Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Friday January 02 2015, @07:44AM   Printer-friendly [Skip to comment(s)]
from the snitching-on-snitches dept.

IMSI catchers, otherwise known as stingrays, are those surveillance tools that masquerade as cell towers and trick mobile phones into connecting, spewing private data in the process. Law-enforcement agencies have been using them for almost two decades, but there's never been a good way for individuals to detect them. Now Lily Hay Newman reports that SnoopSnitch scans for radio signals that indicate a transition to a stingray from a legitimate cell tower. "SnoopSnitch collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates." say German security researchers Alex Senier, Karsten Nohl, and Tobias Engel, creators of the app which is available now only for Andriod. The app can't protect people's phones from connecting to stingrays in the first place, but it can at least let them know that there is surveillance happening in a given area. "There's no one set of information, taken by itself, that allows you to detect an IMSI catcher," says Nohl. "But we do stream analysis of everything that happens on your phone, and can come out with a warning if it crosses a certain threshold."

Stingrays have garnered attention since a 2011 Arizona court case in which one agent admitted in an affidavit that the tool collaterally swept up data on “innocent, non-target devices” (U.S. v. Rigmaiden). The government eventually conceded in this case that the “tracking operation was a Fourth Amendment search and seizure,” meaning it required a warrant. But given that the Justice Department has continued to claim that cellphone users have no reasonable expectation of privacy over their location data, it may take a Supreme Court judgement to settle the Stingray issue countrywide.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday January 02 2015, @10:07AM

    by Anonymous Coward on Friday January 02 2015, @10:07AM (#130973)

    qualcom chipset and SIM card required.
    my sim-less qualcom phone with working google play account cannot download it?
    where's the direct APK download link before it gets pulled?

    • (Score: 0) by Anonymous Coward on Friday January 02 2015, @10:10AM

      by Anonymous Coward on Friday January 02 2015, @10:10AM (#130975)

      nonono, you have to REGISTER via SIM (google play) card so they can add you to the correct category in the l3tt3r database: "nosy security researcher".

    • (Score: 2) by q.kontinuum on Friday January 02 2015, @10:52AM

      by q.kontinuum (532) on Friday January 02 2015, @10:52AM (#130983) Journal

      I googled for "snoopsnitch apk direct download" and found several, e.g. apkdler.com [google.ie]. More interesting is the question if the sources will be made available.

      --
      Registered IRC nick on chat.soylentnews.org: qkontinuum
      • (Score: 0) by Anonymous Coward on Friday January 02 2015, @11:03AM

        by Anonymous Coward on Friday January 02 2015, @11:03AM (#130985)

        ooh noes you mentioned "him"

      • (Score: 0) by Anonymous Coward on Friday January 02 2015, @11:03AM

        by Anonymous Coward on Friday January 02 2015, @11:03AM (#130986)

        thx, ofc i tried a (trusted) "online" APK downloader first : )
        side note: (not using the the google play APP) interesting enough firefox mobile can/will report to google.play website that no SIM card is inserted ... what's the javascript for that?

      • (Score: 2) by Gravis on Friday January 02 2015, @10:04PM

        by Gravis (4596) on Friday January 02 2015, @10:04PM (#131097)

        project webpage: https://opensource.srlabs.de/projects/snoopsnitch [srlabs.de]
        or just get the source

        git clone --recursive " rel="url2html-10060">https://opensource.srlabs.de:/git/snoopsnitch.git

        • (Score: 2) by q.kontinuum on Saturday January 03 2015, @10:18AM

          by q.kontinuum (532) on Saturday January 03 2015, @10:18AM (#131280) Journal

          Thanks!! Would mod you up, but seems to be still not possible in discussions where I posted.

          --
          Registered IRC nick on chat.soylentnews.org: qkontinuum
    • (Score: 1) by CreatureComfort on Friday January 02 2015, @03:30PM

      by CreatureComfort (4295) on Friday January 02 2015, @03:30PM (#131016)

      Also requires root, so a no go on AT&T Samsung Note 3 or 4.

      --
      Unheard of means only it's undreamed of yet, Impossible means not yet done. ~~ Julia Ecklar
      • (Score: 3, Interesting) by darkfeline on Friday January 02 2015, @11:01PM

        by darkfeline (1030) on Friday January 02 2015, @11:01PM (#131107) Homepage

        Slightly off-topic, but I think it should be illegal to sell a device to a customer without root access. It's like buying a house or car, but the person you bought it from keeps the master key. Even if companies hide it to protect stupid users, they should at least make it available to users who request it.

        --
        Join the SDF Public Access UNIX System today!