Credit: IDGNS via Computerworld.com
Researchers have created a device using off-the-shelf components that can sniff out controversial cell phone surveillance devices, known as IMSI-catchers or StingRays, used by federal and state law enforcement as well as hackers.
The International Mobile Subscriber Identity-catchers have not only been used to locate mobile devices but also to sometimes eavesdrop on users, send spam or upload malware, according to University of Washington (UW) security researchers.
"The threats remain the same when looking at enterprises: tracking and, under certain circumstances, eavesdropping are possible through this attack," said Dionisio Zumerle, a Gartner research director for Mobile Security. "The attack requires technical expertise and equipment that was once hard to find; today it is easier and that is the main source of concern."
IMSI-catchers or cell-site simulators work by pretending to be a legitimate cell tower that a smartphone would typically use. The catchers trick the cell phone into sending identifying information about its location and how it is communicating. The portable surveillance devices range in size from a walkie-talkie to a suitcase and in price from several thousand to hundreds of thousands of dollars, according to UW.
University of Washington
Time series of measurements of one cell tower base station over two months. Higher received signal strengths are red, and lower strength in blue. By modeling the typical behavior of each cell tower over time, SeaGlass can pick out aberrations that indicate the presence of cell-site simulators.
One popular IMSI-catcher, called a StingRay, is made by the Florida-based Harris Corp. and is used by a dozen federal agencies, including the FBI, NSA, DEA, the Immigration and Customs Enforcement agency and all branches of the U.S. military, according to the ACLU.
While it's illegal to use the devices without a court order, the ACLU has identified 48 other agencies in 20 states and the District of Columbia that own StingRays. Many of the agencies have shrouded their purchase and use of the devices in secrecy, and civil rights groups said their numbers likely "dramatically" underrepresent the actual use of StingRays nationwide.
The increased use of IMSI-catchers makes it increasingly important that IT security managers look at the antimalware and mobile threat defense (MTD) technology market, the products available and how they should be used, according to Gartner.
Researchers' SeaGlass experiment
The UW researchers built a system called SeaGlass -- it's based on a Raspberry Pi single board computer along with seven other components -- that detects anomalies in the cellular transmissions to indicate where IMSI-catchers are in use. The new system is described in a paper to be published this month in Proceedings on Privacy Enhancing Technologies.
Sign up for Computerworld eNewsletters.