The goal is the research and development of Intrusion Detection System related with Cell Networks.
Mainly this App will check the status of some Cell Network variables (e.g. Cellid, LAC, A5 Encryption, etc.) subsequently update a local DB and check if the information about the cell networks around the users are valid or if there could be a risk (e.g. possible interception, possible impersonation, etc.).
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
Bootcamp 2012 – University of Luxembourg
Luca Bongiorni – 20/09/2012
The GSM or 2G, even if outdated (1987), is the most
popular radio communication standard around the
It is widely deployed!
It counts more than 4.4 billion of subscribers spread
across more than 200 countries.
“… police had been detecting unauthorized IMSI catchers
being used across the country, though had not been able
to catch any of the perpetrators. … Former Czech
intelligence agency chief A. Sandor said that businesses
could be using them to spy on one another. … it’s possible
that criminal gangs could be using them for extortion”
• What happens if competitors use it to take advantage of your company?
• What happens if someone intercept you and then extorts you money?
Think about it…
In the last years many Practical Attacks have been publicly disclosed!
Using Cell Phones is no longer safe for Private Life or for Business.
Some of the Threats that You should be aware:
IMSI-Catchers (e.g. Location Disclosure, Calls, SMS, Banking mTAN
Interception, Highjacking Emergency Calls, User Impersonation, etc.)
Passive Sniffing / Cracking (If the operator uses a weak encryption
algorithm your data, calls, SMS can be easily intercepted by everyone!)
• Lack of Mutual Authentication
o The MS auths the network, not viceversa
• Subcribers Mobility
o The Stronger signal Wins
(Cell Selection & Reselection)
o Forced Location Update
(if LACPLMN != LACIMSI-Catcher then
swtich to IMSI-Catcher)
• Encryption is NOT Compulsory
A5/0 No Encryption
A Mobile Cell Networks Intrusion Detection
iParanoid is an Android App (and soon also for iPhone) that
acts as a sort of Real Time IDS (Intrusion Detection System),
that alerts the subscriber in case is happening something
strange and reacts in order to prevent attacks or data loss:
Man In The Middle Attacks
No Encryption adopted by the
Denial of Services
Silent Calls or SMS
iParanoid has two Operative Modes:
Offline Mode: The App should be able to show which
encryption level is used from the Cell Network and alert the
user in case that encryption level is changed (e.g. A5/1 ->
A5/2 -> A5/0) and if the tuple (CellID/LAC) is changed too.
Online Mode: The App should retrieve the list of all
Trustable BTSes (related on the area where the user is
located thanks to the GPS) from the remote server. **
** High Encryption Level needed (e.g. GPG)
Both operative modes can be ran as deamon from the boot of the phone
(without user interaction) or launched by the users as a usual app.
The App should use the Android’s APIs to retrieve some
important variables from the Cell Network, like: MNC,
MCC, LAC, CID, Cipher indicator A5 (eventually also CRO,
T3212 and Neighbours Cells).
Then, once retrieved also the GPS position, all datas are
evaluated and sent to a remote server that will further
analyze the Security Level and report eventual malicious
In case of alerts the user will be notified and He/She will
have the possibility to spread them through Social
Networks or the iParanoid’s webserver (anonymously).
The Server should use TWO DBs:
●Trustable BTS Towers DataBase
●Anonymous Users Alerts
(GPS position, Timestamp & Type of Risk)
The Server Should be able to:
Analyze and Correlate the informations between the first
DB and the ones that have been sent from iParanoid.
In case of malicious behaviour, It should notify the
user with an Alert.