IMSI catcher is a tactical and undetectable system for monitoring transmissions in 2G, 3G and 4 G mobile networks. The system enables secret, full-duplex interception of both SMS text messages and voice connections - incoming and outgoing.The main task of the IMSI catcher is mobile phones tracking and inconspicuous obtaining of IMSI/IMEI identification numbers of persons wanted or under surveillance within about 1 km distance with possibility of increasing it to 2 km (personating a BTS station). By reading IMSI / IMEI numbers, the system creates a list of phones working in your area. When the particular number was tracked the operator can monitor the two-way GSM transmission (incoming and outgoing transmissions, to and from the target and a receiver).
When the particular number was tracked the operator can monitor the two-way GSM transmission (outgoing transmissions from the target and a receiver). In addition, remote manipulation of communication enables blocking, redirecting or changing the content of the information sent.Another advantage of the IMSI catcher is that it enables positioning of the target via triangulation of the existing mobile network, however, one should have in mind that accuracy depends on the density of the base stations. The system also enables remote activation of GPS locator in the telephone.
Although the IMSI catcher provides a number of surveillance possibilities it is easy to use. Interface has been designed to facilitate operation for people who had never used this device before, so that to ensure 100% effective operation in stressful situations.
With some dirt cheap tech I bought from Amazon and 30-minutes of set-up time, I was streaming sensitive information from phones all around me. IMSIs, the unique identifier given to each SIM card, can be used to confirm whether someone is in a particular area. They can also be used as part of another attack to take over a person’s phone number and redirect their text messages. Obtaining this information was incredibly easy, even for a non-expert.
This attack isn’t revolutionary in any way—IMSI-catchers are certainly not new, and have become famous because they are commonly (and controversially) used by law enforcement to track suspected criminals. A commercial version made by Harris is called a “Stingray,” and they are sometimes called “cell-site simulators” or “fake cell towers.” This is because they spoof a cell phone tower’s connection, meaning that cell phones in the area will try to connect to it; in doing so, the IMSI-catcher is able to passively collect information about phones in the area.
But a DIY IMSI catcher is relatively trivial to setup, and the technology is accessible to anyone with a cheap laptop, $20 of gear, and, the ability to essentially copy and paste some commands into a computer terminal. This is about ease of access; a lower barrier of technical entry. In a similar way to so-called spouseware—malware used by abusive partners—surveillance takes on different character when it trickles down to more ordinary, everyday users. The significance and threat from IMSI-catchers is multiplied when a lot more people can deploy one.
For legal and technical reasons, our IMSI-catcher did not intercept text messages or phone calls, like more powerful versions can. It only captured IMSIs from devices, as well as provides some additional information such as the country and telecom operator of the phone. Motherboard did not store any of the collected data. You should be aware of the laws in your local region before attempting to do this; Motherboard does not condone or suggest you do anything illegal (and, even if legal, you shouldn’t use an IMSI catcher to do anything creepy.)
Once installed, I booted up grgsm_livemon, one of the programs included with the project. which presented a slider and a graph, to find a frequency to scan. This required a bit of trial and error—moving the frequency slider until finding a sweet spot where the graph represented a bell curve. The curve meant that the SDR had found what frequency nearby phones were broadcasting on. Depending on where you are, that frequency is going to be different.
If I wanted to make the IMSI-catcher a bit more portable, I could theoretically run it on a Raspberry-Pi, a miniature computer you can buy for as little as $30 or cheaper, depending on what model you need. Note that the IMSI-catcher would still need to have Ubuntu on the Pi, which it is not traditionally designed for, but it is likely possible. I would also need to make sure the SDR is receiving enough power from the USB port.