How to Protect Your Device from IMSI Catchers?
Israel was attributed for the IMSI catchers discovered in Washington, D.C. three years prior in September 2019, demonstrating the frequency of these types of eavesdropping equipment. Previously used only by law enforcement to locate the international mobile subscriber identity (IMSI) associated with a criminal suspect's SIM card for investigation purposes, an IMSI catcher may now be purchased or built by almost anyone to intercept a target's communications. With such low barriers to entry, these devices are no longer simply for the wrong people to be concerned about.
In this blog, I will talk about IMSI catcher, how it works, and examine specific aspects to unfold the dangers of IMSI/stingrays, etc.
SIM Swap Protection
Get our SAFE plan for guaranteed SIM swap protection.Protect Your Phone Now
What is IMSI Catcher?
Cracking GSM encryption, passive GSM interception, and aggressive GSM interception are all examples of GSM attacks. IMSI catchers come under the last type, serving as a transceiver and actively interfering with communications between mobile phones and base stations (simultaneously transmitting and receiving).
How Does IMSI Catcher Work?
IMSI catchers simultaneously deploy a "man-in-the-middle" [MITM] attack, presenting the fake mobile phone to the genuine base station and the fake base station to the actual mobile phone. IMSI catchers can determine the IMSI numbers of nearby mobile phones, which is the trademark capability from which they get their name. Using the IMSI, they can then identify mobile traffic on the network and target it for interception and analysis.
Stingrays have become commonly known as IMSI catchers. Law enforcement agencies have been dubbed "cell-site simulators" or "cell site emulators", fake cell towers, rogue base stations, StingRay or dirtbox. Because the 2G protocol has a lot of security flaws that make spying easier, IMSI catchers will frequently try to force communication over 2G. For one thing, encryption isn't always necessary. Many underlying cryptographic methods (such as A5/1) can be broken in real-time if this is the case.
IMSI catchers with more advanced capabilities can intercept texts and listen in on phone calls. They may also be able to intercept data transmissions, such as phone numbers dialed, web pages browsed, and other data. IMSI catchers are frequently equipped with jamming technology (to cause 3G and 4G phones to connect at 2G speeds) and other denial-of-service features. Some IMSI catchers may be able to retrieve things such as images and SMS from the target phone.
How Do Criminals Use IMSI Catchers?
An IMSI catcher thus provides threat actors with several alternatives based on the device's capabilities and the cellular protocol in use.
An IMSI catcher can force a targeted smartphone to respond with its specific location using GPS or the signal intensities of the phone's adjacent cell towers, allowing trilateration based on these towers' known locations. When a threat actor knows where a target is, he or she can learn more about them, such as their exact location within a large office complex or the sites they frequent, or just track them across the coverage area.
Some IMSI catchers allow operators to reroute calls and texts, alter communications, and impersonate a user's identity in calls and texts.
Some of the more expensive IMSI catchers claim to be able to transmit spyware to the target device. Spyware can ping the target's position without using an IMSI catcher and discreetly gather images and sounds through the device's cameras and microphones.
An IMSI catcher may also gather metadata such as phone numbers, caller IDs, call durations, and the content of unencrypted phone conversations and text messages, as well as some forms of data consumption (like websites visited).
IMSI Catchers Detection
There is no guaranteed way for a smartphone user to know if their device is linked to an IMSI catcher, much alone prohibiting connections with IMSI catchers, at this time. Slow cellular connections and a change in the band in the status bar (for example, from LTE to 2G) are indicators, however, slow connections happen to unaffected users as well, and specific IMSI catchers can operate in 4G.
IMSI catcher detection applications are only available for Android, and they require rooting the device – which is a security flaw – to access the cellular network communications available through the smartphone baseband's diagnostic interface. For identifying IMSI catchers, more reliable hardware options are available, which makes sense for protecting several smartphone users in a single location, such as a business headquarters or military post.
A typical arrangement includes a fixed, embedded system with sensor hardware and a cellular modem for continually monitoring the broadcast signals of nearby base stations, as well as a database to which data can be uploaded for analysis. When an IMSI catcher is found, alarms can be sent to all smartphone users in the organization.
How to Protect Your Device from IMSI Catchers?
While this appears to be a catastrophic situation, one option can safeguard you from all of these threats: the Efani Black Seal Protection. EFANI uses many levels of security and privacy to encrypt your voice, SMS, and text messages and a cloud-based solution to detect, protect, and warn users in real time when an intrusion attempt is made.
At the network level, Efani's Black Seal Protection delivers a unique military-grade capability for detecting IMSI Catchers and preventing Man in the Middle Attacks. The key strength of this solution is its ease of use. It is designed for cutting-edge protection on the SIM-card level and mass deployment in large enterprises.
Installing the EFANI encrypted SIM card into your smartphone and answering a few questions to activate it is all it takes. The user experience is unchanged, but security, privacy, and peace of mind have been added.
Perhaps most crucially, simply acknowledging that your cellular connections are unreliable may cause you to reconsider the information you exchange. Your security posture will benefit as a result.
Watch this video by my colleague for more information:
Black Seal Protection
Get our BSP plan for guaranteed security against location tracking, eavesdropping, and SS7 attacks.Secure My Phone
IMSI Catchers in a Nutshell
Communication interceptions, service denial, and location monitoring are all frequent MITM threats. Symptoms of such attacks aren't always visible, except for service denial, if all communications are stopped. Otherwise, if someone wasn't actively seeking intercepted communications or double-checking every page they visited to ensure they weren't being sent to an attacker-controlled domain, they might not even be aware they were being tracked