Project

General

Profile

Wiki » History » Revision 16

Revision 15 (Alex, 12/29/2014 12:50 PM) → Revision 16/67 (Karsten, 12/30/2014 08:59 PM)

h1. SnoopSnitch 

 SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn 
 you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map. 

 !{width: 10%;}sc_dashboard.png!    !{width: 10%;}sc_map_overview.png! !{width: 10%;}sc_catcher_hour.png! !{width: 10%;}sc_map_details.png! 

 This application currently only works on Android phones with a Qualcomm chipset and a stock Android ROM. It requires root priviliges to capture mobile network data. 

 h3. Requirements: 

 * Qualcomm-based Android phone (see list below) 
 * *Stock* Android ROM, version 4.1 or later 
 Note: Unfortunately, custom Android ROMs like CyanogenMod are *not* supported, as they lack the drivers necessary to collect radio data. 
 * *Root privileges* on phone 

 h3. Tested Devices: 

 The following devices have been verified to work: 

 * Samsung S3 Neo (GT-I9301I) 
 * LG G2 (LG-D802) 
 * Sony Xperia Z1 (C6903) 
 * Samsung S5 (SM-G900F) 
 * Motorola Moto E (Moto E) 
 * Samsung S4 (Qualcomm variant) 

 It is very likely that other Qualcomm-based Android phones also work, if they are rooted and have a stock firmware. 

 h3. Incompatible Devices: 

 The following devices have been found to be incompatible and can *not* be used with SnoopSnitch: 

 * *Sometimes Unsupported.* Devices with custom ROM such as CyanogenMod (We are investigating what causes the different experiences) 
 * *Unsupported.* *UNSUPPORTED:* Every device without a Qualcomm chipset 
 * *Unsupported.* *UNSUPPORTED:* Every device with custom ROM 
 * *UNSUPPORTED:* Samsung Galaxy S2 & S3 
 * *Unsupported.* *UNSUPPORTED:* Nexus 5 
 * *Unsupported.* *UNSUPPORTED:* Huawei Ascend Y300 

 h3. Download: 

 * "Pre-compiled .apk":https://opensource.srlabs.de/attachments/download/104/SnoopSnitch-0.9.1.apk (SHA1: 41e22090f1cb30751a898322134ca238be9ac3dc) 
 * "Pre-compiled .apk from Google Play Store":https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch 
 * Source Code: <pre>git clone --recursive https://opensource.srlabs.de:/git/snoopsnitch.git</pre> 

 SnoopSnitch is released under the GPL v3 license (cf. source:COPYING). The app is known to built under Linux and OS X, see source:README for build instructions. 

 h3. Disclaimer 

 The tests include an active part. First, your phone will place outgoing calls to a dedicated number. This number will always be busy and never answer in order to rule out voice charges as best as we can. 

 Second, your phone will send SMS short messages to an invalid number. 

 In some cases, we saw operators charging for these kind of transactions transactions. Hence, please have an eye on your phone bill when performing active tests using SnoopSnitch. 

 To control for involuntary charges, we strongly advise the use of a dedicated pre-paid SIM card for these tests. 

 h3. Instructions 

 # Make sure you have rooted the phone 
 # Install application from "Google Play app store":https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch or below 
 # Run the app, execute active tests, upload security events and suspicious activity 

 h3. Mailing list 

 A public mailing list for discussions is "here":https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap 

 h3. Version history 

 Version 0.9.1 

 * Fix problem where SnoopSnitch would leave the phone muted after a test 
 * Remove issue with disappearing (Skype) dialing dialogs 
 * Resolved performance issue in analysis 

 Version 0.9.0 
 * Initial public release