2020 / Uncategorized

What is an IMSI Catcher? How mobile networks are manipulated!

What is an IMSI Catcher? How mobile networks are manipulated!

An IMSI Catcher can simulate a mobile phone cell of a network operator. Thus, the IMEI number of surrounding devices can be found out. The International Mobile Equipment Identity (IMEI) number is a unique 15-digit serial number. Meanwhile there are devices for listening to connections. The costs range from 300 to 300,000 Euro.

Mobile phones do not immediately check where a message comes from – this leads to problems!

Device eavesdropping, as well as tracking and tracing the location of devices, is popular in high traffic locations such as airports and train stations. Setting up an IMSI catcher does not comply with applicable law.

The main source of the problem, says Yomna Nasser, a technician at the Electronic Frontier Foundation (EFF), is that the devices cannot verify the identity of the mobile phone base station in the early stages of the connection.

A smartphone connects to an IMSI Catcher instead of the real mobile phone cell.
A smartphone connects to an IMSI Catcher instead of the real mobile phone cell. Source: eff.org

The manipulation of the network is an existing problem against which little or nothing can be done by the users. Meanwhile, IMSI stands for “International Mobile Subscriber Identity” and is used for the unique identification of network subscribers.

The IMSI has nothing to do with the telephone number, but helps to track the device. It is unlikely that the problem will be solved in the foreseeable future. The technologies would have to be backwards compatible, as there are already billions of devices on the market and in use.

An IMSI Catcher for 1.500 EUR in self-construction

Just under a decade ago, it was already shown at Defcon that it is in principle also possible to construct the building yourself. At the hacker conference, Chris Paget showed how GMS networks can be eavesdropped with Hardware for about 1,500 EUR.

You are currently viewing a placeholder content from Default. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

An IMSI Catcher can become a danger if the emergency call fails

An IMSI Catcher manipulates the mobile network. If an existing mobile network is superimposed, the victim runs the risk of not being able to make an emergency call. Thus, in addition to observing and eavesdropping on the person, the operation can also pose a concrete danger. Little is known about professional, commercial devices.

Is the use of an IMSI Catcher legal?

Normally, telephone monitoring is handled by the operator. This requires a court order. Using an IMSI Catcher can bypass this process.

This data could not be admitted as evidence in court – but at first it is difficult to prove its use. Thus, the police can (technically speaking) always fall back on the use of an IMSI Catcher.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.