From a1039fedfe1940b24043cdec6676b65750a84e09 Mon Sep 17 00:00:00 2001
From: andr3jx <9414f52d@opayq.com>
Date: Tue, 9 Sep 2014 00:23:16 +0200
Subject: [PATCH] Improved introduction

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 30f1a9d1..a7f60747 100644
--- a/README.md
+++ b/README.md
@@ -51,7 +51,7 @@ YouTube: DEF CON 18 - Practical Cellphone Spying with Kristin Paget (click pictu
 
 Unfortunately it seems that IMSI-Catchers have been exponentially popular lately, with an explosion of various "bastards" with governments and criminals all the same, using it. Anyone can now buy an IMSI-Catcher (or build a cheap one on his own). Sending spam and phishing SMS via fake base stations is already a lucrative underground market, particularly in Russia, China and Brazil (see [The Mobile Cybercriminal Underground Market in China](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-mobile-cybercriminal-underground-market-in-china.pdf)). For example in China, 1.530 people got arrested for using [this kind of equipment](http://www.ecns.cn/business/2014/03-26/106525.shtml). Just recently, hackers decided to start [reverse-engineering the NSA toolset](http://heise.de/-2235339) and are releasing tools like [TWILIGHTVEGETABLE](http://www.nsaplayset.org/twilightvegetable) - an easy to use, boot and pwn toolkit for passive monitoring of GSM communications as well as [CHORDGHOST](http://www.nsaplayset.org/chordghost) as an extension to that system, which is an inconspicuous handset modified for passively intercepting GSM traffic. It's just a matter of time of when your own neighbor will spy on you with simple self-build tools!
 
-In addition, they can all crack A5/1 encryption which is most commonly used for GSM traffic on the fly (passively)! A5/3 encryption which is used for securing 3G and is offered as [new security standard for GSM encryption](http://www.telekom.com/media/company/210108) remains secure in practice while susceptible to theoretical attacks. 3G networks use the security protocol [AKA](http://en.wikipedia.org/wiki/AKA_(security)) which offers mutual authentication, so it is not possible to deploy a fake 3G network. Although 3G and 4G offer sufficient protection from eavesdropping, the security measures can be bypassed by IMSI-Catchers forcing a mobile device into 2G mode and [downgrade encryption to A5/1 or disable it](http://www.septier.com/149.html).
+In addition, they can all crack A5/1 encryption which is most commonly used for GSM traffic on the fly (passively)! A5/3 encryption which is used for securing 3G and is offered as [new security standard for GSM encryption](http://www.telekom.com/media/company/210108) remains secure in practice while susceptible to theoretical attacks. Although 3G and 4G offer sufficient protection from eavesdropping, the security measures can be bypassed by IMSI-Catchers forcing a mobile device into 2G mode and [downgrade encryption to A5/1 or disable it](http://www.septier.com/149.html).
 
 There are almost no phones on the market which offer an option to check what kind of encryption is used to secure GSM traffic. And although the [Issue of not having a convenient display of the Ciphering Indictor](https://code.google.com/p/android/issues/detail?id=5353) has been assigned to Google since 2009, it seems they're getting paid (or are forced to) blatantly ignoring it. The only way to protect a mobile device from downgrade attacks is to disable 2G if this option is available. In this case the phone will not be able to receive or make calls in areas without 3G coverage. This is why the original author named "E:V:A" started this project. **Let's detect and protect against these threats!** Never think you've got "nothing to hide".
 
-- 
GitLab