IMSI-catcher

From Wikipedia, the free encyclopedia

An IMSI catcher is a device for intercepting GSM mobile phones. It subjects the phones in its vicinity to a man in the middle attack, acting to them as a preferred base station in terms of signal strength.

The IMSI catcher logs the IMSI numbers of all the mobile phones in the area, as they attempt to attach to the base station, and can determine the phone number of each individual phone. It also allows forcing the mobile phone connected to it to revert to A5/0 for call encryption (in other words, no encryption at all), making the call data easy to intercept and convert to audio. It can also tap and record the phonecalls on its own.

The GSM specification requires the handset to authenticate to the network, but does NOT require the network to authenticate to the handset, which is a glaring and reportedly intentional security hole.

IMSI catchers are used by law enforcement and intelligence agencies.

Several countermeasures against IMSI catchers exist. A directional antenna can be used to lock the telephone to a distant base station, making it not see the nearby IMSI catcher, or the phone can be forced to a specific base station ID (if the firmware supports it), sacrificing mobility for security. To avoid being wiretapped, even if the phone is still seen and recognized, a GSM compatible secure telephone or cipher unit for end-to-end voice encryption is required.

[edit] See also

• Telephone tapping, cellphone location data