IMSI-Catch Me If You Can: IMSI-Catcher-Catchers

TitleIMSI-Catch Me If You Can: IMSI-Catcher-Catchers
Publication TypeConference Paper
Year of Publication2014
AuthorsDabrowski, A, Pianta, N, Klepp, T, Mulazzani, M, Weippl, ER
Conference NameAnnual Computer Security Applications Conference (ACSAC)
Date Published12/2014
Conference LocationNew Orleans, Louisiana, USA

IMSI Catchers are used in mobile networks to identify and eavesdrop on phones. When, the number of vendors increased and prices dropped, the device became available to much larger audiences. Self-made devices based on open source software are available for about US$ 1,500. In this paper, we identify and describe multiple methods of detecting artifacts in the mobile network produced by such devices. We present two independent novel implementations of an IMSI Catcher Catcher (ICC) to detect this threat against everyone's privacy. The rst one employs a network of stationary (sICC) measurement units installed in a geographical area and constantly scanning all frequency bands for cell announcements and ngerprinting the cell network parameters. These rooftop-mounted devices can cover large areas. The second implementation is an app for standard consumer grade mobile phones (mICC), without the need to root or jailbreak them. Its core principle is based upon geographical network topology correlation, facilitating the ubiquitous built-in GPS receiver in today's phones and a network cell capabilities ngerprinting technique. The latter works for the vicinity of the phone by frst learning the cell landscape and than matching it against the learned data. We implemented and evaluated both solutions for digital self-defense and deployed several of the stationary units for a long term eld-test. Finally, we describe how to detect recently published denial of service attacks.