By Jason Koebler
Are the police tracking you with a fake cell phone tower? Maybe! Probably, even. But, until now, there was absolutely no way of knowing if your phone was automatically connecting to a so-called “Stingray” or other location tracker. Finally, there’s an app that is supposedly able to detect the tools police use to track people en masse.
Law enforcement all around the world have been using International Mobile Subscriber Identity catchers, popularly known by the most popular brand name, Stingray, for several years now to track criminal suspects, all the while snatching up the location data of everyone in a geographical radius. Their use is highly controversial because, due to the nature of the way they work—by posing as a cell phone tower and routing cell connection traffic through the device to actual cell phone towers—it’s impossible to avoid snatching up the data of innocent bystanders.
SnoopSnitch’s home screen. Screengrab: SnoopSnitch?
Because of this limitation, their use is illegal in some countries and has been ruled unconstitutional in several states (most recently in Florida).
Beyond that, we generally have no idea where the hell law enforcement is actually using them. Thanks to a combination of Freedom of Information Act requests, court cases in which evidence from IMSI catchers were used, media reports, and information leaks, we now know that at least 12 federal agencies and 19 states use Stingrays, but we have no idea when they’re used, the parameters for when they can be used, and where, specifically, they are used. As for the other 31 states? We have no idea.
That’s all a long way of saying that the introduction of SnoopSnitch, an app that can detect the use of IMSI catchers in real time is long, long overdue and extremely welcome. The app was announced and released at the Chaos Computer Congress conference this weekend by SRLabs, a team of German security experts led by Alex Senier, Karsten Nohl, and Tobias Engel.
“Your every movement can be tracked all over the world,” Engel said. “You, as the subscriber, cannot do anything. You can tell your operator to take action, or you can throw away the phone, but you can’t do anything because it’s happening at a network level.”
Based on SnoopSnitch data so far, this is how network security is in Europe. There is not enough US data collected to make distinctions yet. The data can be narrowed down to smaller geographic areas. Image: SnoopSnitch
But knowing where they’re being operated, at the very least, gives activists and civil liberty types the ability to give people the straight dope on what’s happening, and, well, it’s probably better to know you’re being tracked than being oblivious to it all.
Nohl explained that, yes, it’s very difficult (but not impossible) to make a “catcher catcher,” as he calls SnoopSnitch, but, thanks to the way IMSI catchers work, your phone is getting some information from the Stingray itself that can be used to analyze whether one is in the area.
“The phone receives information that’s useful for the attacker, but it’s also useful for the defender,” he said. “It wants to get information out of you. There’s no one set of information, taken by itself, that allows you to detect an IMSI catcher, but we do stream analysis of everything that happens on your phone, and can come out with a warning if it crosses a certain threshold.”
Nohl said that there are a number of data points the app can use—many networks use encrypted data, for instance, but IMSI catchers often do not.
The types of information that can be used to detect an IMSI Catcher. Image: SnoopSnitch
The problem, at the moment, is that only certain cell phone chipsets actually collect the data necessary to run the app. So, for the time being, only rooted Android phones running on a Qualcomm backbone (this includes many of the most popular phones, including the Samsung Galaxy series and many Sony phones) can actually run the app and glean any real information from it.
“It’s still ongoing work as these chipsets progress,” Nohl said. “Phones are capturing this data but we have to find a way to hack it out.”
It’s not a new idea: Other companies have said they’re developing IMSI catcher detectors, but SnoopSnitch is both user friendly and works with some of the most popular phones out there, so at the moment it seems like the best bet.
In any case, SRLabs has a noble goal: To create a worldwide map of where the hell IMSI catchers are being used. Anytime an IMSI catcher is detected, the user will have the option of uploading information in order to contribute to a map. At the moment, we might not be able to stop these things, but soon enough, we might at least know where they exist.
“If we find hotspots of abuse, we’ll make that transparent,” Nohl said. “So people know where abuse is happening—if it’s around a demonstration, around embassies, wherever.”