The German newspaper Die Zeit has a long feature this week about IMSI catchers and their countermeasures, words that were long heard only in countersurveillance cultures at Black Hat and Defcon. Observing this phenomenon make the jump from the obscure to the mainstream tells us a lot about the years to come: surveillance and countersurveillance will be a cat-and-mouse game for quite some time.
Most people have heard of their IMEI, their phone’s unique identifier. It’s short for International Mobile Equipment Identity, and a lot of people learn how to read this number. Originally, it was produced by typing ×#06# on your phone, a sequence that amazingly still works, but it’s also on the phone receipt, in the menus, and in a number of friendlier places. This is the number you can insure, and this is the number you can report stolen to brick the phone.
A more secretive number is the IMSI, the Subscriber Identity, which identifies not the phone but the SIM card inside the phone. In most parts of the world, you’re expected to buy these separately from the phone, and you can replace the SIM card to change carriers but keep the same phone. In some other parts of the world, where telco carries have exercised regulatory capture and have a dysfunctional market, the SIM is typically card prebaked into the phone, and in these countries, you might never have seen it – but it’s still there, identified by the IMSI.
There are many good technical reasons to keep this number a secret. For example, any reconfiguration instructions sent to the phone from the carrier – so-called Over-the-Air provisioning — must be signed cryptographically with the IMSI of the current SIM card, in order to prevent fraudulent configuration. It’s also the number used when the phone contacts the carrier network, and therefore, anybody intercepting that handshake will see the IMSI.
This is the technology used in so-called IMSI catchers. When there is a large number of people in an area that the regime — police or other forces — want to keep tabs on, they deploy high-powered fake celltowers that the phones connect to, believing that these fake celltowers are their carrier’s. The fake towers then contact the real ones in turn, performing what we call a man-in-the-middle attack, which is just what it sounds like, sitting between the phones and the real cellphone towers.
This is a fairly sophisticated attack, one made by law enforcement in a highly dubious legal area. That’s why it’s really interesting to see mainstream media cover the topic now.
It’s particularly interesting as law enforcement won’t immediately get identities out of this attack — it will merely read which IMSI numbers were in the area at the time of the man-in-the-middle attack. Some of the time, this could conceivably be translated into people’s actual names, by means of subpoenas or similar to the carriers. A lot of the time, it won’t (think anonymous prepaid SIM cards).
While this attack can be used to track an individual’s movements once you have their IMSI — and has been used for this, notably with the American-made Stingray devices — it’s more alarming that law enforcement is increasingly using the attack to keep a catalog over which people, or at least their phones, are present at a certain type of protest.
Die Zeit’s article also covers countermeasures to the IMSI catcher attack, and mentions that while there are numerous apps that detect IMSI catchers, the better ones can only detect about 90% of those attacks.
We can expect this to escalate in the coming years.
I am too small for this! So my phone is secure by how insignificant I am!
I think this is the most amazing thing on the internet that you are providing here.I never heard about this thing before.Keep up the good work and will stay connected to your blog.
The more worrying attacks are the fact that mobile comms are captured and stored, scanned (largely for metadata) and archived for future reference.
Rather a small number of people have their messages read, but most can unless you use encryption. And even with the SIM removed your phone is ‘on the system’.
From here you can easily acquire online app nana hack 2018 without spending a single penny.
Awesome post. It is very informative and it is really interesting to increase our conversation rate. Thanks for sharing, it will be useful to everyone.
This is so cool!
Thanks for sharing this complete information about Online business listing at right here.
Informative and excellent article. Thanks for sharing Keep it up.
After exploring a number of the blog posts on your web page,
I really appreciate your technique of writing a blog. I saved it to my bookmark site list and will be checking back soon. Take a look at my website as well and let me know what you think.
Insightful article.
wonderful post, very informative. I wonder why the other specialists of this sector don’t realize this.
You must continue your writing. I’m sure, you have a great readers’ base already!
i like your article this is very informative..
Thanks for sharing.