IMSI Catchers act like false cell towers that trick the victim’s device to connect to them. The communications (calls, text messages, Internet traffic, and more) are intercepted, then relayed to the target cell tower of the network carrier. To make matters worse, the victim is mostly unaware of what is happening. This type of hack is also known as a man-in-the-middle (MitM) attack.
This cybercriminal activity is made possible due to a loophole in the GSM protocol. Mobile phones are constantly looking for the tower with the strongest signal to provide the best reception, which is usually the nearest one. It might, however, not be a genuine mobile provider tower.When a device connects to a cell tower, it authenticates to it via its International Mobile Subscriber Identity (IMSI). IMSI is a unique identifier linked to your SIM card and is one of the pieces of data used to authenticate your device to the mobile network. The issue, however, is that the tower doesn’t have to authenticate back.This is why the IMSI Catcher is so effective. It simply pretends to be a cell tower near your phone, then seamlessly connects to it, and starts to harvest information.
It’s only a matter of time before MNOs will be held to higher scrutiny and be required to add additional layers of cyber protection to their networks. In the meantime, subscribers themselves are growing increasingly worried about eavesdropping and about their personal data being hijacked by would-be attackers. MNOs that want to provide added value to their subscribers should consider the additional layers of security they can offer their subscribers.
Communication Interception – This is the most basic form of hacking performed today. The attackers simply “catch” the device’s International Mobile Subscriber Identity (IMSI) in a classic case of digital identity theft.The next step is spoofing authentication, where the Stingray “convinces” the genuine mobile network that it’s actually the targeted mobile phone for all communication purposes. This is done by the IMSI Catcher sending a Location Update Request to a legitimate cell tower and identifying itself with the stolen IMSI. Dealing with smartphone encryption security mechanisms is also not a big challenge due to the victim’s phone “helping” with the requests.
Location Tracking – Often overlooked by security service providers, location tracking is becoming more and more common as it requires no cooperation from cell providers. For law enforcement authorities to track suspects or criminals they (usually) require a warrant and the cooperation of mobile service providers. IMSI Catchers can now be used to check for the presence of a victim or perpetrator in a specific area or even figure out their exact location without the need for operator cooperation.
Denial of Service (DoS) – Cell network denial of service is executed by connecting the device to the fake cell tower. Once the device is on the fake tower, it’s not connected to the real network, and the device is denied connectivity. Only if the attacker chooses, then the device is connected to the network through the attacker’s system (aka Man-in-the-Middle).
The cybersecurity market has grown at an exponential rate over the last decade. Yes, there are consumer solutions on offer to fight IMSI Catchers. However, as per recent WIRED research, the available consumer-level tools were found to be partially effective at best when it came to detecting malicious activity involving snooping.
The reasons are quite clear. The basic GSM architecture is full of security loopholes that are tough to seal up completely. To a skilled hacker, smartphones are “dumb” devices that can work as per their wishes once they have been compromised.
Available IMSI catcher detection solutions today can be roughly divided into two categories: consumer-level and military-grade solutions. The software solutions offered to users online are, as mentioned above, only partially effective in protecting users and their devices. While they may provide some peace of mind to the average smartphone user, it is simply not enough to protect sensitive corporate data often found on the devices of company employees.
