Sadly, we live in a world, where privacy of users is the last concern of big companies, which are happily mining our data on a daily basis and are selling or using it for their own benefit, even when we are not “exactly” informed about it. Backdoors that are constantly being detected in every security system under the sun, sometimes even feel like they were placed there deliberately, like the SSL heartbleed bug for instance, which affected everything, from home routers to big corporate servers. That’s why these days people (especially the younger generation) should be well acquainted with the current situation, but I rather don’t want to know, how little of us know, what an IMSI catcher is.
What is a IMSI (International Mobile Subscriber Identity) catcher?
It’s a fake cell tower or BTS (Base Transceiver Station) and your phone will connect directly to it, because it always connects to the strongest signal fake or real, no questions asked. Still, that is not the worst part, which is, that the tower always sets the security measures. Your phone just says “yes, please disable encryption, I would love to share this with everybody” and there is nothing you can do. Who needs Facebook, right?
To clarify it better, if someone with the right know how, would like to listen in on your phone calls, he would just need to park his car next to your house (or not even that), with the right software and directional antennas and every phone in your house, would connect directly to his fake tower. All you need is a stronger signal. And since every carrier out there disables the warning message bit on the SIM card, which would warn when encryption is disabled, you would happily use your phone without a clue about what is going on. But such things, are probably done on a much bigger scale, since reports of fake cell phone towers are still coming from everywhere.
How to protect ourselves?
Well luckily, there is an app for that. Brave XDA devs have made something remarkable, for all people around the globe for free. The app will warn you about towers, which have poor or no encryption and also offer lots of other protection mechanisms. It is definitely a step in the right direction, to give us at least some layer of protection. You can find the XDA thread here.
But the real problem can only be solved, by demanding better security solutions on the worldwide carrier level and to know the ins and outs of these networks. If you want to understand more about them, a good starting point, is this defcon presentation.
“But the Government will never change. Everything will continue. It’s up to the people to secure their communications”
– Kevin Mitnick