Seva
04-18-2017, 11:09 AM
Harpooning the StingRay: How to Detect and Avoid IMSI Catchers that Spy on Cellular Phones and Internet
Across the world law enforcement agencies, intelligence agencies, and militaries are deploying technology known as IMSI catchers. This technology enables government to conduct mass surveillance of cellular phone and internet activity, intercepting both metadata and content. These cell site simulators also provide the ability to track the location of all mobile devices in the area, and the ability to hack or jam cellular phone and internet services on mobile devices. The IMSI catchers intercept calls and data, using a man-in-the-middle attack, by acting as a fake cell tower (fake GSM base station) which mobile devices in the area see and connect to. Some of the more well known IMSI catchers, or cell site simulators, are the Harris Corporation’s StingRay, KingFish, and Hailstorm, and Boeing/Digital Receiver Technology, Inc.’s DRTbox. These fake base stations are often placed in vehicles and even loaded onto manned and unmanned aircraft.
Mobile devices like smart phones and tablets operating in the same area as an IMSI catcher will be victims of the surveillance, as these surveillance devices do not only target individual mobile devices, they also indiscriminately intercept communications from all devices in the area. In the United States, local, state, and federal agencies have been caught conducting mass surveillance with IMSI catchers without first obtaining a warrant. It isn’t just government that is using these mass surveillance tools, identity thieves have also been known to use IMSI catchers.
Fortunately, there are solutions available that enable people to detect when an IMSI catcher like the StingRay or the DRTbox is in use in their area. While there are several expensive closed source hardware solutions available, free and open source software and hardware solutions also exist. One open source software project designed to detect IMSI catchers is AIMSICD (Android IMSI Catcher Detector). AIMSICD has been in development since 2012, it is still experimental software and is still in the alpha stage of development. Users should expect some false positives and false alerts. The app is not available from the Google Play store, but can instead be downloaded from GitHub, F-Droid, and Aptoide. AIMSICD attempts to detect and avoid IMSI catchers through a variety of different methods, including checking tower information consistency, monitoring signal strength, detecting FemtoCells, and checking for Silent SMS. The app also helps users avoid legitimate cellular base stations that use poor encryption, or which don’t use encryption at all. Six color coded icons are used by the app to display the current threat level.
When AIMSICD displays a green icon, it means no threats have been detected and is using A5/3 encryption or better. A yellow icon being displayed represents a medium threat level, where new base stations may be operating in the area or which are using less secure encryption. A high threat level is represented by an orange icon, which means an IMSI catcher is actively tracking users in the area. The red icon alerts the user that the threat level is dangerous and has detected that an IMSI catcher is actively tracking your device. The app’s black icon features a skull, and means that your device is actively being manipulated remotely.
AIMSICD gathers the location information of cell towers from OpenCellID, however, the OpenCellID project is being shut down and the current maintainers is seeking to find someone else to maintain it. It appears AIMSICD is still being maintained but has yet to release an update which implements another service to use for cell tower location information. AIMSICD requires a rooted Android device in order to be able to function properly. StingWatch, another app for Android that is designed to detect IMSI catchers, does not require a rooted device. Like AIMSICD, StingWatch is also a free and open source software solution for detecting devices like the StingRay, but unlike AIMSICD, StingWatch is available on the Google Play store.
The German SRLabs also has an open source project to detect IMSI catchers, called CatcherCatcher. CatcherCatcher requires an Osmocom phone and a computer running Linux. SRLabs has a second open source project for detecting IMSI catchers, called SnoopSnitch. The SnoopSnitch app requires a rooted Android device which has Qualcomm chips. The app collects data from your radio chips to passively monitor for IMSI catchers, but the app also allows users to conduct active tests where the app places calls and sends texts to collect more data to detect IMSI catchers. It is recommended that you run an active test once or twice a month per location being tested. SnoopSnitch can detect IMSI catchers on the device only, or can also upload some of the data it collects to SnoopSnitch’s server to help anlayze the data. Users concerned with privacy may want to go into setting and choose not to share data with SnoopSnitch’s servers. SnoopSnitch is available on the Google Play store, F-Droid, and on the SRLabs website.
Other projects to detect IMSI catchers are out there, but many are no longer maintained, or never fully worked in the first place. Another solution for users who want protection from IMSI catchers is DVasive Pro, a proprietary app, which is not free, developed by cybersecurity pioneer John McAfee. DVasive Pro includes “Stingray Shield” which allows users to lock down their phones radio transmitters and receivers.
Another step users can take to keep their cellular communications private is to use encrypted communications apps like Signal and Tox, and to use a VPN or Tor to encrypt their cellular internet traffic. While IMSI catchers will still intercept the data packets, they will be encrypted and prevent the attacker from gaining access to the content of your communications. Privacy activists and legislators are also fighting back against this massive violation of privacy rights across the country by pushing to pass legislation at the local and state levels to require warrants for the use of IMSI catchers, or to ban their use, or to provide citizen oversight over the use of such surveillance technology.
Across the world law enforcement agencies, intelligence agencies, and militaries are deploying technology known as IMSI catchers. This technology enables government to conduct mass surveillance of cellular phone and internet activity, intercepting both metadata and content. These cell site simulators also provide the ability to track the location of all mobile devices in the area, and the ability to hack or jam cellular phone and internet services on mobile devices. The IMSI catchers intercept calls and data, using a man-in-the-middle attack, by acting as a fake cell tower (fake GSM base station) which mobile devices in the area see and connect to. Some of the more well known IMSI catchers, or cell site simulators, are the Harris Corporation’s StingRay, KingFish, and Hailstorm, and Boeing/Digital Receiver Technology, Inc.’s DRTbox. These fake base stations are often placed in vehicles and even loaded onto manned and unmanned aircraft.
Mobile devices like smart phones and tablets operating in the same area as an IMSI catcher will be victims of the surveillance, as these surveillance devices do not only target individual mobile devices, they also indiscriminately intercept communications from all devices in the area. In the United States, local, state, and federal agencies have been caught conducting mass surveillance with IMSI catchers without first obtaining a warrant. It isn’t just government that is using these mass surveillance tools, identity thieves have also been known to use IMSI catchers.
Fortunately, there are solutions available that enable people to detect when an IMSI catcher like the StingRay or the DRTbox is in use in their area. While there are several expensive closed source hardware solutions available, free and open source software and hardware solutions also exist. One open source software project designed to detect IMSI catchers is AIMSICD (Android IMSI Catcher Detector). AIMSICD has been in development since 2012, it is still experimental software and is still in the alpha stage of development. Users should expect some false positives and false alerts. The app is not available from the Google Play store, but can instead be downloaded from GitHub, F-Droid, and Aptoide. AIMSICD attempts to detect and avoid IMSI catchers through a variety of different methods, including checking tower information consistency, monitoring signal strength, detecting FemtoCells, and checking for Silent SMS. The app also helps users avoid legitimate cellular base stations that use poor encryption, or which don’t use encryption at all. Six color coded icons are used by the app to display the current threat level.
When AIMSICD displays a green icon, it means no threats have been detected and is using A5/3 encryption or better. A yellow icon being displayed represents a medium threat level, where new base stations may be operating in the area or which are using less secure encryption. A high threat level is represented by an orange icon, which means an IMSI catcher is actively tracking users in the area. The red icon alerts the user that the threat level is dangerous and has detected that an IMSI catcher is actively tracking your device. The app’s black icon features a skull, and means that your device is actively being manipulated remotely.
AIMSICD gathers the location information of cell towers from OpenCellID, however, the OpenCellID project is being shut down and the current maintainers is seeking to find someone else to maintain it. It appears AIMSICD is still being maintained but has yet to release an update which implements another service to use for cell tower location information. AIMSICD requires a rooted Android device in order to be able to function properly. StingWatch, another app for Android that is designed to detect IMSI catchers, does not require a rooted device. Like AIMSICD, StingWatch is also a free and open source software solution for detecting devices like the StingRay, but unlike AIMSICD, StingWatch is available on the Google Play store.
The German SRLabs also has an open source project to detect IMSI catchers, called CatcherCatcher. CatcherCatcher requires an Osmocom phone and a computer running Linux. SRLabs has a second open source project for detecting IMSI catchers, called SnoopSnitch. The SnoopSnitch app requires a rooted Android device which has Qualcomm chips. The app collects data from your radio chips to passively monitor for IMSI catchers, but the app also allows users to conduct active tests where the app places calls and sends texts to collect more data to detect IMSI catchers. It is recommended that you run an active test once or twice a month per location being tested. SnoopSnitch can detect IMSI catchers on the device only, or can also upload some of the data it collects to SnoopSnitch’s server to help anlayze the data. Users concerned with privacy may want to go into setting and choose not to share data with SnoopSnitch’s servers. SnoopSnitch is available on the Google Play store, F-Droid, and on the SRLabs website.
Other projects to detect IMSI catchers are out there, but many are no longer maintained, or never fully worked in the first place. Another solution for users who want protection from IMSI catchers is DVasive Pro, a proprietary app, which is not free, developed by cybersecurity pioneer John McAfee. DVasive Pro includes “Stingray Shield” which allows users to lock down their phones radio transmitters and receivers.
Another step users can take to keep their cellular communications private is to use encrypted communications apps like Signal and Tox, and to use a VPN or Tor to encrypt their cellular internet traffic. While IMSI catchers will still intercept the data packets, they will be encrypted and prevent the attacker from gaining access to the content of your communications. Privacy activists and legislators are also fighting back against this massive violation of privacy rights across the country by pushing to pass legislation at the local and state levels to require warrants for the use of IMSI catchers, or to ban their use, or to provide citizen oversight over the use of such surveillance technology.