An IMSI catcher is essentially a false mobile tower acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man-in-The-Middle (MiTM) attack. It is used as an eavesdropping device used for interception and tracking of cellular phones and usually is undetectable for the users of mobile phones.
With the recent wave of femto cell technology available to the general public; Hackers are turning these useful devices into devious wire-tapping machines.
- Added a new guide for a newer Ubuntu version - here: ADDED INFO: NB: Jesper Jorwensen tol.
- Baseball catcher's combos are available in various sizes, from youth catcher gear sets to adult-sized, depending on your level of play and age. Since catcher's gear is made with adjustable straps, the different pieces are made to fit ballplayers in a range of ages.
This allows IMSI catchers to impersonate base stations, and capture the IMSI IDs of devices within range of the catcher. Such devices are also capable of forcing phones to use no encryption during.
What is an IMSI?
A unique International Mobile Subscriber Identity (IMSI) is issued to every user of the GSM/UMTS/LTE System.
Composition of IMSI
IMSI is composed of three parts:
- Mobile Country Code (MCC)consisting of 3 digits. The MCC identifies uniquely the country of domicile of the mobile subscriber;
- National Mobile Station Identity (NMSI):
- MobileNetworkCode (MNC)consisting of 2 or 3 digits for GSM/UMTS applications. The MNC identifies the home PLMN of the mobile subscriber. The length of the MNC (two or three digits) depends on the value of the MCC. A mixture of two and three digit MNC codes within a single MCC area is not recommended and is outside the scope of this specification.
- Mobile Subscriber Identification Number (MSIN) identifying the mobile subscriber within a PLMN.
Example IMSI:
234150999999999
- MCC = 234 (UK)
- MNC = 15 (02 UK)
- MSIN = 0999999999
For a full list of MCCs and MNCs visit: http://en.wikipedia.org/wiki/Mobile_country_code
The National Mobile Subscriber Identity (NMSI) consists of the Mobile Network Code and the Mobile Subscriber Identification Number.
In order to support the subscriber identity confidentiality service the VLRs, SGSNs and MME may allocate Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers. The VLR, SGSN and MME must be capable of correlating an allocated TMSI with the IMSI of the MS (Mobile Subscriber or your physical phone ;))to which it is allocated.
VLRs, SGSNs, MME and more will be covered later….
IMSI Catcher
An IMSI catcher is essentially a false mobile tower acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man-in-The-Middle (MiTM) attack. It is used as an eavesdropping device used for interception and tracking of cellular phones and usually is undetectable for the users of mobile phones.
With the recent wave of femto cell technology available to the general public; Hackers are turning these useful devices into devious wire-tapping machines.
How?
The GSM specification requires the handset to authenticate to the network, but does not require the network to authenticate to the handset. This well-known security hole can be exploited by an IMSI catcher.
The IMSI catcher masquerades as a base station and logs the IMSI numbers of all the mobile stations in the area, as they attempt to attach to the IMSI-catcher. It allows forcing the mobile phone connected to it to use no call encryption (i.e., it is forced into A5/0 mode), making the call data easy to intercept and convert to audio.
IMSI catchers are used in some countries by law enforcement and intelligence agencies, but based upon civil liberty and privacy concerns, their use is illegal in others. Some countries do not even have encrypted phone data traffic (or very weak encryption) rendering an IMSI catcher unnecessary.
Surreptitious use of IMSI catchers and stingray device spose a significant threat to USA businesses. ComSec recognizes the acute nature and escalating frequency of cellular surveillance attacks. In response, we developed the capability to detect stingray surveillance and provide actionable real-time information to our business clientele. As the exclusive USA provider of IMSI catcher and stingray surveillance detection services using the OverWatch system, we arm our clientele with exceptional cellular surveillance and eavesdropping detection intelligence that can be used to stop leaks of valuable and privileged information.
Choose IMSI Catcher Surveillance Detection Services As:
- A standalone service;
- Included with In-Conference Monitoring Services
- As a business TSCM service package; and
- During contracted Assurance Option Services.
IMSI Catcher Detector Services
The Extent of the Threat
Federal law enforcement agencies, as well as state and local agencies, use stingray devices and other forms of IMSI catcher technology as an investigative tool. But, this technology is also available to foreign governments and foreign intelligence services, authoritarian regimes, via the black market in China, hackers, etc. If your business information or customer information is of value to an entity with access to the IMSI catcher technology, you have cause for concern. ComSec’s IMSI Catcher detection services are a strategically important tool for any business that may be targeted for cellular surveillance.
How Compromised Cellular Devices Can Be Used
- To conduct nation state sponsored industrial or economic espionage attacks.
- To manipulate or control domestic or foreign affairs that affect policy or regulatory issues.
- To capture sensitive or privileged communications and outmaneuver an adversary.
- To steal development, engineering or other valuable intellectual property information.
- To identify clients, suppliers or other contacts.
- To capture damaging personal information about a business, its leadership or owner(s).
- To interrupt or stop important business communications.
Imsi Catcher Kit Kat
IMSI Catcher Detector Features
- Can identify illegal IMSI catchers, cellular jamming, rogue base stations and baseband attacks.
- Provides comprehensive air interface data analysis and geo referencing.
- Mobile system architecture for on-site detection capabilities.
- Carrier grade SLA, CARE, incidents.
- Compatible with operator redundancy and/or visualization requirements.
- Reports provide intelligence at a city level, street view . . all the way down to cell details, cell comparisons and critical criteria editing.
Imsi Catcher Kit Box
How A Stingray Device Works
Imsi Catcher Kits
Active Mode:
- Extracts stored data (e.g. International Mobile Subscriber Identity (“IMSI”) numbers and Electronic Serial Number (“ESN”) and uses this information to identify the target;
- Writes cellular protocol metadata to the cellular device’s internal storage to control its behavior;
- Forces signal transmission power to increase so it can overtake the cellular device(s);
- Forces a significant quantity of radio signals to be transmitted;
- Intercepts communications content by tricking the cellular device into believe the stingray is a legitimate cell tower;
- Allows tracking and locating the cellular device user even while the device is not being used for a call or to access data services;
- Conducts a denial of service (DOS) attack so service to the cellular device is interrupted;
- Extracts encryption key(s) so it can trick the cellular device into recognizing the roque cell tower as a legitimate cell tower; and
- Radio jamming for either general denial of service purposes or to aid in active mode protocol rollback attacks.
Passive Mode:
Imsi Catcher Kit
- Conducts base station surveys to identify and map the coverage areas of legitimate cell towers.