IMSI Catchers Demystified

Presented at ShmooCon XV (2019), Jan. 20, 2019, noon (60 minutes).

IMSI catchers (sometimes known by the popular brand name “Stingrays”) are shrouded in mystery. Originally developed for military use, they are now used by law enforcement, foreign intelligence, and spammers. IMSI catchers are unauthorized cell sites designed to coerce phones into providing persistent identifiers (IMSIs) and enable RF direction-finding of particular users, intercept traffic, and/or deliver spam. Unfortunately, due to sketchy legal arrangements around their procurement and deployment, very little is publicly known about IMSI catchers, how they work, and how they are used. Based on leaked documents, 3GPP specifications, and experience detecting (and accidentally deploying) IMSI catchers, this talk infers many previously publically unknown aspects of IMSI catchers. We will cover how they convince phones to connect, reveal their IMSIs, and capture or release particular phones. We will also talk about how IMSI catchers use RF direction-finding to precisely locate particular users. We will describe how one might identify IMSI catchers based on their abuse of particular cellular standards. We will demonstrate a city-wide passive monitoring system for IMSI catchers and introduce our open-source app to detect IMSI catchers using Calypso-based GSM phones running custom baseband firmware. Finally, we’ll talk about how one might build their own IMSI catcher.


Presenters:

  • Karl Koscher / supersat as Karl Koscher
    Karl Koscher (@supersat) is a research scientist working at the University of Washington Security and Privacy Research Lab where he specializes in wireless and embedded systems security. Previously, he was a postdoctoral scholar working with Stefan Savage at UC San Diego. He received his Ph.D. from the University of Washington in 2014, working with his advisor Tadayoshi Kohno. In 2011, he led the first team to demonstrate a complete remote compromise of a car over cellular, Bluetooth, and other channels.

Links:

Similar Presentations: