University of Washington. The parts that make up a SeaGlass IMSI-catcher detector include a Raspberry Pi, a cellular modem to scan the cell spectrum, GPS, a bait cellphone, and a mobile hotspot to upload data.
"Up until now the use of IMSI-catchers around the world has been shrouded in mystery, and this lack of concrete information is a barrier to informed public discussion," Peter Ney, a doctoral student at the Allen School of Computer Science & Engineering at the UW, said in a statement. "Having additional independent and credible sources of information on cell-site simulators is critical to understanding how - and how responsibly - they are being used."
Partnering with ride-sharing drivers to install the SeaGlass system in 15 vehicles, Ney and his fellow UW researchers were able to collect millions of measurements across Seattle, Wash. and Milwaukee, Wisc. during a two-month pilot. They identified dozens of anomalies consistent with cell-site simulators.
"In this space, there's a lot of speculation, so we want to be careful about our conclusions. We did find weird and interesting patterns at certain locations that match what we would expect to see from a cell-site simulator, but that's as much as we can say from an initial pilot study," Ian Smith, a former Allen School research scientist and co-author of the study, said in a statement.
"But we think that SeaGlass is a promising technology that - with wider deployment - can be used to help empower citizens and communities to monitor this type of surveillance," Smith added.
SeaGlass works by continuously uploading sensor data from vehicles and aggregating it into a city-wide view of cell tower transmissions, real or fake. Algorithms then find anomalies in the cellular network that indicate IMSI-catchers; by modeling a city's cellular landscape, SeaGlass can identify "suspicious anomalies," the UW researchers said.
Clear and present danger
Nathan Wessler, staff attorney with the ACLU, said there is a real danger to U.S. business travelers having their mobile devices tracked and hacked by IMSI-catchers, even though it would be illegal for law enforcement to do so.
"That doesn't mean it's not happening by people with criminal intent. There may be reasons for enterprises in the U.S. to be concerned, but I have no idea how likely that threat is or if there are entities using catchers," Wessler said.
Law enforcement agencies are increasingly using IMSI-catchers to locate and track cell phones, and they've been "duplicitous with courts" by not always getting proper authorisation, Wessler said.
Sign up for Computerworld eNewsletters.