What is IMSI?

International Mobile Subscriber Identity (IMSI) is a 15-digit, 64-bit field, and unique number that identifies cellular network users. IMSI number is used with Global System for Mobile Communication (GSM) and Universal Mobile Telecommunication System (UMTS) networks to identify users.IMSI follows ITU E.212 numbering standard. ISMI is a 15-digit number (it can be 14 digits in some countries) that has three parts. The first three digits (the European standard has 2 digits) represent Mobile Country Code (MCC). The next two digits represent the Mobile Network Code (MNC). The remaining 10 digits represent the Mobile Station Identification Number (MSIN). For example, in IMSI520031234567890, the first three digits 520 represent Thailand, the next two digits represent 03 representing AIS (Advanced Info Service) cellular company, and the remaining digits represent the MSIN number.IMSI is used to acquire users’ information from Home Location Register (HLR). However, IMSI is a highly-sensitive number that must be protected to avoid sim swapping, mobile number takeover, sim hijacking, and other frauds. That’s why IMSI is sent rarely and a randomly-generated TMSI number is used.

What is an IMSIcatcher?

IMSI catcher is an electronic device that intercepts, locates, and tracks mobile phone traffic. It can be considered a fake mobile tower that acts as a legitimate mobile network provider. It can be used by Police for investigations or cybercriminals for man-in-the-middle attacks.IMSI catchers rely on the security weakness or vulnerability of the network protocol and force the mobile phone to pass communication through the planted device to track IMSI. It makes communication less secure due to the degradation of mobile network protocols. It can be used to degrade communication, intercept the communication, track location, or deny connectivity. IMSI catcher cannot read encrypted data, however, it can intercept and read unencrypted data like text messages and phone calls. IMSI catcher cannot track number if mobile phone Airplane mode is turned ON or mobile is switched OFF.

What is IMSI Catcher Detector?

IMSI Catcher Detector is a method to detect the presence of an IMSI catcher. The hackers are a serious threat as they might use an IMSI catcher to intercept communication. There are different methods to detect IMSI catchers. IMSI catcher detectors can be either hardware-based or software-based. IMSI-catcher detectors can identify IMSI catchers, network jammers, or other baseband attacks. Most detection systems are compatible with all network operators and provide visualization for effective detection.

Osmocom is an open-source software-based firmware that can detect and fingerprint the characteristics of the IMSI catcher of GSM phones. However, it can work with only old phones and old GSM technology.There are some mobile applications like SnoopSnitch, Cell Spy Catcher, and Radio Sentinel that can detect IMSI catchers.IMSI catcher Detectors can be divided into military-grade and consumer-level detectors. The software-based IMSI catcher detectors are not fully effective for protecting and detecting IMSI catchers. Some of the most effective IMSI catcher detection systems are briefly discussed below:

1.   FirstPoint Mobile Guard

FirstPoint Mobile Guard is a military-grade SIM card-based IMSI catcher detection system that prevents man-in-the-middle attacks using highly secured technology on the SIM-card level. It offers continuous network-based maximum security without requiring complex configurations.

2.   Radio Sentinel

Radio Sentinel mobile app is available for Armadillo Phones that can detect IMSI catcher, Silent message attacks, and SS7 attacks over any network including 2G, 3G, 4G, and 5G.  It also warns against incorrect frequencies, unknown networks, empty paging requests, TAU rejections, silent SMS and other cellular connection misbehaves. Unlike other methods, it can work offline without requiring third-party systems. It generates a warning if a man-in-the-middle attack is detected. Moreover, it will automatically disconnect the network under a high severity attack. Finally, it also prevents downgrade attacks as IMSI catchers force cellular communication to use weaker networks. However, it cannot work effectively with Android mobile phones.

3.   Android IMSI Catcher Detector (AIMSICD)

AIMSICD is an open-source IMSI catcher detection system for Android systems. It provides multiple features like a warning if the connection is not encrypted. It provides real-time network security monitoring and map-based visualization.

4.   SecurCube

SecurCube is a basic-level IMSI catcher detector that detects malicious IMSI catcher-related activities on LTE networks only. It scans the networking environment to collect information and then analyzes information related to LTE, GSM, and UMTS to identify suspicious activities.

5.   SnoopSnitch

SnoopSnitch is an open-source mobile app that analyzes radio data and mobile phone firmware to identify Android security patches. The results are uploaded to the SnoopSnitch server for app upgrades.

6.   Crocodile Hunter

Crocodile Hunter is an effective (software-supported) hardware-based tool for detecting IMSI catchers that uses Software-defined Radio and a dedicated Raspberry Pi or Linux system. It requires the user’s location to find a cellular tower using the WiGLE website. If WiGLE fails to identify the user’s cellular network, it will mark it as an IMSI catcher or man-in-the-middle attack. 

However, it has several limitations as hackers can upload fake cellular towers on WiGLE. Also, it requires expert knowledge and can be used for a limited number of devices due to its higher cost.

7.   ComSec

ComSec identifies multiple cellular network-related cybersecurity threats like IMSI catchers, cellular communication jammers, and baseband attacks. It also provides features for air interface data analysis, georeferencing, critical criteria editing, and data visualization.

8.   Cell Spy Catcher

Cell Spy Catcher is also an effective app that is based on a self-learning process. It generated logs of suspicious events which are exported to a CSV file for detailed analysis. Unlike other apps, it can work with a wide range of cellular services like GSM, UMTS/WCDMA, CDMA, and LTE. It restarts automatically if the device is rebooted and works in the background continuously to detect IMSI catchers.

Conclusion

IMSI is a 15-digit unique SIM identification number that can be caught and misused. For protection, mobile communication uses randomly generated TMSI. The man-in-the-middle can use IMSI catchers to catch IMSI for tapping and intercepting cellular communication. There are different tools like FirstPoint, Radio Sentinel, AIMSICD, SecurCube, SnoopSnitch, Crocodile Hunter, ComSec, and Cell Spy Catcher.

References

Armadillo. (2022, March 18). How to detect IMSI catchers. Retrieved from Armadillo: https://armadillophone.com/blog/how-to-detect-imsi-catchers

ComSec LLC. (2018, December 21). IMSI Catcher Detector. Retrieved from COMSEC: https://comsecllc.com/imsi-catcher-detector/

McDaid, C. (2019, August 19). What Is An IMSI Catcher? (IMSI Catcher Detection). Retrieved from Adaptive Mobile Security: https://blog.adaptivemobile.com/adaptive-mobile-imsi-catchers

Ouziel, N. (2021, May 19). Top 7 IMSI Catcher Detection Solutions for 2020. Retrieved from FirstPoint: https://www.firstpoint-mg.com/blog/top-7-imsi-catcher-detection-solutions-2020/

Privacy International. (2021, May 5). How IMSI catchers can be used at a protest. Retrieved from Privacy International: https://privacyinternational.org/explainer/4492/how-imsi-catchers-can-be-used-protest