Big Brother is watching YOU!
Whether state sponsored or criminally motivated – the sad fact is that normal citizens are monitored on a daily basis worldwide. In most cases this happens unbeknownst to the victim: the subject of surveillance does not notice a thing and most people have no idea that Orwell’s 1984 is already well underway invading their daily lives. Read More
The AIMSICD Privacy Project is a group of techies who have made it their goal to put the technical kibosh on one of these eavesdropping initiatives: They have developed an app that warns the user when their smartphone is attacked by an IMSI catcher.
An IMSI catcher (also known as “Stingrays”) identifies and follows mobile users by reading the international mobile subscriber identity (IMSI) of the device. The IMSI is the call-sign stored on the SIM card of every telephone and used to identify the mobile phone user. A catcher is essentially a “fake” base station: it simulates a cell tower for nearby mobile phones to log into, which is how it taps into content, call and geo data, and can even in part record conversations. The first IMSI catcher was developed by the German Rohde & Schwarz company in the mid-90s and is used globally by governments, police and criminals today.
We talked with the AIMSICD Privacy Project about the possibilities, and asked how and even whether we can still protect ourselves from Big Brother.
Who are you and how did you get the idea for your initiative?
We are a group of privacy-aware Android enthusiasts who are simply fed up with the fact that government agencies and criminals all alike are spying and stealing data from everyone who owns a phone. And since all of this is happening completely stealthily, no one ever notices. The cool thing about smartphones though, is that you can develop your own apps for them. When our project founder had the idea of developing an IMSI catcher, he published it on XDA-Developers, a popular forum for Android lovers, in 2012. Other users joined in, and that was how we founded our group. Since then, we have been constantly learning and growing. We have made many beginner mistakes and even lost a few talented programmers because Android Java development is very tough at times, especially for newcomers. But programming on our team and knowing that we're doing something awesome that is free and for the greater public good, is very fun and gratifying.
How often would you estimate IMSI catchers are used to eavesdrop on people, in Germany for example?
When the IMSI-Catcher was "invented" by the German Rohde & Schwarz company in the 90s, it was not yet used by the German government. But it had already been sold to other countries, including some with repressive governments. In Germany its use was legalized in 2002. A huge political discussion started when the media and the public realized how threatening these devices were, but the government pretended to need the IMSI catchers to prosecute criminals. According to their own statement, Germany’s foreign intelligence agency used IMSI-Catchers 34 times in total during the years 2011 and 2012; numbers for 2013 and 2014 have not been published. Another method of secretly locating phones is through silent SMS, which was used more than 69,000 times in 2014, and numbers are still rising.
Although we're not living in "1984" we're certainly being watched over to the same extent.
What is it like in other countries, where are IMSI catchers used?
We can say for sure that IMSI catchers have been detected in many places in the USA, mostly around military bases. And there was a catcher spying in Berlin and most recently also found in both Oslo and Stockholm just a few weeks ago. In short: IMSI catchers are likely being used in any place where valuable information is floating through the air.
Is monitoring with IMSI catchers likely to increase or decrease?
Unfortunately government-backed surveillance will only increase. Although we're not living in "1984" as it was portrayed in the eponymous literary work, we're certainly being watched over to the same extent. The difference is that the private information acquired is (still) not widely used against us, at least not in Germany. But as history should have taught us, this can change in an instant. A small political shift, political unrest, or a globally backed anti-terror lobby could easily change this in a matter of days. If that happens, anyone who has not already taken precautionary steps towards privacy protection could become a target for repression, tyranny or death. And this applies to all the things you have already said or done in the past, since much of this data was already stored years ago.
And the person affected really does not notice anything?
Unfortunately, IMSI catchers are hard, if not impossible to detect by the naked eye. Today they can be made very small and easily hidden inside cars, planes, and bags. They can also be worn on the body, making their use pretty flexible, or even flown around on remote-controlled planes or drones. Of course the police use these devices on a daily basis simply because they're allowed to.
Demonstrators who take their phones to a demonstration without thinking ahead are truly careless. But as a matter of fact, the police, FBI and governmental agencies as well as criminals also use IMSI catchers out in the public sphere where nothing much is happening. And if you think that police and other agencies follow the official rules, think again: Since building an IMSI catcher is cheap nowadays, anyone can build one for themselves for about 100 US dollars.
How could a layperson identify a fake base station without an app?
The easy answer is that you simply can't. This is because the key to a fake base station (fBTS) is that it is disguised as a real base station and, if implemented correctly, acts like a real base station. There are some examples of these in the US where there are a number of large, fixed base station antennas where none of the normal mobile network providers (MNO) have claimed ownership. These are most likely owned by some government-sponsored surveillance program.
Are so-called CryptoPhones good for protection? Do bug-proof phones even exist?
Some of the most popular modern phones use integrated "system-on-chip" designs, where the baseband processor (that communicates with the network) is connected directly to phone sensors such as GPS, mic, camera, etc. This means that the phone sensors are theoretically accessible from the network, regardless of the software running on the phone, even if the phone is in standby/sleep mode. This makes it impossible to guarantee that a phone is bug-proof. In fact, in a recent study, a Huawei Mobile Wi-Fi (MiFi) router that was sold as not having any GPS functionality was actually found to receive GPS information from the processor. There have been some attempts to compartmentalize and limit the access of the baseband processor to the application processor (where the normal smartphone software runs), so that the baseband cannot reach into the phone’s private content. However, this is only possible with a very limited number of phone models. Therefore, the manufacturers of CryptoPhone are only able to offer very few and specific models. Then when it comes to encrypting voice calls and messages, both parties have to use the same standard, which makes it a very expensive solution for just a very small group of people.
Today some people have decided to do without a smartphone and are digging their ancient, non-internet-ready phones out of the drawer in hopes of lessening the threat of eavesdropping and tracking. Does an old Nokia clunker with no bells and whistles really offer protection on a daily basis?
This only helps against attacks via the Internet or via the use of malicious apps. The problems that arise when using the mobile network are the same or even worse though: Old mobile phones usually use the old GSM standard, which is counterproductive from a security standpoint. And there are still other ways to track and intercept you. Attacks against the SS7 (Signalling System 7) happen in the core network, regardless of phone model. Calls and SMS can also be intercepted via re-routing, as recently demonstrated at a hacker conference.
In countries like Germany, the majority of the population is more likely to be in danger of being spied on by criminals than by the state. How do criminals use an IMSI catcher and what for?
Criminals can use IMSI catchers for the same purpose as governments: to simulate SMS and phone calls, retroactively decrypt phone calls, and provide and sell identity- and address-correlated IMSI lists on the black market. In many countries money transfer and banking operations are almost exclusively handled by SMS and phone calls. This is particularly true in many remote and rural areas of Africa. This would be like Christmas for any criminal, if it weren’t for the low value of these transfers, and thus the very low ROI. An example of just such a case was discovered in China, where criminal organisations sent phishing SMS to thousands of mobile phones.
What does your App do to protect its users?
Our Android IMSI Catcher Detector currently offers no protection, but it will expose possible attacks. In its current state, our app monitors the appearance of new antenna cells, unusual signal strengths, and unusual mobile network parameters. We are planning to add a number of countermeasures against such attacks, if feasible, in the future.
Suppose your app tells me that I'm being attacked right now - what then? Does it stop the attack or even show me where the attacker is located?
Once users have been warned about an IMSI catcher, they should in principle be able to protect themselves by changing their location, switching to another network type or even better: taking out the SIM card and turning off the phone. In our design, we also planned to show the location of the attacker, but this has not yet been implemented in the current alpha version.
In other words: When your app warns me that I’ve been targeted, I’ve essentially already been found?
Exactly. If you are in a position where this is of great concern, then your best bet is to destroy your phone and SIM card. Because in fact, our app doesn't prevent any further or escalated attacks against you or your phone. There are plenty of other apps out there that you can use to encrypt your phone and phone calls, or anonymize your web surfing.
Why do you focus on Android and not on Apple users?
Neither Apple nor Android offers any protection against IMSI-catcher attacks. We focus on Android since Android provides us some access to low-level data that we can use to detect possible IMSI catchers. It is not necessary for all phones to detect IMSI catchers, only enough of them to be able to cover an area, and Android provides a platform that is pretty well entrenched in the market. The real problem with Apple starts with its own file system: Everything is locked, their operating system is not open source at all and neither are their APIs. So unless Apple opens up the source code for iOS, users will have no choice but to either have a shiny Apple device with many possible security holes, or a funky green robot with much better security and many more possibilities. In addition, Apple often collaborates with the US government by breaking and weakening various security mechanisms on purpose to allow "agencies" access to the encrypted data on the filesystem.
Your app is open source - aren't you tilting at windmills?
Any citizen concerned with privacy is always tilting at windmills; the importance of this fight is not to win, but to inform our other fellow citizens of the situation and the potential hazards of uncontrolled clandestine surveillance. Any Eastern European citizen who lived through the era of the Soviet Union will understand this perfectly well.
Because it is open source, the code is also accessible to programmers and criminals so they could in theory optimise their IMSI catchers. Do you think it is still even possible to stop total surveillance and the creation of the transparent citizen? And if so, how?
We are putting detectors in the hands of the crowd, making it possible for IMSI catchers to be detected. If they work around our known detection methods, we can always add more. They may not be able to evade all possible detection methods because of how they work, for example: They must have a strong signal to overpower a valid base station, and we can detect this. At the end of the day, we are not working to prevent surveillance (which may be important to a country's security), but to make this surveillance more transparent, noticeable and thus questionable, knowing that there will always be more good guys fighting on our side than there are bad guys against us, out there.