You could possibly achieve interesting results with a single handset to keep in your pocket as you go about your day. The Samsung Galaxy S3 is ideal due to the fact that Android apps are written to access low level data from it's baseband which is normally not available to end-user applications.
In fact there is a company that sells re-modded S3's at a decent price for this exact purpose [1].
Save some money and find an old handset and load on free IMSI catcher detection software. [2]
EDIT: It seems SnoopSnitch [3] which is used in the SeaGlass project works on rooted Android phones with that use Qualcomm chipsets.
"You could possibly achieve interesting results with a single handset to keep in your pocket as you go about your day. The Samsung Galaxy S3 is ideal due to the fact that Android apps are written to access low level data from it's baseband which is normally not available to end-user applications."
I don't understand why this is done with apps on mobile phones. It seems to me that all of the "metrics" that we use to determine an IMSI catcher are easily obtained with an SDR - even a cheap RTL-SDR.
Take a look at the scoring system for snoopsnitch:
Almost all of those indicators can be easily seen with an SDR and various tools like kal/kalibrate, airprobe, gr-gsm, and so on ... further, I suspect there are many more deeper indicators (think nmap, but for GSM stations) that would be seen with an SDR that could not be with a mobile phone, although that is just conjecture...
Almost entirely because cell phones are both a radio and a computer platform in one battery powered unit. No additional work, and they are small. And generally they get thrown away alot so there are cheap ones on the market.
But to your point, it would be straight forward to build imsi catcher catchers (ic^2 :-) with an SDR setup and with something like the ADALM-PLUTO[1] it would be reasonably cost effective.
because just about everyone has a smart phone now, and a high percentage of them have an old smart phone (esp in this community). Not everyone has a SDR, which can cost as much as a smart phone. Not everyone wants to build and deploy code vs just download an app. Eg why apple is more popular than linux for desktops. (I use linux).
Very early android (I bought 2 G1's the first day they were available) there weren't many apps. One popular app would show you where you were, where the tower you were connected to was, a bunch of related metadata, and a link to the FCC database for the tower. Not sure if that data is still available though.
Seaglass seems like basically the same thing, but they track the metadata across carriers, cities, and of course over time. That way they can track changes in the tower, unusual towers, or unusual signal strengths.
For non-rooted devices, http://wilysis.com/networkcellinfo do some nice apps that show the current cell tower location and can log that with a map. Whilst it won't flag up a fake tower, they will stick out.
There are also apps that alert you to fake cell towers, but they depend upon knowing what the legit ones are so the ones I have played with require you to log the local towers you use as a white list. Otherwise how do you or the app know the difference between a fake and a real tower.
But the aspect that cell towers do not have trusted certificates or any form of proving they are from X,Y or Z carrier is a bit of a problem.
One solution is to use VOIP instead of cellulare voice comm's and a VPN. That way the ability of a fake tower will be reduced in what it can glean from you.
We had a program manager on our team who used this app. She didn't understand that it flags repeaters and boosters which we have in our building and made the claim that we were running an illegal OpenLTE network as part of our security research. It was an uncomfortable situation to say the least. Ultimately I don't think these tools are very useful to end users and am encouraged by the SeaGlass project because they are collecting lots of data and correlating it with professionals analyzing the data.
Oh heard of worse examples of tech in the wrong hands. Friend worked in infosec for an online casino. Got called in late sunday evening with boss shocked that port 25 was open on the firewall (he'd just played with a chintzy port scanner app). Friend explained how email works, next day he was terminated with no recourse. Management with a little knowledge is dangerous.
>One solution is to use VOIP instead of cellulare voice comm's and a VPN. That way the ability of a fake tower will be reduced in what it can glean from you.
That helps with the eavesdropping problem, but doesnt help with the imsi catching part.
I think the app you refer to is 'Antennas', and I ran it on my G1 also. It worked as advertised in North America and I used it for a while in Europe, and it worked there as well. Obviously not part of the FCC database, so there must have been more than one in use. Sadly it's no longer maintained.
There's also Snoopsnitch from SRLabs (Nohl et al).
Most of these software seems to suffer from the combination of hardware dependencies and device churn/neglect. Neither have received updates in a while.
We really need to gather all these resources together if we want software that works. Ideally, there should also be a simple way to know that it's working.
In fact there is a company that sells re-modded S3's at a decent price for this exact purpose [1].
Save some money and find an old handset and load on free IMSI catcher detection software. [2]
EDIT: It seems SnoopSnitch [3] which is used in the SeaGlass project works on rooted Android phones with that use Qualcomm chipsets.
[1] https://www.wired.com/2014/09/cryptophone-firewall-identifie...
[2] https://cellularprivacy.github.io/Android-IMSI-Catcher-Detec...
[3] https://opensource.srlabs.de/projects/snoopsnitch