Recently, the CBC released an investigative report revealing that someone has been spying on cellphones around Parliament Hill in Ottawa. That’s about as alarming as it sounds, because it means that someone – likely an organization, due to the cost of these devices – has been tracking cellphones right at the heart of the nation’s capital. A while later, more of these devices were discovered in Montreal’s Trudeau Airport. No one really knows who installed these devices, with current theories ranging from foreign spies, a federal organization operating outside established laws, to crime organizations, but it does demonstrate the vulnerability of our wireless networks.
Known as a stingray in hacker vernacular, an IMSI catcher is a pretty simple, but sinister device. To put it simply, it’s a cellular tower in a box, or at least, it pretends to be. What it does is trick your cell phone into contacting it in the same way it would a standard cellular tower. Your phone then provides it with its international mobile subscriber identity number, which can be used to track the position of the phone and its user. The stingray then relays to an actual cellular tower in what’s called a man-in-the-middle attack. Your phone is a willing actor in this whole exchange, since it’s programmed to speak to the strongest access point it can find.
More advanced IMSI Catchers can even intercept phone calls and text messages, and reports indicate that the ones used in Ottawa and Montreal most likely had these capabilities. Modern cellphone traffic is normally encrypted, which means that, without knowing the encryption key, a standard sniffer wouldn’t be able to interpret the data that’s being sent through it. To circumvent this limitation, most IMSI’s will force connected cellphones to switch to an unencrypted 2G signal, then encrypts it before sending it along to its actual legitimate destination, as if nothing happened at all.
WHO OWNS A STINGRAY
Your typical stingray costs upwards of $50,000, which keeps it out of the price-range of your run-of-the-mill black hat hacker who simply wants to phish for credit card info. Commonly, it’s bought by law enforcement agencies all over the world and used to both identify and track targeted information. That raises concerns of its own, especially since this is often done without a proper warrant and agencies have a habit of misleading judges and defense attorneys about the nature of the technology, but at least it means that your data is passing through the hands of people who can already get access to your credit card info if they really wanted to.
That doesn’t mean that these are the only organizations who utilize stingrays. A security researcher was even able to create a makeshift IMSI catcher for under $1500, just to demonstrate how easily it can be done. There's no indication that this has become a widespread method of data interception, but the potential is definitely there.
STINGING THE STINGRAY
What can you do to protect yourself from Stingrays? Not that much right now, actually. The fact is that the cellular network, as it is currently, makes the devices very difficult to avoid. Detecting them may be an accessible route to protection, as the stingray’s behavior does make it their presence noticeable. The Cryptophone, developed by German company GSMK, has a specially protected smartphone that has a firewall that detects suspicious activity related to the IMSI catcher. There are also a number of opensource and commercial applications being worked on by various groups to detect these devices. Hopefully in the future, cellphone users can once again feel secure that their transmissions aren’t being peeked at by a man-in-the-middle.