Stingrays: A truly (IMS)I-catching threat
Anyone can intercept our mobile communication and track our location with this commercially available device
While many people may not know what an IMSI-catcher (aka a stingray) is, the idea behind the device is immediately recognizable to anyone who has seen at least one crime-drama or spy thriller in the past twenty years. For catching the International Mobile Subscriber Identity (IMSI) of a mobile phone, is the key to tracking it’s location, intercepting it’s messages or even blocking it’s access to the network. And with the overwhelming proliferation of mobile communication, it is hard to know who is making more use of these capabilities, the good guys or the bad.
In order for mobile communication to achieve the widespread adoption that it has, all manufacturers had to adopt the same well-known protocols so that any device could communicate over any network. Since this means that the devices are anonymous to the network and vice versa, it became relatively easy for an ‘imposter’ to position itself as a ‘man-in-the-middle’. The IMSI-catcher presents itself to the device as just another base station offering its services to facilitate communication, albeit one with a conveniently strong signal. Since most devices are designed to always seek a better signal, the devices within the range of the stingray will readily connect with it for outgoing calls and messages. On the flip side, the device has a SIM card with which it connects to a legitimate base station, in order to complete the communication all the way to the recipient. Now, the IMSI-catcher is strategically positioned as an invisible go-between for whatever conversations transpire. Not only that, but now that the device has been identified, its activity can be monitored, interfered with or completely shut-down, depending on the motives of the intercepting party. Ultimately, even switching SIM cards will not restore anonymity to the user, since the device IMEI number is also registered by the IMSI-catcher for future tracing.
When will the vulnerability be fixed?
One would think that such a glaring gap in communication security would be addressed immediately; after all, stingray surveillance has been around since early the mobile networks of the 90’s. More importantly, the types of devices that are now reliant on mobile networks (and thereby vulnerable) has grown exponentially, including appliances, ‘smart’ devices and a multitude of sensors with countless applications. However, despite advances in encryption that were implemented in 3G and 4G networks, it is still possible for the IMSI-catcher to ‘force’ the communication onto the more primitive and less secure 2G network protocols, circumventing the encryption. Even the much heralded 5G network standard, which was hammered out after the security risks were well documented, does not completely close those loopholes, since there are still protocol elements that are sent ‘in the clear’ which can be used to identify a specific device by its hardware and software characteristics. There is no doubt that more work will need to be done before we will all be ‘stingray-proof’.