Stingrays (also known as IMSI Catchers) are devices that are used to spy on cellphones and their owners. A Stingray mimics the operation of a legitimate cellphone base station to reveal the movements, communications and personal information of the cellphones that attach to them. Some illicit IMSI Catchers have been discovered attached to the light poles in the parking lots of defense contractors, detected near the labs of high technology companies and military bases, and suspected to be operating close to the heart of the Norwegian government in Oslo. It has also been claimed that London's Metropolitan Police have used Stingrays to monitor people attending peaceful anti-austerity protest marches in London. Why is this important? These malicious base stations can have a devastating impact on your privacy and confidentiality. By exploiting flaws in the mobile telephone protocols, they can expose the contents of voice calls and data traffic and track the movements of the device itself. Conversations conducted near the cellphone can be eavesdropped on by the malicious base station – even when the phone has apparently been turned off. There is the potential to exploit security flaws in the cellphone's software to compromise the security of cellphone itself, allowing malicious adversaries access to sensitive data such as the phone's contact lists, call history, messages, photographs, and location history. The threat is amplified because the cellphone's attack surface that is exposed to the Stingray has some dark corners that can harbor security bugs that would otherwise be impossible to find and exploit. The good news is that we are not powerless against these devices – these are active attacks and its possible to collect and analyze information that will expose the presence of hostile adversaries. There are already a number of products that claim to do just this. At one end of the spectrum, there are expensive security-hardened cellphones, such as the X-Phone and BlackPhone, whilst at the other end, there are (most often Android) apps, such as AIMSICD and SnoopSnitch that will alert you to any suspicious behaviour they are able to detect by the base stations. I'll be presenting at BSides Canberra this April 15 - 16th, where I shall explain the threats, show how Stingray attacks can be detected, and demonstrate how to use tools, such as GNURadio and Scapy, to gather and analyze the information to expose the Stingrays lurking in our communities. About the Author: Steve Glass is a software engineer and security researcher. His research interests are in the areas of software and wireless security. Steve is an advanced class radio amateur and was the founder of the Osmocom OP25 project which used software-defined radios to investigate the P25 land mobile radio protocol. These days he's applying SDR techniques to cellphone networks. When time allows he plays the trumpet. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock
