mobileN

Everything You Need to Know About IMSI-Catcher Detector

How Does IMSI Numbering Work?

IMSI is a 15-digit number (although it can be 14 digits in some countries) with three parts. The first three digits (the European standard has two digits) represent Mobile Country Code (MCC). The following two digits represent the Mobile Network Code (MNC). The remaining ten digits represent the Mobile Station Identification Number (MSIN).

For example, in IMSI520031234567890, the first three digits, 520, represent Thailand, the next two digits represent 03, representing AIS (Advanced Info Service) cellular company, and the remaining digits represent the MSIN number.IMSI is used to acquire users’ information from Home Location Register (HLR).

However, IMSI is a highly sensitive number you need to keep secret to avoid sim swapping, mobile number takeover, sim hijacking, and other frauds. That’s why cell providers use a randomly-generated IMSI number and rarely send it.

You don’t want attackers to intercept your IMSI – read on to find out how they do it and how to stop them.

What is an IMSI catcher?

IMSI catcher is an electronic device that intercepts, locates, and tracks mobile phone traffic. It is a fake mobile tower that acts as a legitimate mobile network provider. Police can use it for investigations or cybercriminals for man-in-the-middle attacks. IMSI catchers rely on network protocol vulnerabilities and force the mobile phone to pass communication through the planted device.

 IMSI catchers make communication less secure due to the degradation of mobile network protocols. They can intercept your communication, track location, or deny connectivity. IMSI catcher cannot read encrypted data but can intercept and read unencrypted data like text messages and phone calls.

IMSI catcher cannot track numbers if your phone is turned off or in airplane mode, but what’s the point of a phone if you’re going to turn it off? A better method is to install an IMSI Catcher Detector to find out if someone’s trying to intercept your traffic.

What is an IMSI Catcher Detector?

IMSI Catcher Detector is a method to detect the presence of an IMSI catcher. IMSI catcher detectors can be either hardware-based or software-based. Depending on your chosen solution, they can identify IMSI catchers, network jammers, or other baseband attacks. Most detection systems are compatible with all network operators and provide visualization for effective detection.

Types of IMSI Catcher Detectors

Let’s take a look at some of the available IMSI Catcher Detectors for military and personal use.

FirstPoint Mobile Guard

FirstPoint Mobile Guard is a military-grade SIM card-based IMSI catcher detection system that prevents man-in-the-middle attacks using highly secure technology on the SIM-card level. It offers continuous network-based maximum security without requiring complex configurations.

Radio Sentinel

Radio Sentinel is an app available for Armadillo Phones that can detect IMSI catchers, silent message attacks, and SS7 attacks over any network, including 2G, 3G, 4G, and 5G. It warns against incorrect frequencies, unknown networks, empty paging requests, TAU rejections, silent SMS, and other cellular connection misbehaviors.

Unlike other methods, it works offline without requiring third-party systems. It generates a warning if a man-in-the-middle attack is detected. It will automatically disconnect the network under a high-severity attack. Finally, it prevents downgrade attacks as IMSI catchers force cellular communication to use weaker networks. However, it does not work effectively with Android mobile phones.

Osmocom

Osmocom is an open-source software-based firmware that can detect and fingerprint the characteristics of the IMSI catcher of GSM phones. However, it can work with only old phones and old GSM technology.

Android IMSI Catcher Detector (AIMSICD)

AIMSICD is an open-source IMSI catcher detection system for Android systems. It provides multiple features, like a warning if the connection is not encrypted. It also includes real-time network security monitoring and map-based visualization.

SecurCube

SecurCube is a basic-level IMSI catcher detector that only detects malicious IMSI catcher-related activities on LTE networks. It scans the networking environment to collect information and then analyzes LTE, GSM, and UMTS data to identify suspicious activities.

SnoopSnitch

SnoopSnitch is an open-source mobile app that analyzes radio data and mobile phone firmware to identify Android security patches. Note that the app uploads the results to the SnoopSnitch server.

Crocodile Hunter

Crocodile Hunter is an effective (software-supported) hardware-based tool for detecting IMSI catchers from the Electronic Frontier Foundation. Crocodile Hunter uses Software-defined Radio and a dedicated Raspberry Pi or Linux system. It requires the user’s location to find a cellular tower using the WiGLE website. If WiGLE fails to identify the user’s cellular network, it will mark it as an IMSI catcher or man-in-the-middle attack.

However, it has several limitations, as hackers can upload fake cellular towers on WiGLE. Also, it requires expert knowledge and is more costly than other alternatives.

ComSec

ComSec identifies multiple cellular network-related cybersecurity threats like IMSI catchers, cellular communication jammers, and baseband attacks. It also provides features for air interface data analysis, georeferencing, critical criteria editing, and data visualization.

Cell Spy Catcher

Cell Spy Catcher is another effective app available for mobile devices. It generates logs of suspicious events and exports them to a CSV file for detailed analysis. Unlike other apps, it can work with a wide range of cellular services like GSM, UMTS/WCDMA, CDMA, and LTE. It restarts automatically if the device is rebooted and works in the background continuously to detect IMSI catchers.

Conclusion

IMSI is a 15-digit unique SIM identification number that can be caught and misused. For protection, mobile communication uses randomly generated TMSI. The man-in-the-middle can use IMSI catchers to capture IMSI for tapping and intercepting cellular communication. Different tools include FirstPoint, Radio Sentinel, AIMSICD, SecurCube, SnoopSnitch, Crocodile Hunter, ComSec, and Cell Spy Catcher.

What is an IMSIcatcher?

IMSI catcher is an electronic device that intercepts, locates, and tracks mobile phone traffic. It can be considered a fake mobile tower that acts as a legitimate mobile network provider. It can be used by Police for investigations or cybercriminals for man-in-the-middle attacks.IMSI catchers rely on the security weakness or vulnerability of the network protocol and force the mobile phone to pass communication through the planted device to track IMSI. It makes communication less secure due to the degradation of mobile network protocols. It can be used to degrade communication, intercept the communication, track location, or deny connectivity. IMSI catcher cannot read encrypted data, however, it can intercept and read unencrypted data like text messages and phone calls. IMSI catcher cannot track number if mobile phone Airplane mode is turned ON or mobile is switched OFF.

What is IMSI Catcher Detector?

IMSI Catcher Detector is a method to detect the presence of an IMSI catcher. The hackers are a serious threat as they might use an IMSI catcher to intercept communication. There are different methods to detect IMSI catchers. IMSI catcher detectors can be either hardware-based or software-based. IMSI-catcher detectors can identify IMSI catchers, network jammers, or other baseband attacks. Most detection systems are compatible with all network operators and provide visualization for effective detection.

Osmocom is an open-source software-based firmware that can detect and fingerprint the characteristics of the IMSI catcher of GSM phones. However, it can work with only old phones and old GSM technology.There are some mobile applications like SnoopSnitch, Cell Spy Catcher, and Radio Sentinel that can detect IMSI catchers.IMSI catcher Detectors can be divided into military-grade and consumer-level detectors. The software-based IMSI catcher detectors are not fully effective for protecting and detecting IMSI catchers. Some of the most effective IMSI catcher detection systems are briefly discussed below:

1.   FirstPoint Mobile Guard

FirstPoint Mobile Guard is a military-grade SIM card-based IMSI catcher detection system that prevents man-in-the-middle attacks using highly secured technology on the SIM-card level. It offers continuous network-based maximum security without requiring complex configurations.

2.   Radio Sentinel

Radio Sentinel mobile app is available for Armadillo Phones that can detect IMSI catcher, Silent message attacks, and SS7 attacks over any network including 2G, 3G, 4G, and 5G.  It also warns against incorrect frequencies, unknown networks, empty paging requests, TAU rejections, silent SMS and other cellular connection misbehaves. Unlike other methods, it can work offline without requiring third-party systems. It generates a warning if a man-in-the-middle attack is detected. Moreover, it will automatically disconnect the network under a high severity attack. Finally, it also prevents downgrade attacks as IMSI catchers force cellular communication to use weaker networks. However, it cannot work effectively with Android mobile phones.

3.   Android IMSI Catcher Detector (AIMSICD)

AIMSICD is an open-source IMSI catcher detection system for Android systems. It provides multiple features like a warning if the connection is not encrypted. It provides real-time network security monitoring and map-based visualization.

4.   SecurCube

SecurCube is a basic-level IMSI catcher detector that detects malicious IMSI catcher-related activities on LTE networks only. It scans the networking environment to collect information and then analyzes information related to LTE, GSM, and UMTS to identify suspicious activities.

5.   SnoopSnitch

SnoopSnitch is an open-source mobile app that analyzes radio data and mobile phone firmware to identify Android security patches. The results are uploaded to the SnoopSnitch server for app upgrades.

6.   Crocodile Hunter

Crocodile Hunter is an effective (software-supported) hardware-based tool for detecting IMSI catchers that uses Software-defined Radio and a dedicated Raspberry Pi or Linux system. It requires the user’s location to find a cellular tower using the WiGLE website. If WiGLE fails to identify the user’s cellular network, it will mark it as an IMSI catcher or man-in-the-middle attack. 

However, it has several limitations as hackers can upload fake cellular towers on WiGLE. Also, it requires expert knowledge and can be used for a limited number of devices due to its higher cost.

7.   ComSec

ComSec identifies multiple cellular network-related cybersecurity threats like IMSI catchers, cellular communication jammers, and baseband attacks. It also provides features for air interface data analysis, georeferencing, critical criteria editing, and data visualization.

8.   Cell Spy Catcher

Cell Spy Catcher is also an effective app that is based on a self-learning process. It generated logs of suspicious events which are exported to a CSV file for detailed analysis. Unlike other apps, it can work with a wide range of cellular services like GSM, UMTS/WCDMA, CDMA, and LTE. It restarts automatically if the device is rebooted and works in the background continuously to detect IMSI catchers.

Conclusion

IMSI is a 15-digit unique SIM identification number that can be caught and misused. For protection, mobile communication uses randomly generated TMSI. The man-in-the-middle can use IMSI catchers to catch IMSI for tapping and intercepting cellular communication. There are different tools like FirstPoint, Radio Sentinel, AIMSICD, SecurCube, SnoopSnitch, Crocodile Hunter, ComSec, and Cell Spy Catcher.

References

Armadillo. (2022, March 18). How to detect IMSI catchers. Retrieved from Armadillo: https://armadillophone.com/blog/how-to-detect-imsi-catchers

ComSec LLC. (2018, December 21). IMSI Catcher Detector. Retrieved from COMSEC: https://comsecllc.com/imsi-catcher-detector/

McDaid, C. (2019, August 19). What Is An IMSI Catcher? (IMSI Catcher Detection). Retrieved from Adaptive Mobile Security: https://blog.adaptivemobile.com/adaptive-mobile-imsi-catchers

Ouziel, N. (2021, May 19). Top 7 IMSI Catcher Detection Solutions for 2020. Retrieved from FirstPoint: https://www.firstpoint-mg.com/blog/top-7-imsi-catcher-detection-solutions-2020/

Privacy International. (2021, May 5). How IMSI catchers can be used at a protest. Retrieved from Privacy International: https://privacyinternational.org/explainer/4492/how-imsi-catchers-can-be-used-protest

points

Fully decentralized

security

End to end encryption

random

Full randomization

atom

Post quantum cryptology (NIST-NSA Compliant)

server

Network redundant