6 Fast Facts You Need to Know About IMSI Catchers, the Secretive Phone Surveillance Technology Used by Police
IMSI catchers are being used by police officers throughout the United States, Canada, Germany, and other parts of the world. Also called “stingrays”, the secretive technology has been making headlines for its surprising ability to record data from all nearby cellphones.
This is a technology that you should know about. Today, we’re talking about IMSI catchers and how they affect you.
What Are IMSI Catchers?
IMSI catchers are surveillance tools that record data from the cellphones of all those nearby. The devices are frequently used in prisons and by police forces.
IMSI catchers have generated some controversy. Prisons use IMSI catchers to crack down on inmates potentially using cell phones. That’s not the controversial part: the controversial part is that IMSI catchers don’t just track prisoners, but they also track guards, visitors and others inside the prison. It’s an indiscriminate tracking tool.
Police Forces Are Wary About Discussing IMSI Catchers
Another controversial part about IMSI catchers is that police forces aren’t totally transparent about what the devices are or how they work. Canada’s Royal Canadian Mounted Police, for example, and other Canadian security agencies, refuse to answer questions about IMSI catchers because it would “compromise their ability to conduct criminal investigations.”
The argument is that if criminals know more about IMSI catchers and how they work, then the value of the tool will be compromised.
Germany and the United States have taken a slightly more transparent approach to discussing the technology. Germany publishes annual statistics on its use of IMSI catchers, for example. And last year, the United States publicly discussed its new rules governing stingray surveillance.
Nevertheless, US police forces still don’t like to talk about IMSI catchers. The New York Police Department (NYPD) recently faced questioning from the American Civil Liberties Union (ACLU) asking about their use of IMSI catchers. They responded by stating that talking about the IMSI catchers would make them vulnerable to hacking.
The ACLU fired back by stating:
“It would be a serious problem if the costly surveillance devices purchased by the NYPD without public competitive bidding are so woefully insecure that the only thing protecting them from hackers is the secrecy surrounding their model names.”
US Organizations Are Required to Destroy Most IMSI Catcher Evidence Within 48 Hours
Last year, the United States publicly revealed its IMSI catcher laws.
One of the key parts of that law is that the US government is required to destroy within 48 hours any information obtained that is unrelated to an investigation.
Still, many people believe the laws are woefully insufficient given the power of the surveillance technology.
How Do IMSI Catchers Work?
Basically, IMSI catchers work by emulating a “fake” mobile tower. That tower acts as a middle-man between the target’s mobile phone and the carrier’s real towers. That’s why this is considered a “man in the middle” type of hack.
As you may know, cell phone data in most countries is encrypted. That means even if someone intercepted the data, the data they received would be meaningless. How do IMSI catchers get around this?
IMSI catchers trick cell phones into thinking they’re talking to a real carrier antenna. They take advantage of a notorious exploit in GSM technology where the handset needs to authenticate to the network, but the network does not need to authenticate to the handset.
With that in mind, the IMSI catcher works by disguising itself as a base station and then logging the IMSI numbers of all mobile stations in the area.
IMSI catchers don’t actually break encryption: they just force your phone to use no call encryption (also known as A5/0 mode) or encryption that’s easily breakable (A5/1 or A5/2).
One of the controversial parts about IMSI catchers is that they’re indiscriminate: your phone will automatically choose the strongest base station in the area. In other words, all cell phones within a defined radius of the IMSI catcher will be tracked. Your cell phone just sees that as another ordinary tower on your network, so it automatically routes traffic through the IMSI catcher.
How to Avoid IMSI Catchers
There’s currently no 100% effective way to avoid being tracked by IMSI catchers. Unless, of course, you don’t use your mobile device or connect it to the carrier’s network.
The best and easiest way is to just use your cell phone’s data connection to make calls. Use services like Skype to make calls or WhatsApp to send messages (although WhatsApp has recently faced some controversy for its customer tracking).
Nevertheless, IMSI catcher countermeasures are being developed as we speak. There’s one project called Osmocon which is developing open source Mobile Station software, a special type of firmware that may be able to notify you when you’re connecting to your carrier through an IMSI catcher.
Unfortunately, that software is limited to very few phones, including mostly outdated GSM Motorola phones that are no longer available for purchase.
Another project in the works is the Android IMSI Catcher Detector (AIMSICD), which is being developed to detect and circumvent IMSI catchers.
How to Make your Own IMSI Catcher
Want to track mobile network traffic in your area? it’s easier than you think.
Little is known about the IMSI catchers used by police and government organizations. However, there’s a burgeoning hacking community putting together its own IMSI catchers.
As reported by ArsTechnica, researchers put together an IMSI catcher using about $1400 worth of hardware you can easily purchase today. That IMSI catcher targets the LTE specification, used by an estimated 1.37 billion people around the world.
That $1,400 IMSI catcher is able to track all phones within a 32 to 64 foot radius.
Ultimately, IMSI catchers are surveillance tools used by police forces and government organizations around the world. Depending on how much you trust the government, that can either be very comforting – or incredibly frightening.
