You could possibly achieve interesting results with a single handset to keep in your pocket as you go about your day. The Samsung Galaxy S3 is ideal due to the fact that Android apps are written to access low level data from it's baseband which is normally not available to end-user applications.<p>In fact there is a company that sells re-modded S3's at a decent price for this exact purpose [1].<p>Save some money and find an old handset and load on free IMSI catcher detection software. [2]<p>EDIT: It seems SnoopSnitch [3] which is used in the SeaGlass project works on rooted Android phones with that use Qualcomm chipsets.<p>[1] <a href="https://www.wired.com/2014/09/cryptophone-firewall-identifies-rogue-cell-towers/" rel="nofollow">https://www.wired.com/2014/09/cryptophone-firewall-identifie...</a><p>[2] <a href="https://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/" rel="nofollow">https://cellularprivacy.github.io/Android-IMSI-Catcher-Detec...</a><p>[3] <a href="https://opensource.srlabs.de/projects/snoopsnitch" rel="nofollow">https://opensource.srlabs.de/projects/snoopsnitch</a>
This can also be done on CDMA via Qualcomm QXDM and qCAT for logging, enabling you to just have a single cell phone, a laptop and some scripting in QXDM to log.<p>Of course this would mean you have access to unlicensed Qualcomm software, know a bit about interfacing with the radio of CDMA phones and qCAT will correctly parse it to meaningful data.<p>On the other hand, you can also log numbers being actively dialed and even intercept text messages on the SMS paging channel if you happen to have the correct UM/AN on the phone (ESN/MEID not needed)<p>But with the eventual shut down of CDMA, this sort of phreaking is long lost and over.
It would be interesting to push this out to the crowd of people interested in privacy. Maybe we could put a setup like this in our own cars, or at least run an app on our phones. It would really harm their surveillance efforts if 1000's of people were contributing to a global map.
Awesome - I actually saw this idea posed on Reddit recently:<p>"<i></i><i>>So there are factory methods in each cellphoe where you can get the tower ID and RSSI and other data from the tower... what is needed is an app that actively logs ALL that data with the GPS location of the phone regularly and pushes it to a DB in AWS - and you keep capturing all that data, and you compare geo-loc from al the phones and the towers they see/connect to when within that cells signal domain - the app should be able, after time, to "know" which tower it should be connected to based on GPS as it moves into and out f each cell... you get an alert if the phone connects to the non-predicted cell signature.<p>Simple.</i><i></i>"
Wow, this feels like something similar to the mechanism Batman uses to find Joker at the end of the dark knight movie. Instead of Joker, it's IMSI-Catchers.<p>It would be interesting to see how they validate their findings which should be a challenge I guess.