SnoopSnitch for Android warns you about fake base stations
So-called IMSI-Catchers and StingRays act as false mobile towers that sit between mobile devices such as smartphones and real towers maintained by mobile providers or other legitimate companies.
These fake towers can intercept mobile phone traffic and track movement of individuals carrying phones and even manipulate the device remotely.
SnoopSnitch review
SnoopSnitch is a brand new application for Android devices that provides phone owners with information about potential threats in their vicinity.
Note: The application requires root access. It furthermore will only run on Android 4.1 or later operating systems and requires a Qualcomm chipset. The app has been tested successfully on a handful devices already including the Moto E and G, Sony Xperia Z1, LG G2, Samsung S3 Neo and Samsung S4. Other devices like the Nexus 5 or Samsung Galaxy S3 are not supported right now.
On devices without root, SnoopSnitch analyzes the installed firmware to provide information about missing security patches. On rooted devices, it adds the ability to collect and analyze mobile radio data to raise awareness for fake base stations, user tracking, and SS7 attacks.
You can download the app from Google Play or directly from the project website. There is also an option to get the source code and compile the app in a local development environment.
The app "collects and analyzes mobile radio data" while it is running to warn you about potential threats such as fake base stations, user tracking and over-the-air updates.
Once you have installed the app you can run tests to identify threats. Tests include placing an outgoing call to a number that is always busy and sending a SMS message to an invalid number.
The creators of the app note that service charges may apply even though it is unlikely in the majority of cases. They still advise to use a pre-paid SIM card for the test as it provides better options to control these charges.
Users of the application can upload test results to a remote server. The data uploaded by all users to the server is made available to all users of the application. This means that users can access all security events and suspicious activity provided that these have been uploaded to the server previously.
A related application is IMSI Catcher Detector which concentrates on fake base stations only though.
Closing Words
I can see this being used in business environments and other sensitive areas to make sure that traffic is not flowing through fake base stations.
am I the only one thinking criminals will likely get a lot of use from this?
What makes you say that?
The police can use these things (IMSI grabbers) to track people – criminals who want to know if they’re under surveillance would get a lot of help from this.
Problem is, there are plenty known cases where police and agencies have used all sorts of mobile tracking and spying techniques without any warrant or lawful intent.
Such illegal tracking of possible whistleblowers, political activists and other people of interest is more likely to be made public by apps like this.
When the state willfully breaks laws every chance it gets, there is a need to put in checks,
nobody wants to live in a orwellian state.
I believe my neighbour is using imsi catcher, and is targeting me as we have fallen out I also believe he using it on the rest of my community, I don’t have any strong evidence and have been told not to worry Ive got nothing to hide and if he wants to be sad let him it’s not I’ve got anything to steal and I would probably agreed until this happened. I’ve got nothing to hide but now I realize how much my privacy means and with them living next door to me and doing this how much power that give them and if there willing to do this where will they stop.