Surveillance Detection for Android Phones

It's called SnoopSnitch:

SnoopSnitch is an app for Android devices that analyses your mobile radio traffic to tell if someone is listening in on your phone conversations or tracking your location. Unlike standard antivirus apps, which are designed to combat software intrusions or steal personal info, SnoopSnitch picks up on things like fake mobile base stations or SS7 exploits. As such, it's probably ideally suited to evading surveillance from local government agencies.

The app was written by German outfit Security Research Labs, and is available for free on the Play Store. Unfortunately, you'll need a rooted Android device running a Qualcomm chipset to take advantage.

Download it here.

Posted on January 14, 2015 at 1:18 PM • 30 Comments

Comments

JockUlarJanuary 14, 2015 2:14 PM

I've used computers since the 1st MAC, but am still only a user. I'd be scared to death to "root" my android. It might go on strike, reveal my secrets, or kill me. When security and encryption for the layman?

stevenJanuary 14, 2015 3:07 PM

This app might reveal the prevalence of Stingray devices and similar, being used for mass surveillance. And should be something of a deterrent to police forces continuing to use them in secret and refusing to mention it during legal proceedings. It seems to work by sanity-checking the IDs of cell towers seen, and how quickly they come and go.

It is an extension of their gsmmap.org project to measure, map, and then pressure mobile operators, on their adherence to good security practices. They've revealed such things as 3G devices using only 64-bit symmetric encryption, or networks not enabling it at all.

In their talk at 31C3 they gave examples of commercially-marketed SS7 tracking services, already operating, requiring only a target person's phone number. Stopping that abuse requires mobile operators to secure their systems, but data gathered from this app can similarly check whether that's been done or if it's actively being used against you.

So it's really awesome work.

Shadow FirebirdJanuary 14, 2015 3:24 PM

Unfortunately it requires you to turn on location services. I have no idea why, but even if there is a good reason that is something of a turn-off for me.

MeJanuary 14, 2015 4:06 PM

@Shadow Firebird

I would guess that location services is required to match your cell towers to your location. If a tower in Arkansas is giving you signal in New York, that is a bit of a giveaway that something fishy is going on.

AJanuary 14, 2015 4:11 PM

It's also available on F-Droid along with a similar app, Android IMSI-catcher detector.

https://f-droid.org/repository/browse/?fdid=de.srlabs.snoopsnitch
https://f-droid.org/repository/browse/?fdid=com.SecUpwN.AIMSICD

@Shadow Firebird

I'd understand why you wouldn't want to turn on location services if you have Gapps installed, but for devices without them location services are actually quite useful. There are even replacements for GSM and Wi-Fi positioning that work completely offline.

Check out the µg project.

https://f-droid.org/repository/browse/?fdid=com.google.android.gms

briJanuary 14, 2015 5:34 PM

@f

But do you still need to root the phone? Seems like you are giving up your security if you have to root your phone to install it. Sounds awesome except for having to root the phone.

Lawrence D’OliveiroJanuary 14, 2015 8:51 PM

It’s very odd to hear these comments from people worried about rooting their devices: it takes away root control from the company that made your device, and gives it to you, and yet you consider that “giving up your security”?

Vijay DangiJanuary 14, 2015 9:14 PM

I am a regular reader of your blog and like it very much. I am myself a victim of worst kinda abuse of surveillance by some corrupt Indians. These people went even beyond their legal limits. Now i know well about listening but still to get a clear picture that how people can watch someone in home? I have put black tape on the light source of my webcam but still these people watched me in my home and wrote about the same. What are the possibilities of watching through laptop screen, some kinda waves in case curtains are there on windows? How police people/intelligence agencies can watch through mirrors, reflectors, refractors in entire room/home? How much mobile phone cameras are effective in spying/watching someone? I know lil-bit about all this but to fight a case, i need clarity. There are many victims of misuse of surveillance in India but people either feel better to keep shut for whatever reason or do not know how to fight against Government agencies and officials. Can such victims get any help from international community?
I would be thankful if you could help me in getting these answers.
Regards

Ole JuulJanuary 15, 2015 1:25 AM

Lawrence D’Oliveiro: "It’s very odd to hear these comments from people worried about rooting their devices: it takes away root control from the company that made your device, and gives it to you, and yet you consider that “giving up your security”?"

That was a bit of a shocker to me too, but I suppose it speaks well of Bruce's wide appeal.

I don't have a cell phone or similar, but bought a cheap android tablet a while ago just to see what that stuff was all about. Being a bit of an individualist, it's my way or the highway when it comes to corporate control of my devices or my life. What's mine is mine - so I was quite disgusted with Android. Unfortunately, the cheap Chinese tablet I bought was a bit too odd a mix of hardware for me to root, which makes it exactly useless as far as I'm concerned. It was a valuable lesson.

For VijayJanuary 15, 2015 1:26 AM

why would you put duct tape in the light source of the webcam?

Any electronic device can be (and in your case probably is) a surveillance gear. Camera and microphones can be turned on remotely, you need to put all these away first. You can cover cameras with duct tape, still very few devices today let you disable the microphone. Actually, any phone / computer IS a spyware device. Even someone you know may have installed a keylogger or other advanced form of spyware on your laptop.

In your case, they probably went further and installed surveillance gear into your house. Such an operation is conducted by several professional people, they ensure both you and your neighbors are not at home, they have all possible keys for your doors or burglar skills, then cameras and microphones are installed very discrete. They are very hard to detect even for a professional. For example, they can be inside the walls, close to power lines or even in a TV set (search google for "microcamera" and check the pictures).
Your car may also be wired, both with camera/microphones plus some GPS device. Your internet / router etc may also be under surveillance.
Think at any object then you have been given recently by a known or unknown person.

What you can do - search your electronics for installed spyware but if they had physical access to them it will be impossible to detect anything. Even if not, it may be very difficult. Then put electronics away and search everywhere, maybe you find something. But best you contact a private detective company in your area and ask them to to perform a processional search, they use to have bug detection equipment.

Remember to keep an eye on your house and be discrete, so they wont notice you take measures.

FigureitoutJanuary 15, 2015 2:07 AM

For Vijay RE: TV set spying
--Yep, I can control most every newer TV from my phone. Turns out there's a new "smart TV" at my school which has an IP address, MAC address, unique ID, and even a USB port (didn't find it yet). All I gotta say is some serious lulz are coming to a classroom near you lol, they did not lock down the TV *at all* which they usually do w/ most things, they could've at least turned off "remote control" at least, guess I can do that for them. Prospective students and their parents may find a big ole' pumpkin butt on a TV while on a tour of the campus, that'll be nice and awkward haha. Seriously though, I want to enable a "hack-friendly" environment at my campus; not malicious at all, just funny as hell.

S.January 15, 2015 5:07 AM

> it takes away root control from the company that made your device,
> and gives it to you

Well, not exactly. It gives it to the people who wrote the rooting software.

wiredogJanuary 15, 2015 5:12 AM

The main reason I bought a Nexus 5 was that it comes pre-rooted by Google, with no carrier crapware on it. It's T-Mobile, so service isn't as widely available, but I get signal in the places I go to. Nexus tablets are pre-rooted as well.

NileJanuary 15, 2015 9:40 AM

I have to agree with the earlier posts on Rooting your Android device: yes, it's obvious that taking ownership of your device is good security practice; and no, it's not obvious to the vast majority of the public.

It's not obvious to *anyone* outside the tiny, tiny social bubble of regular Redditors and tech blog readers that come here.

Nor is it easy to do; nor is it a thing that any person of average intelligence and technical ability would consider safe.

Feel free to spout the usual platitudes about 'sheeple'. Or maybe do a bit more outreach work, like the defenestration parties that are, very slowly, getting Ubuntu out into the mainstream.

More pressure on the Telcos would be nice; a safe and trustworthy rooting-and-OS-upgrades service would be nice; effective PR to counteract the FUD about rooting would be nice.

Until these things are commonplace, safe mobile phones will remain a niche interest.

Meanwhile, a prediction: if we ever see a massive mobile security failure with consequences sufficiently severe as to generate adverse media coverage - a near-impossibility given the massive advertising 'spend' of the Mobile Telcos - the results will be a counterproductive response from the regulatory authorities and our elected representatives.

AaronJanuary 15, 2015 12:06 PM

In terms of wanting to find the location, here's the information describing why it wants that access:

ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION: record location of IMSI catchers and security events if configured

stevenJanuary 15, 2015 4:23 PM

SnoopSnitch stores a timestamp and your location for many events, such as the phone registering to new base station, into a SQL database on the device itself. It performs heuristics on that collection of data to detect when something is not right; the app alerts you to that situation. And only if you choose to click the 'Upload' button for a particular event would it send any of that data (cell tower IDs, location, timestamp) to the researchers.

That was my own appraisal of the source code. I'm assuming good faith and that the distributed app really matches with the source code, of course.

Bear in mind that this data is probably known already to your mobile phone operator, perhaps even the manufacturer, Google, in-app spyware; and most notably to anyone exploiting SS7 or GSM etc., which is the whole point of the research.

ghbmailJanuary 15, 2015 4:32 PM

The functionality of the app is a great idea, but the list of permissions the app asks for are hard to swallow for anyone who is concious of their privacy. I understand the app probably needs pretty deep access to things like the radio for signal analysis, but why does it need access to my sms? Or "full permissions to all device features and storage" for that matter?

Scared rootlessJanuary 16, 2015 4:01 AM

Your phone's running a proprietary baseband modem processor which has complete control over the application processor. The baseband processor receives silent SMS text messages from carriers which allows them, or Stingray devices, to reflash your phone's firmware. Ever hear your phone mysteriously reboot on it's own? You just received a over-the-air firmware update.

The baseband processor also has full read/write access to the application processor's RAM memory space. Yet people are worried about rooting their phones? Believe me, you've got much bigger problems and security vulnerabilities than a non-rooted phone with a easy to escape chroot jail.

That's how I jail broke my phone. It had a locked bootloader so I simply escaped the chroot jail. The only thing a chroot jail might stop is malware you install from the Play Store. A chroot jail isn't going to stop mobile carriers from reflashing your firmware, dumping your encryption keys and passphrases from RAM, or anyone with a Stingray device from installing a rootkit on your phone.

That's not even going into the secondary operating system called Java Card, which runs on the SIM card. That's a whole other can of worms. In other words, your mobile phone is insecure and wide open by design. I wouldn't recommend doing anything security sensitive on a mobile phone. At most, use the cellphone as a dumb modem by tethering a laptop to it. With BADUSB going around, even that's risky unless the phone uses wifi tethering app so you can avoid USB.

Vijay DangiJanuary 16, 2015 10:26 AM

Thank you very much! I put duct tape as per some articles and forums advises on google. I got this advise on the logic that no light source means no use of webcam control by hackers.
I would be thankful if you could answer a few more questions:
What are the possibilities of taking continuous screenshots of our own laptop by intelligence people by remote control?
Intelligence agencies/people can watch us through electromagnetic waves/or any kinda waves from our own laptop, microwaves or through some other electronic device/s?
Can these people watch and listen through mirrors/windows, radio waves etc. reflectors, refractors etc. via satellite?
Actually, the person who was stalking me was IG, CID (Crime investigation department) in 2012. Since then he has been transferred a few times to other departments. It is only after my complaint that these people (He and his friends restricted their behavior and write up on social sites on my personal and professional life. He himself gave me so many clues that how all that could be possible. For example:
http://raajfictionillusionorhitechcrime.blogspot.in/search?updated-max=2015-01-07T11:29:00%2B05:30&max-results=2&start=8&by-date=false
http://raajfictionillusionorhitechcrime.blogspot.in/2013/11/venturing-out.html

These people has written about FB, CCTV, Prism, reflectors, refractors in the posts given in above links.
He has also written about kaleidoscope, wiretap and many such things in some other posts, which has been hidden or deleted now. And also indicated in few posts that this is happening at large scale. That may be targeted or at random.
Regards

For VijayJanuary 16, 2015 2:46 PM

There are not such things. There are directional microphones or laser listeners usable from a certain distance still its very unlikely in your case.

What probably happen is that you are under some kind of post surveillance trauma and became paranoid, thinking anything is possible, after you discovered that you have been subject of the surveillance. Like seeing your private conversations or details about your life on internet.

The guy you mentioned is a public figure with a lot of power at hand and its almost certain that you have been the subject of an official investigation. Meaning that they wired your house as I described, having a legal warrant, not necessary obtained on solid proofs or on any proof.

He even seems to admit he bypass the law if necessary:
http://rajbirdeswal.blogspot.ro/2011/03/do-cops-need-to-behave-or-community.html

It is not only possible but very likely that remote installed spyware has taken periodic screenshots from your laptop camera. Its how this kind of software usually acts, as streaming continuous image would be more noticeable.
http://en.wikipedia.org/wiki/Remote_administration_software

Vijay DangiJanuary 17, 2015 12:15 AM

Thank you very much!
In India most of the people sitting at some high chair behave like that. There is nothing like legal warrant to stalk some women like this for 2-3years continuously and on that writing about that in worst language on FB. Police department here is most corrupt and high headed. So this is nothing unusual.There are some online articles and even video about Indian PM and his associates stalking a gal, with the help of some such kinda officers, in 2005.The truth only these people can tell well. Such people feel, they can engineer society as per their wishes and whoever does not fall in their line is westernized and they can teach them a lesson.

This person is stalking like this many others also and even wrote about them on FB in the filthiest language. But those people are silent, for whatever reason best known to them. It seems surveillance technology is less about fighting terror or criminals and more about fighting opponents, dissents, opposite political parties or even individuals who can challenge such people's wrongs.
Thanks again.
Regards

JBJanuary 19, 2015 5:26 PM

> it takes away root control from the company that made your device,
> and gives it to you

Well, not exactly. It gives it to the people who wrote the rooting software.

____

Exactly. As a layman, I don't know enough to really evaluate what the deep software/firmware of my phone's OS is doing. The question is, (1) do I trust Google/Apple/whoever, or do I trust the people who wrote the rooting software? (2) And if the latter, how do I go about continuing to get updates as needed, (3) what do I do if something breaks and I can no longer get the original provider to help because I've rooted it, etc?

The answers are
(1) I am not an expert, so I have no idea, but maybe the rooting people?
(2) No real way to do this without being an expert
(3) Really no way to do this without being an expert


So the security/convenience tradeoff isn't between "to root or not root, that is the question?" It's "do I become a cybersecurity expert, or do I put my trust in Google/Apple/whoever and accept certain vulnerabilities?"

To those who say choosing the latter makes me one of the sheeple, I say you can't eliminate all vulnerabilities. Are you also spending 3+ hours a day studying martial arts so when the proverbial thugs with $5 wrenches come for you you can protect yourself? What are you doing to ensure that you can't be threatened with harm to your family? What about your physical property?

At a certain point the optimal security strategy is lobbying/educating your congressperson to work toward a secure, freedom-respecting society. Everything else only helps on the margins.

MarcJanuary 19, 2015 7:23 PM

It is unfortunate but it's a hole lot better than Osmocom. The Qualcomm SOC is pretty widely used in top of the line smartphones and apparently virtually all of them have the debug interface exposed to the AP.

Assuming they will update the level of detail on gsmmap.org to the level provided by the app it can be a huge gain for the project.

ValFebruary 3, 2015 1:36 AM

I don't even know what "rooting" is but I can already tell you I would be doing it on a phone I don't use as my "daily driver" as I have a tendency to want to learn for myself but also would leave myself vehicle-less in the process.

Mario GambinoAugust 12, 2017 12:36 AM

Interested in knowing if there is an app available with which a person could detect a wiretapping device anywhere in the home or office

Clive RobinsonAugust 12, 2017 3:06 AM

@ Mario Gambino,

Interested in knowing if there is an app available with which a person could detect a wiretapping device anywhere in the home or office

There are interfaces like SL4A that control the radio receviers in a smart phone, but they are not universal coverage. Likewise there are intetfaces by which you can control both the internal camera and "Led Flash" that can be used to find cameras by 180degree internal reflection which is the principle behind "red eye" / "cays eyes" / lamping.

So you can download and install a Python for Android that uses the SL4A interface and write your own app. But it would by no means cover all the simple bugging devices.

You could also write an app to do a crude form of audio "time-domain reflectometry", which with the addition of some hardware could also work when connected to a traditional POTS telephone line.

You can look up the principles of how to do all of the above on the likes of wiki. But without additional hardware you realy would be very limited in coverage.

WaelAugust 12, 2017 4:48 AM

@Clive Robinson, @Mario Gambino,

You'll need to have specialized equipment, either build your own or check spy stores. Even with that, you won't catch everything.

As for Time-Domain Reflectometry (TDR), it won't work well with acoustics in free space as it's based on wave reflections when they encounter an impedance change due to discontinuties in transmission lines (cable bends, terminations, cuts, and connectors ...)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.