IMSI Catchers and How to Circumvent Them

Ever watched a spy movie (including the James Bond movies) where they can easily listen to other people’s mobile phone conversations easily at the press of a button? I always thought it was just one of those movie things that does not actually happen in re l life. But I was totally shocked when I learned that this mobile phone tapping is not only possible but is ridiculously very easy. Any 5 year old can listen to other people’s mobile phone conversations with the help of an IMSI Catcher device.

What is an IMSI Catcher?
An IMSI catcher, as they are called, is a simple man-in-the-middle attack device that masquerades as a local cellphone tower. Your mobile phone sees this IMSI catcher as just another cellphone tower with a much stronger signal and connects to it. The signal from IMSI catcher is stronger than the real cellphone tower because it is much closer to your mobile phone. IMSI catcher then relays the phone traffic between the real cellphone tower and your cell phone, conveniently intercepting any data it wants.

IMSI Catcher

Use non-GSM network
The big question is how to prevent yourself from becoming another IMSI catcher victim? The short answer is just simply switch to a non-GSM network. The IMSI catchers rely on a vulnerability in the GSM protocol that makes handsets (mobile phones) to identify themselves using their IMEI code to the cellphone towers, but has no such rule for verification of the cellphone towers. Using this loophole, an IMSI catcher device can pretend to be a cellphone tower. So one solution to prevent such attacks is to just use a CDMA or  HSPA network.

Switch to 4G/3G network
If you have a smart phone that allows switching from 2G to 4G/3G and vice-versa, then keep your mobile phone switched to 4G or 3G network of your mobile operator. This is because most of the IMSI catchers target the 2G networks. Furthermore, 3G networks use LTE, UMTS or HSPA frequencies and do not use the GSM network. Although UMTS is based on GSM, it is considered a little safer.

Use Encrypted Phone Calling Apps
IMSI catchers are basically used to intercept and listen to your regular phone conversations. So in order to protect your phone conversations, you can use any of the apps that allow making phone calls through the mobile data account (3G/4G) or through the WiFi network. For even more protection, you can use an app like RedPhone that allows encrypted phone calls.

Look for sudden unusually strong mobile signals
If you are generally receiving a bad mobile signal throughout the city but when you arrive in your office room, suddenly the signal gets strong for no explicable reason, then you could be the target of IMSI catcher. Download a signal app like Network Signal Info and walk around to find where the signal gets stronger. If the signal is not getting stronger in the directions of a known cellphone tower, then it could be an IMSI catcher at work. But this could also be possible because your office has a signal repeater or signal booster installed.

SnoopSnitch for Android
SnoopSnitch for Android is a simple app to analyze your mobile radio data and warn you about threats like IMSI catchers. Although it is a useful app, it is severely limited as it works only with smart phones having Qualcomm SoC, stock Android ROM installed and the phones have to be rooted. Not many smart phones can fulfill this criteria.

Conclusion: IMSI Catchers can intercept your mobile phone calls without you ever knowing about it. The only solution to avoid being a victim of such an attack is to be alert about suspicious mobile networks around you showing unusually strong signals.