Clutch: Cellular Security Monitor

Your Phone Trusts Every Tower

Every day, your phone scans for cell towers. Finds the strongest signal. Connects automatically.

No questions asked. No verification. Just trust.

The problem: Some of those towers are fake.

IMSI catchers (StingRays) impersonate legitimate cell towers. Your phone connects. Now law enforcement (or whoever deployed it) can:

• Track your location in real-time
• Intercept calls and messages
• Force encryption downgrades (4G → 3G → 2G)
• Identify everyone at a protest, conference, or location

Your phone doesn't warn you. It just connects.

Clutch warns you.

What This Does

Real IMSI Catcher Detection:

• Signal pattern analysis (tower behavior anomalies)
• Technology downgrade alerts (4G suddenly dropping to 2G)
• Machine learning threat classification
• RF fingerprinting (identifying fake towers by signature)

Professional Signal Analysis:

• Signal strength monitoring (unusual power levels)
• Timing advance analysis (distance calculation)
• Encryption tracking (which protocols active)
• Power consumption spikes (indicator of active interception)

Coordinated Threat Intelligence:

• Multi-device correlation (multiple phones seeing same fake tower)
• Geographic clustering (threat maps)
• Remote monitoring server (optional, encrypted)
• Real-time threat sharing (warn other users)
• Historical analysis (track deployment patterns)

No Permission Bullshit:

• All threat detection happens on your device
• No cloud dependency (unless you enable remote sharing)
• Encrypted communication for coordination
• No content interception, no personal data collection

Why This Exists

Traditional "security" solutions:

• Expensive hardware ($3,000+ spectrum analyzers)
• Academic tools (broken links, unmaintained repos)
• Fake apps (placebo security theater)
• Government spyware (literally the threat you're detecting)

Clutch is open-source.

Built for journalists covering protests. Activists organizing movements. Security professionals doing pentests. Anyone who needs to know if their phone is being surveilled.

Who Uses This

Journalists covering protests:

• Detect StingRays deployed at demonstrations
• Know when surveillance is active
• Coordinate with other journalists (shared threat intel)

Activists organizing:

• Identify surveillance patterns
• Plan routes avoiding known deployment areas
• Document government overreach

Security professionals:

• Pentest cellular infrastructure
• Audit client security posture
• Train clients on surveillance detection

NOT for:

• Committing crimes (defensive tool only)
• Violating laws (comply with local regulations)
• Paranoia without cause (know your threat model)

Technical Architecture

iOS App (Swift + CoreTelephony):

• Real cellular API access (not fake readings)
• Machine learning threat classification
• WebSocket client for coordination
• Location services for geographic clustering
• Local SQLite database (no cloud required)

Python Backend (Optional):

• Multi-platform data collection (if running coordination server)
• Advanced RF analysis algorithms
• ML model training pipeline
• Threat database aggregation

Remote Coordination Server (Optional):

• WebSocket server (encrypted connections)
• Device authentication (no anonymous submissions)
• Coordinated attack detection (multiple phones → same fake tower)
• Geographic threat correlation (map deployment patterns)
• Historical analysis (track surveillance over time)

Installation

# Clone the repo
git clone https://github.com/ghostintheprompt/clutch
cd clutch

# Run quick start (sets up dependencies)
./quick_start.sh

# Open iOS app project
open iOS-App/NetworkSecurityMonitor.xcodeproj

# Build and run on device (requires Apple Developer account)
# Simulator won't work - needs real cellular hardware

Requirements:

• iOS 14+ device (real hardware, not simulator)
• Xcode 12+ (for building)
• Apple Developer account (for code signing)
• Python 3.8+ (optional, for backend/coordination server)

Usage

Basic monitoring:

1. Launch app on device
2. Go to Cellular tab
3. Tap "Start Monitoring"
4. Watch for threat alerts

What to watch for:

• Red alerts = High confidence threat (likely IMSI catcher)
• Orange alerts = Suspicious behavior (investigate)
• Technology downgrades (4G → 2G = major red flag)
• Power consumption spikes during idle
• Signal timing anomalies

Coordination mode (optional):

1. Deploy coordination server (Python backend)
2. Configure server URL in app settings
3. Enable remote sharing
4. See threats detected by other users in area

Real-World Detection Example

Scenario: Covering protest in downtown area.

Normal behavior:

• Connected to AT&T tower
• 4G LTE with 85dBm signal strength
• Encryption: LTE (secure)
• Tower ID: consistent

IMSI catcher deployed:

• Suddenly forced to 2G GSM
• Signal strength jumps to -40dBm (suspiciously strong)
• Encryption: GSM A5/1 (broken, crackable)
• Tower ID: unknown/spoofed
• Timing advance: indicates very close proximity (< 100m)

Clutch alert:

HIGH THREAT DETECTED
Technology downgrade: LTE → GSM
Abnormal signal strength: -40dBm
Unknown tower ID
Likely IMSI catcher

Action: Enable airplane mode. Use encrypted messaging over WiFi only. Document the surveillance.

Security & Privacy

What Clutch does:

• Detects surveillance attempts
• Analyzes cellular signals
• Alerts you to threats
• Optionally shares threat intel (encrypted)

What Clutch does NOT do:

• Intercept your communications
• Store your personal data
• Send data to cloud (unless you enable coordination)
• Provide false sense of security (know your threat model)

Threat model:

• Defends against: IMSI catchers, StingRays, fake towers
• Does NOT defend against: Lawful intercept at carrier level, baseband exploits, sophisticated nation-state attacks
• Use with: Encrypted messaging (Signal), VPN, operational security practices

Ghost Says...

Built this after watching journalists get surveilled at protests. They knew StingRays were deployed. Had no way to detect them in real-time.

Commercial solutions cost $3,000+ for spectrum analyzers. Academic tools were abandoned GitHub repos. Fake apps gave placebo security.

Needed: Open-source IMSI catcher detection. iOS app. Real CoreTelephony integration. Actual threat alerts.

Clutch works. CoreTelephony APIs provide real cellular data. ML classification catches anomalies. Coordination mode shares intel across devices.

Not perfect. Sophisticated attacks can evade detection. Nation-state threats use techniques this won't catch.

But it catches StingRays at protests. That's what it's built for.

If you're a journalist: Use this at demonstrations. Know when surveillance is active. Coordinate with other journalists via threat sharing.

If you're an activist: Map surveillance patterns. Plan routes. Document government overreach.

If you're building security tools: This is how you use CoreTelephony correctly. Real data. Real analysis. Real alerts.

Open-source. Defensive use only. Know your threat model.

---

Responsible Disclosure

Found a vulnerability in Clutch itself?

1. Email security details (don't publish publicly)
2. Give time to patch (coordinated disclosure)
3. Credit goes to reporter

Found surveillance using Clutch?

1. Document the detection (screenshots, logs)
2. Report to EFF, ACLU, or local digital rights org
3. Consider responsible journalism (protect sources)

Legal Notice

Defensive use only. Clutch detects surveillance. Does not enable surveillance. Does not intercept communications.

Using Clutch to detect IMSI catchers = legal (defensive security).

Using IMSI catchers yourself = illegal without authorization (federal crime in US).

Know your local laws. Comply with regulations. This tool is for defense, not offense.

---

GitHub: clutch

Real IMSI catcher detection. Open-source. iOS + Python.

Your phone trusts every tower. Clutch verifies.