An international mobile subscriber identity-catcher, or IMSI-catcher, is a telephone eavesdropping device used for intercepting mobile phone traffic and tracking location data of mobile phone users. Essentially a 'fake' mobile tower acting between the target mobile phone and the service provider's real towers, it is considered a man-in-the-middle (MITM) attack. The 3G wireless standard offers some risk mitigation due to mutual authentication required from both the handset and the network. However, sophisticated attacks may be able to downgrade 3G and LTE to non-LTE network services which do not require mutual authentication.
- See All Results For This Question
- Msi Mobile Phones & Portable Devices Driver Download Cnet
- MSI Mobile Phones & Portable Devices Driver Download
IMSI-catchers are used in a number of countries by law enforcement and intelligence agencies, but their use has raised significant civil liberty and privacy concerns and is strictly regulated in some countries such as under the German Strafprozessordnung (StPO / Code of Criminal Procedure). Some countries do not have encrypted phone data traffic (or very weak encryption), thus rendering an IMSI-catcher unnecessary.
Launch MSI Dragon Dashboard and select your PC oo App portal Mobile Connection IP Address 192.168.1.111 PE72 7RD System Monitor 1. Connect your PC and mobile devices with the same domain. If the connection failed, please make sure Dragon Center isn't blocked by Windows Firewall and anti-virus software. MSI Dragon Dashboard Connect MSI PC/NB with your mobile device and enjoy the following benefits:. Show system parameters on your mobile devices. Personalize your PC environment and profiles. Remotely adjust LED lighting on your PC/NB.
MSI Mobile Solutions Is a US-based mobile app design and development company. We are dedicated to discovering and facilitating new revenue streams for clients through the development of fully customized mobile solutions. MSI gaming laptops provide the performance you need to keep you on your gaming edge. MSI offers a variety of gaming laptops for all types of gamers, from casual to enthusiast. Learn more about MSI gaming laptops Shop MSI gaming laptops.
A virtual base transceiver station (VBTS) is a device for identifying the international mobile subscriber identity (IMSI) of a nearby GSMmobile phone and intercepting its calls. It was patented and first commercialized by Rohde & Schwarz in 2003. The device can be viewed as simply a modified cell tower with a malicious operator, and on 4 January 2012, the Court of Appeal of England and Wales held that the patent is invalid for obviousness.
IMSI-catchers are often deployed by court order without a search warrant, the lower judicial standard of a pen register and trap-and-trace order being preferred by law enforcement. They can also be used in search and rescue operation for missing persons. Police departments have been reluctant to reveal use of these programs and contracts with vendors such as Harris Corporation, the maker of Stingray and Kingfish phone tracker devices.
In the UK, the first public body to admit using IMSI catchers was the Scottish Prison Service, though it is likely that the Metropolitan Police Service has been using IMSI catchers since 2011 or before.
Body-worn IMSI-catchers that target nearby mobile phones are being advertised to law enforcement agencies in the US.
The GSM specification requires the handset to authenticate to the network, but does not require the network to authenticate to the handset. This well-known security hole is exploited by an IMSI catcher. The IMSI catcher masquerades as a base station and logs the IMSI numbers of all the mobile stations in the area, as they attempt to attach to the IMSI-catcher. It allows forcing the mobile phone connected to it to use no call encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode), making the call data easy to intercept and convert to audio.
The 3G wireless standard mitigates risk and enhanced security of the protocol due to mutual authentication required from both the handset and the network and removes the false base station attack in GSM. Some sophisticated attacks against 3G and LTE may be able to downgrade to non-LTE network services which then does not require mutual authentication.
Identifying an IMSI
Every mobile phone has the requirement to optimize the reception. If there is more than one base station of the subscribed network operator accessible, it will always choose the one with the strongest signal. An IMSI-catcher masquerades as a base station and causes every mobile phone of the simulated network operator within a defined radius to log in. With the help of a special identity request, it is able to force the transmission of the IMSI.
Tapping a mobile phone
The IMSI-catcher subjects the phones in its vicinity to a man-in-the-middle attack, appearing to them as a preferred base station in terms of signal strength. With the help of a SIM, it simultaneously logs into the GSM network as a mobile station. Since the encryption mode is chosen by the base station, the IMSI-catcher can induce the mobile station to use no encryption at all. Hence it can encrypt the plain text traffic from the mobile station and pass it to the base station.
A targeted mobile phone is sent signals where the user will not be able to tell apart the device from authentic cell service provider infrastructure. This means that the device will be able to retrieve data that a normal cell tower receives from mobile phones if registered.
There is only an indirect connection from mobile station via IMSI-catcher to the GSM network. For this reason, incoming phone calls cannot generally be patched through to the mobile station by the GSM network, although more modern versions of these devices have their own mobile patch-through solutions in order to provide this functionality.
Universal Mobile Telecommunications System (UMTS)
False base station attacks are prevented by a combination of key freshness and integrity protection of signaling data, not by authenticating the serving network.
To provide a high network coverage, the UMTS standard allows for inter-operation with GSM. Therefore, not only UMTS but also GSM base stations are connected to the UMTS service network. This fallback is a security disadvantage and allows a new possibility of a man-in-the-middle attack.
Tell-tales and difficulties
The assignment of an IMSI catcher has a number of difficulties:
- It must be ensured that the mobile phone of the observed person is in standby mode and the correct network operator is found out. Otherwise, for the mobile station, there is no need to log into the simulated base station.
- Depending on the signal strength of the IMSI-catcher, numerous IMSIs can be located. The problem is to find out the right one.
- All mobile phones in the area covered by the catcher have no access to the network. Incoming and outgoing calls cannot be patched through for these subscribers. Only the observed person has an indirect connection.
- There are some disclosing factors. In most cases, the operation cannot be recognized immediately by the subscriber. But there are a few mobile phones that show a small symbol on the display, e.g. an exclamation point, if encryption is not used. This 'Ciphering Indication Feature' can be suppressed by the network provider, however, by setting the OFM bit in EFAD on the SIM card. Since the network access is handled with the SIM/USIM of the IMSI-catcher, the receiver cannot see the number of the calling party. Of course, this also implies that the tapped calls are not listed in the itemized bill.
- The assignment near the base station can be difficult, due to the high signal level of the original base station.
- As most mobile phones prefer the faster modes of communication such as 4G or 3G, downgrading to 2G can require blocking frequency ranges for 4G and 3G.
Detection and counter-measures
Some preliminary research has been done in trying to detect and frustrate IMSI-catchers. One such project is through the Osmocom open source mobile station software. This is a special type of mobile phone firmware that can be used to detect and fingerprint certain network characteristics of IMSI-catchers, and warn the user that there is such a device operating in their area. But this firmware/software-based detection is strongly limited to a select few, outdated GSM mobile phones (i.e. Motorola) that are no longer available on the open market. The main problem is the closed-source nature of the major mobile phone producers.
The application Android IMSI-Catcher Detector (AIMSICD) is being developed to detect and circumvent IMSI-catchers by StingRay and silent SMS. Technology for a stationary network of IMSI-catcher detectors has also been developed. Several apps listed on the Google Play Store as IMSI catcher detector apps include SnoopSnitch, Cell Spy Catcher, and GSM Spy Finder and have between 100,000 and 500,000 app downloads each. However, these apps have limitations in that they do not have access to phone's underlying hardware and may offer only minimal protection.
- Chris Paget's presentation Practical Cellphone Spying at DEF CON 18
- ^ ab'Police's growing arsenal of technology watches criminals and citizens'. Star Tribune. Retrieved 30 April 2017.
- ^ ab'Analysis of UMTS (3G) Authentication and Key Agreement Protocol (AKA) for LTE (4G) Network'(PDF). Retrieved 30 April 2017.
- ^ abShaik, Altaf; Borgaonkar, Ravishankar; Asokan, N.; Niemi, Valtteri; Seifert, Jean-Pierre (2015). 'Practical attacks against privacy and availability in 4G/LTE mobile communication systems'. arXiv:1510.07563v1 [cs.CR].
- ^'Section 100i - IMS I-Catcher'(PDF), The German Code Of Criminal Procedure, 2014, pp. 43–44
- ^ abEP 1051053, Frick, Joachim & Rainer Bott, 'Verfahren zum Identifizieren des Benutzers eines Mobiltelefons oder zum Mithören der abgehenden Gespräche', issued 2003-07-09
- ^MMI Research Ltd v Cellxion Ltd & Ors  EWCA Civ 7 (24 January 2012), Court of Appeal judgment invalidating Rohde & Schwarz patent.
- ^Farivar, Cyrus (13 April 2015). 'County prosecutor says it has no idea when stingrays were used, so man sues'. Ars Technica. Retrieved 12 March 2016.
- ^'Wingsuit-Flieger stürzt in den Tod'. Blick (in German). 10 July 2015. Retrieved 11 July 2015.
- ^'Police's growing arsenal of technology watches criminals and citizens'. Star Tribune. Retrieved 30 April 2017.
- ^Corfield, Gareth (27 February 2017). 'New prison law will let mobile networks deploy IMSI catchers'. The Register. Retrieved 27 February 2017.
- ^'The body-worn 'IMSI catcher' for all your covert phone snooping needs'. Ars Technica. 1 September 2013.
- ^ ab'Digitale Selbstverteidigung mit dem IMSI-Catcher-Catcher'. c't (in German). 27 August 2014.
- ^'The Spyware That Enables Mobile-Phone Snooping'. Bloomberg View. 27 November 2013.
- ^Rolón, Darío Nicolás. 'Intercepción de metadatos de comunicaciones por teléfonos móviles. El IMSI-Catcher y su regulación en el ordenamiento procesal penal alemán'. Revista de Estudios de la Justicia. Retrieved 4 January 2018.
- ^ abJeong, Ha-Myoung (28 February 2019). 'The U.S. Supreme Court's Recent Decision About historical Cell Site Location Information: Carpenter v. U.S.'IT & Law Review. 18: 95–120. doi:10.37877/itnlaw.2019.02.18.4. ISSN1975-8766.
- ^Chris Mitchell, Paulo Pagliusi: Is Entity Authentication Necessary?, in Security Protocols, Springer LNCS 2845,pages 20-29, 2004
- ^Meyer, Ulrike; Wetzel, Susanne (1 October 2004). 'A Man-in-the-Middle Attack on UMTS. ACM workshop on Wireless security, 2004'(PDF). Retrieved 12 March 2016.
- ^'The effectiveness of a homemade IMSI catcher build with YateBTS and a BladeRF'(PDF). Kenneth van Rijsbergen: 8–9. Retrieved 7 July 2017.
- ^'Android IMSI-Catcher Detector (AIMSICD) Wiki, Development status'. 9 December 2015. Retrieved 10 October 2016. In alpha stage in October 2016.
- ^'IMSI Catcher Detection Apps Might Not Be All That Good, Research Suggests'. Motherboard. Retrieved 14 August 2017.
See All Results For This Question
- Soltani, Ashkan; Timberg, Craig (17 September 2014). 'Tech Firm Tries to Pull Back Curtain on Surveillance Efforts in Washington'. Washington Post.
- Barrett, Devlin (13 November 2014). 'Americans' Cellphones Targeted in Secret U.S. Spy Program'. The Wall Street Journal. Retrieved 14 November 2014.
- Soltani, Ashkan; Timberg, Craig (17 September 2014). 'Tech Firm Tries to Pull Back Curtain on Surveillance Efforts in Washington'. Washington Post.
- Yomna N (28 June 2019). 'Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks'. Electronic Frontier Foundation.
The following article uses options that are available starting with the Professional edition and project type.
Starting with Advanced Installer version 7.2 a dedicated view which greatly simplifies registering your mobile applications with the Windows CE Application Manager was introduced. The below How To article serves mainly as an example in case you are using an older Advanced Installer version. Otherwise, using the ActiveSync page is strongly recommended.
After creating a CAB package for your application using the Advanced Installer Windows Mobile CAB Project, you can create a desktop MSI installer package that installs the CAB through ActiveSync on a connected device. This is the most common delivery mechanism for Windows Mobile/CE CAB packages and it is also known as registering the application with the Windows CE Application Manager (a component of the Microsoft ActiveSync services).
Windows CE Application Manager
To install a CAB package onto a Windows Mobile/CE device from the desktop computer, the Windows CE Application Manager ('CeAppMgr.exe', installed with the Microsoft ActiveSync services) is used, passing an INI file as a command-line argument. The format of the INI file is described in this MSDN article and can be as simple as:
Note the value for the 'Component' key and the section name that describes the application - they are identical. The 'Description' represents the full name of the application obtained by concatenation of the company name and application name (those of the Windows Mobile application).
Msi Mobile Phones & Portable Devices Driver Download Cnet
Download and unzip the Desktop (ActiveSync) installation example distribution to better understand how to configure your own package. The ZIP archive contains 2 Advanced Installer projects:
- A Windows Mobile CAB Project that installs a simple executable which displays a message box, compiled for the StrongARM processor type (and compatible CPUs). The CAB package also adds a shortcut to this executable in the 'WindowsStart MenuPrograms' folder from the Files and Folders page. Depending on the target device type, the associated directory macro (%CE11%) will be translated into a specific standard Windows CE directory. See the %CEn% Directory Macros article for more details. A Professional or above edition of Advanced Installer is required in order to build this project.
- A Professional MSI project that installs the CAB package obtained by building the Windows Mobile CAB project through ActiveSync on a connected device. A Professional or above edition of Advanced Installer is required in order to build and run this project.
Some notes regarding the desktop MSI sample project:
MSI Mobile Phones & Portable Devices Driver Download
1. In the Install Parameters page are 3 Properties defined, which are used subsequently in the 'setup.ini' file from the 'Application Folder' (Files and Folders page). You only need to change the values of these Properties when creating the package for your mobile application. It is not necessary to change the 'setup.ini' file from the Files and Folders page.
2. In the Search page a File Search for 'CeAppMgr.exe' is defined specifying a registry value as its location.
3. In the Files and Folders page, the CAB package and the INI file (which will be passed as parameter to 'CeAppMgr.exe') are added. The INI file is added as imported, not regular file. The structure for the INI file is the one mentioned above. As specified, you do not need to change any of its keys - just change the Property values in the Install Parameters page.
4. In the Custom Actions page a 'Launch EXE with working directory' Custom Action is added which launches 'CeAppMgr.exe' using the full path retrieved by the Search (CEAPPMGR Property). Notice how the 'Full Path' and 'Execution Condition' are set.
5. You can also create a Launch Condition in the Prerequisites page, 'Custom Launch Conditions' tab making the setup application to quit if the 'CeAppMgr.exe' file is not found (the user does not have ActiveSync installed).