history, so you can tell if the signal is changing in a abnormal way. A changing LAC you can detect immediately, event if you are in a new area and without data from the CellID db. And than, if both values change (LAC and Signal Strength) you can be quite sure, that there is something going on. So let's separate the 2 strategies and maybe open a new Issue "Detection 3: Changing Signal Strength"? |
You're absolutely right! |
HUGE THANKS flies out to @xLaMbChOpSx for commiting xLaMbChOpSx@43ae77e |
@tobykurien, you said that this is implemented. Can you verify that we did a full implementation and that this Issue can be closed as solved? If not, what else has to be done to progress from here? |
I have plenty of LAC change warnings every day - yellow icon I would send you logged data for analysis but how to do it? I am on the edge of the range of any BTS because I live in the deep countryside. My GSM signal is almost null, one bar or nothing but when I walk or drive around with my phone I register yellow icon LAC change warning. I would help you but I don't know how to do it. I am not a target but I receive weak signal of some events. You should have OTR encrypted chat client with you. |
@menschenfresser, danke für Deine Teilnahme am Projekt! I would very much welcome if you forward your findings to @E3V3A via E-Mail. Please see our |
As I said, right now the app is not suitable for moving around, since that obviously will connect you to a new LAC. Thus, until we have fixed the DB and CID relations, you'll have to stay put in one place, for reliable detection. |
From looking at the code it basically does this:
So basically, it checks LAC against previous LAC for the CellId. This means that it should work fine even for moving around. |
thanks for clarification :) |
Hi, if I understand it right the Police can't order the telecom company to wiretap us without court warrant and without prior evidences against us. Then the Police tries to capture some voice/data in illegal way by serving fake BTS or IMSI-Catcher. Police can also use such illegal hardware to sniff for random phone conversations and make raids at 6AM to illegally eavesdropped people only just because of incriminating conversation. Am I right? The question is how far the telecom responsible for the network is involved in this illegal procedure?
What else? |
@menschenfresser, to make it short: Do not "trust" any governmental agencies, the police or whatever to even do what the law "requires" them to do. They just do whatever is necessary to obtain needed data - the invention of IMSI-Catchers themselves is the best proof of that: They invented and used it until the device was publicly known too much and some sort of law had to be "put in place" to make the roaring crowd calm down. But do you think they actually follow "rules"? Forget it. Laws in itself are a joke. I am thankful you are contributing to our project, but discussing such basic things is beyond the scope and not meant to be done in our Issues here. I've been reading multiple comments from you now and actually do understand why @E3V3A has been removing some of the things you've previously said. Please don't take that personally, but we're working hard to move forward on actually crafting this App, rather than just babble like everyone else does. If you'd really like to help us and show your support, please consider to fork our project and contribute pull requests. You will gain our respect for doing so! But of course, if you have any questions or would just like to say "hi", please get in touch with me via E-Mail. You are always invited to ask me anything that might be unclear or chat away your boredom. Judging from your username, you are German. The Press Releases may answer your questions. |
We shouldn't put 2 detections in one Issue again. This was "Changing LAC" and "Wrong CID" - now that we are finished with it, i will keep it like it is. But there is still a bug giving wrong alerts (changing LAC) under special conditions. |
Which one? Please reference the correct Issue and close this if really done. |
I would like to give this a shot. What would be a suitable notification? "Cell ID does not exist in OpenCellID Database." ? Or should I use the log string? |
Thanks for picking up this one. Yes "Cell ID does not exist in OpenCellID Database" would be great. |
thank's to d-mariano - we got this Issue finished :) |
Dave Mariano Fixed Issue #91: - Lack of notification and tickerText in the event of: cellID not existing in the OCID database.
Thanks to @d-mariano for his funky pull request! @He3556, if this is really solved now, please close. |
we can still enhance this but actually we are finished at that point. So i just close it :) |
@d-mariano
@SecUpwN @He3556 @Ueland Please test! Also, there seem to be no fallback to green after yellow. We may need a timeout there or what would be the most sensible thing to do? |
There is everything ok with the code and i am absolutely sure, that @d-mariano tested it before ;) REMINDER: For the installation & setup wizard (for the first start of the app) |
@E3V3A, the new Issue for the immediate yellow flag is #290. And just to tell you: We already discussed it in the Testroom before you mentioned it here. So is this closed now, or how often do we need to re-open this? I am about to lock this. Please tell us exactly what else needs to be fixed. Thank you. |
Should we rename this to "...Changing LAC on same CID"? |
yes thats why i said - in the future we don't throw detections together, in one issue :) if you want pls rename it. |
Great! (The problem was that I originally though of them as connected.) |
@E3V3A, I can't follow, please clarify. We had multiple Issues in here and this one is solved? |
… cellID not existing in the OCID database.
Dave Mariano Fixed Issue #91: - Lack of notification and tickerText in the event of: cellID not existing in the OCID database.
Hey there, I experience the following (as I already emailed you about, @SecUpwN ): NB: Note that after updating on v0.1.38 and downloading the OCID DB, this stopped happening (at least it didn't in the past three days). So it may be due to this DB missing. |
@Tonat there was a change in lac as seen your log 01-06 20:00:09.397 10221-10221/com.SecUpwN.AIMSICD I/a﹕ ALERT: Changing LAC on CID: xxxxx3001 LAC(API): abc48 LAC(DBi): abc58 It's possible that both these LAC locations have the same cell id but if there is no LAC abc58 in your area than I would class this as suspicious. If this LAC suddenly disappears a few hours later that's even more suspicious. Try open cell id to see if this lac and cid exist for your area or another website that shows lac and cid locations. |
If you have this alerts on different CIDs it is the same old problem. Some devices read wrong LAC values from time to time. |
The LAC (Location Area Code) describes a set of Cell Towers (with different IDs) like below:
Step 1 of the IMSI-Catcher (picture 1): Masquerade like a real BTS and send with more power than the original, so a cell phone would connect to it. But if the connection is established it is still using the TIMSI (Temporary IMSI).
Step 2 of the IMSI-Catcher (picture 2): One possibility to get the IMSI:
If the MSC (Controller of a group of BTS) is also changing with this location update, then the phone would have to send the IMSI. Or if the location update fails it will also send the IMSI.
See Figure 4.1.1.1 [http://www.qtc.jp/3GPP/Specs/23012-520.pdf]
However, the Catcher-Catcher Project gives a yellow or a even a red flag if the LAC is changing, so we really should implement this. It is also quite simple to do, because we have the values LAC and CellID. If the CellID changes the LAC over the time – we can show a yellow flag – if it changes more than once we show a red flag. This happens while the IMSI-Catcher is catching IMSI’s – not when a call is established. So you don’t have to be the victim to detect a fake BTS.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: