Offensive Security

What is an IMSI Catcher? How mobile networks are manipulated!

What is an IMSI Catcher? How mobile networks are manipulated!

An IMSI Catcher can simulate a mobile phone cell of a network operator. Thus, the IMEI number of surrounding devices can be found out. The International Mobile Equipment Identity (IMEI) number is a unique 15-digit serial number. Meanwhile there are devices for listening to connections. The costs range from 300 to 300,000 Euro.

Mobile phones do not immediately check where a message comes from – this leads to problems!

Device eavesdropping, as well as tracking and tracing the location of devices, is popular in high traffic locations such as airports and train stations. Setting up an IMSI catcher does not comply with applicable law.

The main source of the problem, says Yomna Nasser, a technician at the Electronic Frontier Foundation (EFF), is that the devices cannot verify the identity of the mobile phone base station in the early stages of the connection.

A smartphone connects to an IMSI Catcher instead of the real mobile phone cell.
A smartphone connects to an IMSI Catcher instead of the real mobile phone cell. Source: eff.org

The manipulation of the network is an existing problem against which little or nothing can be done by the users. Meanwhile, IMSI stands for “International Mobile Subscriber Identity” and is used for the unique identification of network subscribers.

The IMSI has nothing to do with the telephone number, but helps to track the device. It is unlikely that the problem will be solved in the foreseeable future. The technologies would have to be backwards compatible, as there are already billions of devices on the market and in use.

An IMSI Catcher for 1.500 EUR in self-construction

Just under a decade ago, it was already shown at Defcon that it is in principle also possible to construct the building yourself. At the hacker conference, Chris Paget showed how GMS networks can be eavesdropped with Hardware for about 1,500 EUR.

You are currently viewing a placeholder content from Default. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

An IMSI Catcher can become a danger if the emergency call fails

An IMSI Catcher manipulates the mobile network. If an existing mobile network is superimposed, the victim runs the risk of not being able to make an emergency call. Thus, in addition to observing and eavesdropping on the person, the operation can also pose a concrete danger. Little is known about professional, commercial devices.

Is the use of an IMSI Catcher legal?

Normally, telephone monitoring is handled by the operator. This requires a court order. Using an IMSI Catcher can bypass this process.

This data could not be admitted as evidence in court – but at first it is difficult to prove its use. Thus, the police can (technically speaking) always fall back on the use of an IMSI Catcher.

Photo of author

Vincent Reckendrees

Hallo, ich bin Vincent Reckendrees und leite das Team Offensive Services bei der AWARE7 GmbH. In meinem Bachelor und Master Studium habe ich mich auf IT-Sicherheit spezialisiert und BSI zertifizierter IS-Penetrationstester. Meine Leidenschaft gilt Reverse Engineering, Hardware- und Web-Sicherheit. Als Experte für Penetrationstests finde ich Schwachstellen in Systemen und Netzwerken und nutze sie, um realistische Cyberangriffe zu simulieren und Sicherheitsmaßnahmen zu verbessern. Durch Reverse Engineering entdecke ich Fehler und Verbesserungsmöglichkeiten in Software und Hardware. Meine Fähigkeiten in Hardware- und Web-Sicherheit ermöglichen es mir, physische Geräte und Online-Plattformen vor einer Vielzahl von Cyberbedrohungen zu schützen und ihre Integrität und Zuverlässigkeit zu gewährleisten.