In active mode the Stingray will broadcast a consistently strong signal to force targets to connect to it so that it can grab identifiers.
Some detection methods rely on this, as well as fingerprinting the Stingray (they negotiate a drop in encryption and ask the phone to max signal strength)
Current solutions for Android will point out new base stations that stand out and are likely an IMSI catcher:
The better method, since the devices change and some are stationary, is to authenticate the real cell phone towers. This would involve either updating the GSM protocol, or having the carriers send out additional settings that make the phone aware of their legitimate sites and only connect to them.
iOS doesn't make these settings available in official API's, but if they did it would be possible to develop apps or features that could detect/avoid IMSI catchers.
The best non-tech solution is to have an anonymous IMSI. The attack relies on linking an IMSI to a real person, or the pattern behavior of a phone to a real person. So - anonymous SIM cards, change them up often, don't have it switched on with any of your real phones or real phones of friends, leave it switched off, etc.
Sorry to say, but AIMSICD is a placebo. It does not detect anything. It was proved in their issues page many times, it never detected any threat, but detected dozens of false positives (also see their issues).
Some detection methods rely on this, as well as fingerprinting the Stingray (they negotiate a drop in encryption and ask the phone to max signal strength)
Current solutions for Android will point out new base stations that stand out and are likely an IMSI catcher:
http://secupwn.github.io/Android-IMSI-Catcher-Detector/
The better method, since the devices change and some are stationary, is to authenticate the real cell phone towers. This would involve either updating the GSM protocol, or having the carriers send out additional settings that make the phone aware of their legitimate sites and only connect to them.
iOS doesn't make these settings available in official API's, but if they did it would be possible to develop apps or features that could detect/avoid IMSI catchers.
The best non-tech solution is to have an anonymous IMSI. The attack relies on linking an IMSI to a real person, or the pattern behavior of a phone to a real person. So - anonymous SIM cards, change them up often, don't have it switched on with any of your real phones or real phones of friends, leave it switched off, etc.