Cell-site simulators (also sometimes called Stingrays and IMSI-Catchers) are interception devices used to spy on mobile network communication. A couple of volunteers, including myself, have built an app – Wiretap Detector – that uses heuristics to detect these devices. Below are the slides from a talk that I have (in my native language) on a local tech conference.

It works by applying the following:

• Compares public IP with the announced IP ranges of the telecom – Gets ASN based on the initial IP and uses https://ip.guide
• Detects changes on the first 2 hops of traceroute
• Detects changes in the combination of (geocoordinates, cell identifier)

No such application is perfect or guaranteed to detect interception, because of the nature of the mobile technology. Furthermore, it can’t detect legal interception using direct streaming of calls and messages from the telecom to an interception interface at some government agency.

The app is open source, feel free to contribute. There is a long TODO list, which would improve detection and user experience