IMSI Catchers are a kind of equipment that government agencies probably use to connect the mobile phones of those being monitored. So, why should ordinary citizens who respect the law be afraid of them? Well, because governments are no longer monopolizing the use of IMSI Catchers. However, there are activities that can be taken against them.
Almost a couple of months back, CBS TV network in Canada revealed that several IMSI Catchers had been identified in Ottawa, capital of the country. This story shows you clearly what should you worry about these devices but who use them is not cleared, so far. In the early 2000s, when the device emerged first, law enforcement and intelligence agencies in governments were monopolized on their use. These devices are now accessible for a few hundred bucks in multiple online stores until 2017.
How does it work?
They function as fake cell towers, trickle the device for a target to connect to them and then relay the communication to the network carrier's real cell tower. That enabled the device to be accessed and read and heard through all interactions of the target, such as calls, SMS communication, as well as internet traffic. At the same moment, the victim is unaware that it happens because it seems like everything is happening in the right way as it should be. That is called a MitM (Man-in-the-middle) attack in the security field.
It can quickly be done – thanks to a loophole within the GSM protocol. The highest signal from the tower is always looked for by mobile devices to provide the most top reception – generally the nearest one. Simultaneously, when the phone connects to a cell tower, it is International Mobile Service Identity (IMSI) authenticates to it - but the tower does not need to authenticate back. Therefore, why would someone login to your phone and provide your IMSI when they put a device which acts as a cell tower?
That’s the reason why data protection defenders are worried even if government agencies use this equipment under the law. In a certain radius, IMSI Catchers obtain information on any phone and can listen to all the devices in the area on calls once again. The problem with this collateral information is what law enforcement and intelligence do. What criminals who purchased a Stingray on the Internet do with that information, is even more significant.
How to Stay Safe?
You can't do anything to stop the connection of your phone to the false tower if you are, unluckily within the range of an IMSI Catcher. That is why the content of communication is covered by different mobile security firms. Encryption renders information incomprehensible to third parties who have no key to decrypt it. When the transmission is scrambled by robust modern encryption algorithms, it is not possible for a listener or spy to decode it.
However, encryption is only the first defence line. Stingrays intercept devices IMSI, as we have mentioned above. It could be used to monitor a phone's location as well as its owner's place. Some other tools that come with IMSI Catcher feature can be used to hack the smartphone's baseband processor directly. That enables an attacker to undermine encryption by intercepting device communications before encryption. You should altogether avoid this by keeping IMSI Catchers clear. Thankfully, there is a way to distinguish them from a reasonable distance.
For instance, some secure smartphones come with pre-installed IMSI Catcher Detector App. It consists of a wide list of cell towers of mobile carriers in numerous countries, i.e. the United States, UK and Canada and updates this list frequently. Whenever a cell tower is detected, the database checks the list thoroughly and connects it if it’s safe without any danger.