You might have seen the headlines about the possibility of an IMSI-catcher being out in the public. It sounds like another thorn in everyone’s side as cybersecurity concerns continue to loom around us.
Let’s talk about what an IMSI-catcher is.
IMSI stands for International Mobile Subscriber Identity. It’s stored in the SIM card and is used by telecoms to authenticate and route communications. Think of it as your SIM’s unique fingerprint or ID.
An IMSI-catcher, also known as Stingray, sets up a fake cell signal that tricks your phone into connecting. It is a cell network connection and is not WiFi. Typically, it targets 3G and 4G LTE. But there’s no reason to believe that 5G is immune to this.
Once your phone is captured, the IMSI-catcher can:
- Track your phone’s location. It’s not as simple as taking out your SIM card. Because an IMSI-catcher can also identity your device’s IMEI.
- Collect data from communications. This includes call logs and text messages. The captured message contents would allow hackers to go through its contents in search for sensitive information, login credentials, personal details, and financial information. This increases the risk of obtaining OTP codes.
- Also puts multi-authentication codes at risk. Phone numbers.
There is no way to defend a device from this, at least for now. What users can do is remain vigilant about when and where to access important apps that require OTPs. Once you are outside the IMSI-catcher's range, the connection is severed and data collection is stopped. However, any data stolen would already be on the wrong hands.
One method to protect yourself is to avoid using OTP-based authenticators. Instead, use authenticator apps such as Authy and Authenticator. You can also use messaging apps with end-to-end encryption, such as Signal.
Be wary of instances when the signal fluctuates, suddenly drops and reconnections. It doesn’t hurt to be a little paranoid.
If you suspect your device is connected to an IMSI-catcher, use airplane mode to cut off all signals. Don’t keep any important information in any messaging apps.