If you think Face ID or fingerprint scanners are keeping the data in your smartphone safe, you are gravely mistaken. International Mobile Subscriber Identity (IMSI) Catchers are wreaking data security havoc on a global scale today. This hacking tool, although not really new, has become the weapon of choice to target unsuspecting smartphone users.

This is an obvious concern for cellular phone users. However, if we are to learn anything from the government crackdown on the corporations charged with collecting, processing, and protecting data transferred via digital communications then Mobile Network Operators (MNOs) should be able to see the writing on the wall.

It’s only a matter of time before MNOs will be held to higher scrutiny and be required to add additional layers of cyber protection to their networks. In the meantime, subscribers themselves are growing increasingly worried about eavesdropping and about their personal data being hijacked by would-be attackers. MNOs that want to provide added value to their subscribers should consider the additional layers of security they can offer their subscribers.

One of the most popular methods used by attackers to infiltrate cellular devices is launching Man in the Middle Attacks using IMSI Catchers. These devices, also known as Stingrays, can perform a wide range of malicious actions like identity theft, data harvesting, and real-time location tracking. For concerned MNOs, IMSI Catchers and Man in the Middle should be high on the list of attacks they aim to prevent.

What is an IMSI Catcher?

IMSI Catchers act like false cell towers that trick the victim’s device to connect to them. The communications (calls, text messages, Internet traffic, and more) are intercepted, then relayed to the target cell tower of the network carrier. To make matters worse, the victim is mostly unaware of what is happening. This type of hack is also known as a man-in-the-middle (MitM) attack.

How does this contraption work?

This cybercriminal activity is made possible due to a loophole in the GSM protocol. Mobile phones are constantly looking for the tower with the strongest signal to provide the best reception, which is usually the nearest one. It might, however, not be a genuine mobile provider tower.

When a device connects to a cell tower, it authenticates to it via its International Mobile Subscriber Identity (IMSI). IMSI is a unique identifier linked to your SIM card and is one of the pieces of data used to authenticate your device to the mobile network. The issue, however, is that the tower doesn’t have to authenticate back.

This is why the IMSI Catcher is so effective. It simply pretends to be a cell tower near your phone, then seamlessly connects to it, and starts to harvest information.

IMSI Catchers: Blazing Comets in the Cybercrime Space

The simplistic nature of this mechanism is helping cybercriminals carry out their malicious acts with alarming ease. All they need is a laptop, some cheap hardware that is available on the net, and a few commands to initiate the hacking process in just a few minutes. It’s that simple.

3 Types of Cyber Attacks by IMSI Catchers

Communication Interception – This is the most basic form of hacking performed today. The attackers simply “catch” the device’s International Mobile Subscriber Identity (IMSI) in a classic case of digital identity theft. The next step is spoofing authentication, where the Stingray “convinces” the genuine mobile network that it’s actually the targeted mobile phone for all communication purposes. This is done by the IMSI Catcher sending a Location Update Request to a legitimate cell tower and identifying itself with the stolen IMSI. Dealing with smartphone encryption security mechanisms is also not a big challenge due to the victim’s phone “helping” with the requests. Location Tracking – Often overlooked by security service providers, location tracking is becoming more and more common as it requires no cooperation from cell providers. For law enforcement authorities to track suspects or criminals they (usually) require a warrant and the cooperation of mobile service providers. IMSI Catchers can now be used to check for the presence of a victim or perpetrator in a specific area or even figure out their exact location without the need for operator cooperation. Denial of Service (DoS) – Cell network denial of service is executed by connecting the device to the fake cell tower. Once the device is on the fake tower, it’s not connected to the real network, and the device is denied connectivity. Only if the attacker chooses, then the device is connected to the network through the attacker’s system (aka Man-in-the-Middle).

The Emergence of IMSI Catcher Detection Solutions

The cybersecurity market has grown at an exponential rate over the last decade. Yes, there are consumer solutions on offer to fight IMSI Catchers. However, as per recent WIRED research, the available consumer-level tools were found to be partially effective at best when it came to detecting malicious activity involving snooping.

The reasons are quite clear. The basic GSM architecture is full of security loopholes that are tough to seal up completely. To a skilled hacker, smartphones are “dumb” devices that can work as per their wishes once they have been compromised.

Top 7 IMSI Catcher Detection Solutions for 2020

Available IMSI catcher detection solutions today can be roughly divided into two categories: consumer-level and military-grade solutions. The software solutions offered to users online are, as mentioned above, only partially effective in protecting users and their devices. While they may provide some peace of mind to the average smartphone user, it is simply not enough to protect sensitive corporate data often found on the devices of company employees.

Military-Grade Catcher Detection & Prevention (B2B)

1. FirstPoint Mobile Guard

FirstPoint Mobile Guard provides a unique military-grade capability to detect IMSI Catchers and prevent Man in the Middle Attacks at the network level. Designed for cutting-edge protection on the SIM-card level and mass-deployment in large organizations, the main strength of this solution is its ease of use.

Just insert the FirstPoint SIM card into the smartphone or IoT device you wish to protect and FirstPoint does the rest. This solution is extremely suitable for organizations and governments who want maximal security at minimal configuration. This cyber security-as-a-service provides continuous network-based protection with little to no maintenance required once it is installed in the employee devices.

Consumer-Grade IMSI Catcher Detection Apps (B2C)

There are several consumer-grade IMSI Catcher Detection solutions available on the market for free or for a small sum. However, we do not recommend using any of them as attackers can easily bypass them. If you subscribe to the “something is better than nothing” school of thought then the below could be what you’re looking for.

2. Android IMSI Catcher Detector (AIMSICD)

As the name suggests, AIMSICD is an open-source-based Android app to detect and avoid IMSI Catchers or other base-stations (mobile antennas) with poor or no encryption. This solution also warns users if the connection ciphering is turned off, and when their phones are being subject to hidden tracking via Silent/Stealth (Type-0) SMS. AIMSICD also enables several other protection-mechanisms to safeguard you from IMSI and other types of mobile network attacks.

AIMSICD also includes a real-time network security status indicator and a map-based security overview of the mobile network area.

3. SecurCube

The SecurCube solution detects malicious IMSI Catcher activity on LTE networks. It works by scanning the network environment to collect information about all the cell towers in the area. The next step involves analyzing of LTE, GMS, and UMTS bandwidths to discover suspicious activity. Once detected, the user receives an alert in real-time.

4. SnoopSnitch

SnoopSnitch (another open-source app) adopts a different approach to combat IMSI Catchers. It analyzes your phone’s firmware for installed or missing Android security patches (even on rooted devices). SnoopSnitch can also collect and analyze mobile radio data to make you aware of your mobile network security and to warn you about threats like IMSI catchers and user tracking.

SnoopSnitch is a community app. Patch analysis results and firmware build details are uploaded to its server to enable improvements and upgrades.

5. Darshak

This (yet another) open-source application has been proven to be effective in detecting suspicious activity and can be used to assess the security capabilities of your current cell provider.

Darshak detects and alerts you when you receive a “silent SMS”, while also displaying ciphering algorithms used by your operator for GSM. It’s important to note however that this solution is not compatible with LTE frequencies.

6. ComSec

ComSec is a service that can identify illegal IMSI catchers, cellular jamming, rogue base stations and baseband attacks. It is compatible with operator redundancy and/or visualization requirements, while also providing comprehensive air interface data analysis and georeferencing. ComSec arms users with cell details, cell comparisons, critical criteria editing, and more.

7. Cell Spy Catcher

This app has a unique “self-learning-process” which is executed upon first installation. Once complete, it provides the user with logs of suspicious events, which can also be exported as CSV files. It has support for – GSM, UMTS/WCDMA, CDMA, and LTE. Cell Spy Catcher runs in the background and restarts automatically when the device is rebooted.

5G and IMSI Catchers

There’s no such thing as airtight security. As 5G proliferates, the future of cellular connectivity is extremely bright. However, as with all bright objects, 5G can illuminate but Enterprises, Governments, and Mobile Network Operators need to be careful that its bright light does not blind them to inherent cyber vulnerabilities that 5G does not and cannot solve for.

This is especially true in regard to Man-in-the-Middle Attacks launched by IMSI Catchers. These types of attacks are extremely simple to launch yet dangerously effective. A network level solution is not only necessary it should be compulsory to finally curtail the expanding numbers of cellular cyber attacks.