Your Cart is Empty
Recommended Products
GoDark® Faraday Bag for Tablets
$69.97
How IMSI Catchers, Like Stingrays, Track Your Location
Today’s mobile devices are among the most sophisticated and capable computing devices ever made. They can match desktops and laptops in speed and also offer more applications and capabilities.
For instance, mobile devices come with a wide range of additional sensors like a gyroscope, compass, multiple radio interfaces, and so on.
While these added functions make mobile devices handier, they also expose them to more risks. One particularly menacing threat is that from an IMSI catcher, also called a Stingray.
International mobile subscriber identity, or IMSI, catchers are invasive surveillance tools used for eavesdropping, intercepting mobile phone traffic, location tracking, and harvesting personal data.
We’re going to be looking at how IMSI catchers work, how they can track a target’s location, and how to beat them.
Table of Contents
What if I Turn Airplane Mode On?
Can I Still Be Tracked Without My Sim Card?
Will a GoDark Bag Drain My Battery?
Will My Phone Alarm Work Inside a GoDark Bag?
The Man-in-the-Middle Attack
International mobile subscriber identity, commonly known as IMSI, is a unique number given to every user of a cellular network via their SIM card.
In 2G connections, when mobile devices search for a signal, they scan all available frequencies in a defined radius and, by default, connect to the strongest signal.
IMSI catchers exploit this design feature by masquerading as actual cell towers. As such, when your phone is within its defined radius, an IMSI catcher will act as a cell-site simulator and transmit signals with a higher priority frequency than genuine cell network towers.
The targeted mobile phone detects this transmission as a closer cell tower with the strongest signal and will connect to it.
After your phone connects to the cell-site simulator, the simulator will make an identity request to get your IMSI. A cell network will do an identity request to confirm that you are a paying customer with a mobile device. After acquiring your phone’s IMSI, the fake tower connects your phone back to the real mobile network and moves on to catch another phone’s IMSI.
For modern smartphones using LTE frequencies, IMSI catchers can do even more sophisticated attacks, since these phones have more advanced encryption and security measures than previous generations of mobile networks.
Today’s phones are designed to stay connected to their current cell tower if the mobile network signal strength is above a specific threshold. They will connect to other towers when this connection is lost.
IMSI catchers can execute cell network denial of service or downgrade 4G and 3G connections to 2G by rejecting a tracking area update request by the targeted mobile phone. Mobile phones use this to keep the mobile network updated on their most recent location and therefore receive and distribute incoming phone calls faster.
After rejecting the request, the fake tower will also send information that forces the phone into a state where it can only accept 2G connections, wherein the MITM attack can now commence.
The next step for MITM attackers using your phone’s stolen IMSI is spoofing authentication, which allows them to persuade legitimate networks that they are the real mobile phone.
Any incoming phone calls and your history thereof, mobile traffic, and other personal information is now accessible to the attacker. Aside from identity theft and data harvesting, an MITM attack can include real-time location tracking.
After all this, what’s more alarming is that you continue using your device without realizing that there’s a man in the middle listening and watching.
Who Uses IMSI Catchers?
Initially, IMSI catchers were only available to the military. However, since 2011, the Federal Communications Commission (FCC) has authorized the equipment for federal, state, and local law enforcement officials.
Under the terms of this authorization, state and local law enforcement agencies had to coordinate with the FBI before acquiring and using the equipment.
Given the power of IMSI catchers, this condition was necessary to prevent abuse and protect citizens’ right to privacy.
Unfortunately, IMSI catchers are now in the hands of malicious actors, and it’s alarming. In a letter to Senator Ron Wyden, the Department of Homeland Security (DHS) publicly acknowledged the presence of rogue Stingray devices in Washington.
The letter responded to Senator Wyden’s query on the DHS’ awareness of IMSI catchers in Washington. Wyden wanted to know:
- Has the DHS detected foreign IMSI catchers in Washington?
- Does the DHS have the technical capacity to spot these catchers?
- Has the DHS found IMSI catchers in other major US cities?
The DHS admitted to knowing about the devices but lacking the necessary budget and capability to detect them.
The department also confirmed its awareness of catchers in other cities and collaboration with other federal partners.
With rogue catchers on the loose, the stakes for business leaders, politicians, government officials, and private citizens are high. Threats range from criminals seeking financial gain to foreign powers looking to create influence.
The good news is that IMSI catchers are beatable. Adopting appropriate personal security measures can help you and your devices stay safe.
Stopping IMSI Catchers
“There’s got to be an app for that.”
You’re probably considering downloading IMSI catcher detection apps or a cell spy catcher from your app store. Indeed, there are many of them. The problem is, they don’t work.
In a recent study by Oxford’s computer science department, researchers tested five popular Stingray detector apps on Google Play. More than 1,500,000 people have downloaded these apps.
The researchers found that while the apps offer a level of detection, some could not effectively detect their Stingray attacks. As a result, they could:
- Send silent SMS messages and make silent calls on the test phone.
- Access the test phone’s GPS location.
- Downgrade the test phone from a 3G network to a 2G.
- Alter the test phone’s Network Identity and Time Zone (NITZ), causing the OS to crash.
Stingray detector apps have limited root access, which is required to detect some of the attacks—for instance, silent calls. Therefore, even with the most popular apps, your phone is still vulnerable to IMSI catchers.
The most effective way of beating these man-in-the-middle attacks involves signal blocking.
IMSI catchers trick your phone by transmitting signals that mimic authentic cell towers. If this transmission fails to reach your device, the attack becomes ineffective.
This idea is the concept behind Faraday bags, which is an excellent security option against IMSI catchers. A Faraday bag protects your device by preventing radio waves from penetrating the bag’s material.
It consists of an enclosed space surrounded by conductive material, which conducts the radio waves around the bag and away from the enclosed space.
GoDark Faraday Bags
When it comes to making Faraday bags, GoDark Bags takes it to a whole other level.
With a 600D poly outer shell, a polyurethane face coat, and a thermoplastic polyurethane backing, GoDark Bags are waterproof and puncture-resistant.
The inner bag consists of nickel and copper-woven fabric, which is responsible for signal blocking.
The following table highlights GoDark Bags’ main signal-blocking features and capabilities—for instance, frequency ranges and the types of signals they can block.
|
|
Signal blocking for:
|
Stopping IMSI Catchers with Airplane Mode
You’ve probably considered airplane mode as a defense strategy against IMSI catchers, but does it work?
Airplane mode only stops your phone’s transmission; it doesn’t prevent your phone from receiving phone signals. So while in this mode, your phone will record your location history and then transmit that data once airplane mode is off.
You’re safer with a Faraday bag.
GoDark Bags block all incoming and outgoing cell signals, preventing your phone from recording your location. Without a record of your whereabouts, your phone has nothing to transmit once airplane mode is off, rendering man-in-the-middle attacks useless.
Stopping IMSI Catchers by Turning Your Phone Off
Indeed, turning off your cell phone should stop your phone from transmitting and receiving cellular signals. However, the problem with this approach is that modern cell phones don’t switch off completely.
Whether you’re using Android or iOS, your primary operating system doesn’t control your phone’s radio transmitter and receiver. Instead, a separate subsystem—Baseband—runs your radio system.
As such, turning off your operating system doesn’t mean your radio system switches off. This design feature is how drones can target mobile phones even when they’re off. It’s also why turning off your mobile device offers no defense against IMSI catchers.
Going Dark With GoDark Bags
“Supper (sic) happy the GoDark Bag blocked GPS, WiFi and Cell signals as advertised, even when my bag is upside down and the tablet is pressed against the closure”
—Kim C.
It’s no longer a question of your privacy or your way of life. With GoDark Bags, you can have both.
Our products are built to last and work as well years from now as they do today. This promise is why our premium bags come with a lifetime guarantee.
Contact us today to learn more about how we can enhance your privacy.
Frequently Asked Questions
Can I Still Be Tracked Without My SIM Card?
Yes, even without your SIM card’s international mobile subscriber identity, digital identity thieves can still trace your phone.
Every phone has a built-in identification number, the International Mobile Equipment Number (IMEI). Your IMEI number enables service providers to identify your phone and location as it connects to a cell tower.
An IMEI number also enables the police to track stolen or compromised mobile phones.
Will a GoDark Bag Drain My Battery?
Not if it’s a newer generation of smartphones.
Old phones would waste energy by continuously searching for cell signals inside the bag, unlike newer phones that work more intelligently and efficiently.
Alternatively, you can use airplane mode to prevent your phone from continuously searching for a mobile signal.
Will my phone alarm work inside a GoDark bag?
Yes, it will.
Your phone’s clock app runs whether or not the phone connects to a network. So if your alarm rings according to its clock, it will still work.
However, if your alarm requires a Wi-Fi or Bluetooth connection to work, then a GoDark Bag will stop its function by blocking the connection.
Most phone alarms don’t need a network connection to work.
