IMSI-catchers are devices that are presumably used by government agencies to wiretap the mobile phones of people under surveillance. Then why should regular, law-abiding citizens be worried about them? Well, because it is not just governments that have a monopoly on using IMSI-catchers anymore. There are, however, measures one can take to counter them.
In early April, Canada’s CBS TV network reported that it had detected several IMSI-catchers in the country’s capital of Ottawa. This story illustrates well what should worry you when it comes to these devices – it is not clear who is using them. When IMSI-catchers (or Stingrays as they are also known due to the name of one popular model) first appeared in the early 2000s, governments’ law-enforcement and intelligence agencies had a monopoly on using them. Fast-forward to 2017 and these devices are available at various online stores for a few hundred dollars.
What are IMSI-catchers and how do they work?
IMSI-catchers are devices that act like fake cell towers, which trick a target’s device to connect to them and then relay the communications to an actual cell tower of the network carrier. This way all of the target’s communications – calls, text messages, Internet traffic, etc. – go through the IMSI-catcher and can be collected and read or listened on. In the same time, the victim is oblivious to the fact that this is happening, because, to them, it looks like everything is working normally. In the field of security, this is called a man-in-the-middle (MitM) attack.
This is possible due to a loophole in the GSM protocol. Mobile phones are always looking for the tower with the strongest signal to provide the best reception – this is usually the nearest one. At the same time, when a device connects to a cell tower, it authenticates to it via its International Mobile Subscriber Identity (IMSI) – but the tower doesn’t have to authenticate back. Hence, why every time someone places a device that acts as a cell tower near your phone, it would connect to it and give away its IMSI.
Notice how this method is not targeted? This is the reason why privacy advocates are concerned even when government agencies use these devices within the confines of the law. IMSI-catchers collect the data on all phones within a certain radius and can listen on the calls of, again, all phones in that area. The concern is what law-enforcement and intelligence do with that collateral data. It is an even bigger concern what criminals who have bought a Stingray off the Internet do with that data.
What can you do to protect yourself from IMSI-catchers?
If you are within the range of an IMSI-catcher and your phone is on, you can do nothing to prevent it from connecting to the fake tower. This is why mobile security companies such as us focus on concealing the content of communications. Encryption makes data incomprehensible to third parties that do not have the key necessary to decipher it. If your communications are encrypted via strong contemporary encryption algorithms – such as the ones used by the apps in our encrypted communications suite, Secure Pack – no eavesdropper would be able to decipher them.
But encryption is just the first line of defense. As we explained, Stingrays intercept the IMSIs of devices. This ID number could be used to track the location of a phone – and the whereabouts of its owner. Other IMSI-catcher models can be used to hack the baseband processor of a smartphone directly. This potentially allows attackers to subvert encryption by intercepting communications on the device itself – before encryption took place. To avoid this, you should steer clear of IMSI-catchers altogether. Fortunately, there is a way to detect them from a distance.
For example, Secure Phone, our secure mobile communications device, comes with an IMSI-Catcher Detector app preinstalled on it. It contains a database of all the cell towers of mobile carriers in different countries – and regularly updates this list. Every time it detects a cell tower, it checks the list to see if it is there. If it is, then it is a legitimate one, and there is no danger. However, if the tower is not on the list, there is something suspicious going on – and a high probability that this is an IMSI-catcher. In that case, the best you can do is to turn off your phone and turn it on again once you reach a safe location.