How Can We Hack your Smartphone easily with IMSI Catchers
Updated: May 10
IMSI Catchers act like false cell towers that trick the victim’s device to connect to them. The communications (calls, text messages, Internet traffic, and more) are intercepted, then relayed to the target cell tower of the network carrier. To make matters worse, the victim is mostly unaware of what is happening. This type of hack is also known as a man-in-the-middle (MitM) attack. How does this contraption work? This cybercriminal activity is made possible due to a loophole in the GSM protocol. Mobile phones are constantly looking for the tower with the strongest signal to provide the best reception, which is usually the nearest one. It might, however, not be a genuine mobile provider tower.
When a device connects to a cell tower, it authenticates to it via its International Mobile Subscriber Identity (IMSI). IMSI is a unique identifier linked to your SIM card and is one of the pieces of data used to authenticate your device to the mobile network. The issue, however, is that the tower doesn’t have to authenticate back. This is why the IMSI Catcher is so effective. It simply pretends to be a cell tower near your phone, then seamlessly connects to it, and starts to harvest information. IMSI Catchers: Blazing Comets in the Cybercrime Space The simplistic nature of this mechanism is helping cybercriminals carry out their malicious acts with alarming ease. All they need is a laptop, some cheap hardware that is available on the net, and a few commands to initiate the hacking process in just a few minutes. It’s that simple. 3 Types of Cyber-Attacks by IMSI Catchers
Communication Interception – This is the most basic form of hacking performed today. The attackers simply “catch” the device’s International Mobile Subscriber Identity (IMSI) in a classic case of digital identity theft. The next step is spoofing authentication, where the Stingray “convinces” the genuine mobile network that it’s actually the targeted mobile phone for all communication purposes. This is done by the IMSI Catcher sending a Location Update Request to a legitimate cell tower and identifying itself with the stolen IMSI. Dealing with smartphone encryption security mechanisms is also not a big challenge due to the victim’s phone “helping” with the requests.
Location Tracking – Often overlooked by security service providers, location tracking is becoming more and more common as it requires no cooperation from cell providers. For law enforcement authorities to track suspects or criminals they (usually) require a warrant and the cooperation of mobile service providers. IMSI Catchers can now be used to check for the presence of a victim or perpetrator in a specific area or even figure out their exact location without the need for operator cooperation.
Denial of Service (DoS) – Cell network denial of service is executed by connecting the device to the fake cell tower. Once the device is on the fake tower, it’s not connected to the real network, and the device is denied connectivity. Only if the attacker chooses, then the device is connected to the network through the attacker’s system (aka Man-in-the-Middle).
The Emergence of IMSI Catcher Detection Solutions The cybersecurity market has grown at an exponential rate over the last decade. Yes, there are consumer solutions on offer to fight IMSI Catchers. However, as per recent WIRED research, the available consumer-level tools were found to be partially effective at best when it came to detecting malicious activity involving snooping. The reasons are quite clear. The basic GSM architecture is full of security loopholes that are tough to seal up completely. To a skilled hacker, smartphones are “dumb” devices that can work as per their wishes once they have been compromised.