What’s an IMSI-Catcher?
A DRT-Box by any other name…
A security hole in 2G protocols opens the way for a lot of mischief. But it can also be used for good.
A hole big enough to drive a basestation through
When a cellphone comes to a cellular network, it must be authenticated for service. Starting with 3G technology, the phone and network use mutual authentication, where each party authenticates the other. However, in 2G this authentication was one-way: the network authenticated the phone but the phone had no way to authenticate the network. This makes it possible to to set up a “false basestation”, a cellular basestation which claims to be some legitimate mobile operator, but is in reality a hacking tool. The false basestation falsely authenticates the phone (“Sure, whatever, you look legit to me…”) and then takes control of it.
In the US, in recent years, this technology has made a transition from military intelligence units to domestic law enforcement. In the press, IMSI-catchers are often referred to as “Stingrays” or “DRT-boxes”, based on the brand names of some of the products. As someone personally involved in the development of those military systems, I find that trend disturbing.
In the US, in recent years, this technology has made a…