SlideShare a Scribd company logo

Wiretap Detector - detecting cell-site simulators

Download as PPTX, PDF
Bozhidar Bozhanov
Bozhidar Bozhanov

Presentation about Wiretap Detector - an app for detecting cell-site simulators (stingrays, IMSI catchers)

Technology
1 of 17
Download to read offline
1
2
3
4
5
6
7
Most read
8
9
10
Most read
11
Most read
12
13
14
15
16
17
Detecting Cell-Site Simulators Bozhidar Bozhanov
About me ● Software engineer ● Minister of electronic governance of Bulgaria (2021-2022) ● Member of Bulgarian parliament ● https://techblog.bozho.net ● X: @bozhobg
Disclaimer ● No classified information in these slides ● I’ve obtained no information present in these slides just because I’m a member of parliament ● The slides are entirely with my “expert hat” on
Interception
Methods for (legal) interception ● Interception interfaces (directly streaming calls and sms from telecoms) ● Spyware (Pegasus, Predator) ● Cell-site simulators, stingrays, IMSI-catchers ● Other SS7 vulnerabilities
Rumours ● Private interception companies use some of these technologies ● These technologies are used to wiretap activists, journalists and opposition politicians ● Key leaks for 3G+ authentication
Cell-site simulators Source: EFF
Wiretap Detector - detecting cell-site simulators
Wiretap Detector - detecting cell-site simulators
How does it work? ● Not much public information; whistleblowers and rumours ● Mobiles devices connect to the strongest signal ● No mandatory cell tower authentication ● 2G-downgrade ● Session key leaks through rouming (3G, 4G) ● Passive IMSI catchers (not actual fake towers) ● Active (fake towers)
How to protect ourselves? ● We can’t ● Stop 2G support on your phone (some phones support this) ● Detecting interception: ○ EFF Crocodile hunter (requires specialized hardware) ○ Android IMSI Catcher Detector (requires root, not present in the play store) ○ SnoopSnitch (requires root) ○ Wiretap Detector (https://github.com/Glamdring/wiretap-detector)
Wiretap Detector ● Mobile application with no root permission requited ● Built by volunteers, open source ● No guarantees for successful detection ● The app solves only the cell-site simulator approach (and doesn’t detect spywhare, interception interfaces, etc.)
Detection methods ● Compares public IP with the announced IP ranges of the telecom ○ Gets ASN based on the initial IP ○ https://ip.guide (RIPE) ○ Countermeasure that could be used: the simulator can route requests to the right telecom (if it supports multi-SIM) ● Detecting changes on the first 2 hops of traceroute ○ Countermeasure: removing the first hop(s) ● Detecting changes in the combinnation of (geocoordinates, cell identifier ● Countermeasures: Spoofing all cell IDs ● Countermeasures are possible, but they complicate things and may not be implemented (yet) by cell-site simulators
TODO list ● Deploy on iOS ● Compare more cell details ● Compare with public cell databases ● Detecting attacks using fake roaming ● Centralized database with detections
Using Signal, Threema, Wire, etc. increases privacy guarantees
Everyone is welcome to help develop the project further
Thank you

More Related Content

Similar to Wiretap Detector - detecting cell-site simulators (20)

PDF
Telecom security from ss7 to all ip all-open-v3-zeronights
P1Security
 
PPTX
Wiretapping presentation and security.pptx
coderashu15
 
PDF
Luiz eduardo. introduction to mobile snitch
Yury Chemerkin
 
PPTX
Test
guest833bf3b
 
PPTX
Cybersecurity Risks In the Mobile Environment
Hamilton Turner
 
PDF
Defcon 22-robert-rowley-detecting-defending-against-surveill
Priyanka Aash
 
PDF
SenseDroid
Santanu Sarma
 
PDF
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
AliAlwesabi
 
PDF
D2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdf
f2po1
 
PDF
Over the Air 2011 Security Workshop
Ericsson Labs
 
PDF
A million little tracking devices - Don Bailey
idsecconf
 
PPTX
128-ch2.pptx
HiraAshfaqSubhan
 
PDF
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
Luca Bongiorni
 
PDF
Hack.lu 2016 - 2G and 3G intercom hacking
📡 Sebastien Dudek
 
PPTX
ANDROID SECURITY
yogeshraut090
 
PDF
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
 
PDF
Cyber Security: Stalking Prey: An RF Hackers Perspective
Signals Defense, LLC
 
PPTX
Hidden Active Cell Phone Detectorv
Edgefxkits & Solutions
 
PDF
Info security - mobile approach
EY Belgium
 
PPT
4471_mobile_device_security_handout.ppt
BalwinderKaur626266
 
Telecom security from ss7 to all ip all-open-v3-zeronights
P1Security
 
Wiretapping presentation and security.pptx
coderashu15
 
Luiz eduardo. introduction to mobile snitch
Yury Chemerkin
 
Test
guest833bf3b
 
Cybersecurity Risks In the Mobile Environment
Hamilton Turner
 
Defcon 22-robert-rowley-detecting-defending-against-surveill
Priyanka Aash
 
SenseDroid
Santanu Sarma
 
eu-19-Yazdanmehr-Mobile-Network-Hacking-IP-Edition-2.pdf
AliAlwesabi
 
D2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdf
f2po1
 
Over the Air 2011 Security Workshop
Ericsson Labs
 
A million little tracking devices - Don Bailey
idsecconf
 
128-ch2.pptx
HiraAshfaqSubhan
 
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
Luca Bongiorni
 
Hack.lu 2016 - 2G and 3G intercom hacking
📡 Sebastien Dudek
 
ANDROID SECURITY
yogeshraut090
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
 
Cyber Security: Stalking Prey: An RF Hackers Perspective
Signals Defense, LLC
 
Hidden Active Cell Phone Detectorv
Edgefxkits & Solutions
 
Info security - mobile approach
EY Belgium
 
4471_mobile_device_security_handout.ppt
BalwinderKaur626266
 

More from Bozhidar Bozhanov (20)

PPTX
Откриване на фалшиви клетки за подслушване
Bozhidar Bozhanov
 
PPTX
Антикорупционен софтуер
Bozhidar Bozhanov
 
PDF
Nothing is secure.pdf
Bozhidar Bozhanov
 
PPTX
Elasticsearch - Scalability and Multitenancy
Bozhidar Bozhanov
 
PPTX
Encryption in the enterprise
Bozhidar Bozhanov
 
PPTX
Blockchain overview - types, use-cases, security and usabilty
Bozhidar Bozhanov
 
PPTX
Електронна държава
Bozhidar Bozhanov
 
PPTX
Blockchain - what is it good for?
Bozhidar Bozhanov
 
PPTX
Algorithmic and technological transparency
Bozhidar Bozhanov
 
PPTX
Scaling horizontally on AWS
Bozhidar Bozhanov
 
PDF
Alternatives for copyright protection online
Bozhidar Bozhanov
 
PPTX
GDPR for developers
Bozhidar Bozhanov
 
PPTX
Политики, основани на данни
Bozhidar Bozhanov
 
PDF
Отворено законодателство
Bozhidar Bozhanov
 
PPTX
Overview of Message Queues
Bozhidar Bozhanov
 
PPTX
Electronic governance steps in the right direction?
Bozhidar Bozhanov
 
PPTX
Сигурност на електронното управление
Bozhidar Bozhanov
 
PPTX
Opensource government
Bozhidar Bozhanov
 
PDF
Биометрична идентификация
Bozhidar Bozhanov
 
PDF
Biometric identification
Bozhidar Bozhanov
 
Откриване на фалшиви клетки за подслушване
Bozhidar Bozhanov
 
Антикорупционен софтуер
Bozhidar Bozhanov
 
Nothing is secure.pdf
Bozhidar Bozhanov
 
Elasticsearch - Scalability and Multitenancy
Bozhidar Bozhanov
 
Encryption in the enterprise
Bozhidar Bozhanov
 
Blockchain overview - types, use-cases, security and usabilty
Bozhidar Bozhanov
 
Електронна държава
Bozhidar Bozhanov
 
Blockchain - what is it good for?
Bozhidar Bozhanov
 
Algorithmic and technological transparency
Bozhidar Bozhanov
 
Scaling horizontally on AWS
Bozhidar Bozhanov
 
Alternatives for copyright protection online
Bozhidar Bozhanov
 
GDPR for developers
Bozhidar Bozhanov
 
Политики, основани на данни
Bozhidar Bozhanov
 
Отворено законодателство
Bozhidar Bozhanov
 
Overview of Message Queues
Bozhidar Bozhanov
 
Electronic governance steps in the right direction?
Bozhidar Bozhanov
 
Сигурност на електронното управление
Bozhidar Bozhanov
 
Opensource government
Bozhidar Bozhanov
 
Биометрична идентификация
Bozhidar Bozhanov
 
Biometric identification
Bozhidar Bozhanov
 
Ad

Recently uploaded (20)

PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PPTX
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
PDF
Predicting the unpredictable: re-engineering recommendation algorithms for fr...
Speck&Tech
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PPT
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
PDF
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
PDF
Complete Network Protection with Real-Time Security
L4RGINDIA
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PPTX
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PPTX
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
Predicting the unpredictable: re-engineering recommendation algorithms for fr...
Speck&Tech
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
Complete Network Protection with Real-Time Security
L4RGINDIA
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Ad

Wiretap Detector - detecting cell-site simulators

  • 2. About me ● Software engineer ● Minister of electronic governance of Bulgaria (2021-2022) ● Member of Bulgarian parliament ● https://techblog.bozho.net ● X: @bozhobg
  • 3. Disclaimer ● No classified information in these slides ● I’ve obtained no information present in these slides just because I’m a member of parliament ● The slides are entirely with my “expert hat” on
  • 5. Methods for (legal) interception ● Interception interfaces (directly streaming calls and sms from telecoms) ● Spyware (Pegasus, Predator) ● Cell-site simulators, stingrays, IMSI-catchers ● Other SS7 vulnerabilities
  • 6. Rumours ● Private interception companies use some of these technologies ● These technologies are used to wiretap activists, journalists and opposition politicians ● Key leaks for 3G+ authentication
  • 10. How does it work? ● Not much public information; whistleblowers and rumours ● Mobiles devices connect to the strongest signal ● No mandatory cell tower authentication ● 2G-downgrade ● Session key leaks through rouming (3G, 4G) ● Passive IMSI catchers (not actual fake towers) ● Active (fake towers)
  • 11. How to protect ourselves? ● We can’t ● Stop 2G support on your phone (some phones support this) ● Detecting interception: ○ EFF Crocodile hunter (requires specialized hardware) ○ Android IMSI Catcher Detector (requires root, not present in the play store) ○ SnoopSnitch (requires root) ○ Wiretap Detector (https://github.com/Glamdring/wiretap-detector)
  • 12. Wiretap Detector ● Mobile application with no root permission requited ● Built by volunteers, open source ● No guarantees for successful detection ● The app solves only the cell-site simulator approach (and doesn’t detect spywhare, interception interfaces, etc.)
  • 13. Detection methods ● Compares public IP with the announced IP ranges of the telecom ○ Gets ASN based on the initial IP ○ https://ip.guide (RIPE) ○ Countermeasure that could be used: the simulator can route requests to the right telecom (if it supports multi-SIM) ● Detecting changes on the first 2 hops of traceroute ○ Countermeasure: removing the first hop(s) ● Detecting changes in the combinnation of (geocoordinates, cell identifier ● Countermeasures: Spoofing all cell IDs ● Countermeasures are possible, but they complicate things and may not be implemented (yet) by cell-site simulators
  • 14. TODO list ● Deploy on iOS ● Compare more cell details ● Compare with public cell databases ● Detecting attacks using fake roaming ● Centralized database with detections
  • 15. Using Signal, Threema, Wire, etc. increases privacy guarantees
  • 16. Everyone is welcome to help develop the project further