What is an IMSI Catcher? How mobile networks are manipulated!

M.Sc. Chris Wojzechowski

What is an IMSI Catcher? How mobile networks are manipulated!

An IMSI Catcher can simulate a mobile phone cell of a network operator. Thus, the IMEI number of surrounding devices can be found out. The International Mobile Equipment Identity (IMEI) number is a unique 15-digit serial number. Meanwhile there are devices for listening to connections. The costs range from 300 to 300,000 Euro.

Mobile phones do not immediately check where a message comes from – this leads to problems!

Device eavesdropping, as well as tracking and tracing the location of devices, is popular in high traffic locations such as airports and train stations. Setting up an IMSI catcher does not comply with applicable law.

The main source of the problem, says Yomna Nasser, a technician at the Electronic Frontier Foundation (EFF), is that the devices cannot verify the identity of the mobile phone base station in the early stages of the connection.

A smartphone connects to an IMSI Catcher instead of the real mobile phone cell.
A smartphone connects to an IMSI Catcher instead of the real mobile phone cell. Source: eff.org

The manipulation of the network is an existing problem against which little or nothing can be done by the users. Meanwhile, IMSI stands for “International Mobile Subscriber Identity” and is used for the unique identification of network subscribers.

The IMSI has nothing to do with the telephone number, but helps to track the device. It is unlikely that the problem will be solved in the foreseeable future. The technologies would have to be backwards compatible, as there are already billions of devices on the market and in use.

An IMSI Catcher for 1.500 EUR in self-construction

Just under a decade ago, it was already shown at Defcon that it is in principle also possible to construct the building yourself. At the hacker conference, Chris Paget showed how GMS networks can be eavesdropped with Hardware for about 1,500 EUR.

An IMSI Catcher can become a danger if the emergency call fails

An IMSI Catcher manipulates the mobile network. If an existing mobile network is superimposed, the victim runs the risk of not being able to make an emergency call. Thus, in addition to observing and eavesdropping on the person, the operation can also pose a concrete danger. Little is known about professional, commercial devices.

Is the use of an IMSI Catcher legal?

Normally, telephone monitoring is handled by the operator. This requires a court order. Using an IMSI Catcher can bypass this process.

This data could not be admitted as evidence in court – but at first it is difficult to prove its use. Thus, the police can (technically speaking) always fall back on the use of an IMSI Catcher.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.