Protecting High-Level Personnel from IMSI Catchers
8 min read
fairly difficult
With such low barriers to entry, it's no longer just the bad guys who need to be worried about IMSI catchers.
In September 2019, attribution was given to Israel for the IMSI catchers discovered in Washington, D.C. two years earlier, shining light on the prevalence of these types of spying devices. Once used solely by law enforcement as a way of finding the international mobile subscriber identity (IMSI) linked to a criminal suspect's SIM card for investigative purposes, now just about anyone can acquire or build an IMSI catcher to intercept a target's communications. With such low barriers to entry, it's no longer just the bad guys who need to be worried about these devices.

How IMSI Catchers Work

At a basic level, an IMSI catcher – also known as a cell-site simulator, fake cell tower, rogue base station, StingRay or dirtbox, to name a few of its many descriptors – consists of two main parts: a radio frontend for sending and receiving radio waves and a network backend for simulating a cellular core network. Today, anyone with a software-defined radio (SDR) and a computing device running an open-source base station program (like OpenBTS) can effectively operate an IMSI catcher.

An IMSI catcher is designed to mimic a real cell tower in order to trick one or more smartphones (or other cellular-enabled devices) within a given area into connecting to it. In the 2G (GSM) era, this was simple enough, since phones were designed to connect to the tower with the highest signal strength and since base stations were not required to verify their identities to phones. Accordingly, an IMSI catcher needed to just broadcast (or appear to broadcast) a much stronger signal than the cell towers around it. But in the 4G (LTE) era, phones are designed to maintain a connection with their current cell tower if the signal strength is above a certain threshold and to connect to neighboring cell towers if a connection is lost. Current IMSI catchers overcome this by masquerading as a neighboring tower or by operating at a higher-priority frequency. Some IMSI catchers even jam the 4G/3G…
Mike Fong
Read full article