Want to know if someone’s spying on you? Get SnoopSnitch app
Security experts recently revealed a massive security flaw that could let hackers listen in on private calls and read text messages on mobile networks.
One way in which such hackers - as well as some intelligence agencies - get access to such information is by using International Mobile Subscriber Identity (IMSI) catchers, or ‘stingrays’. These controversial tracking devices trick mobiles into connecting with them, and now developers have created an app that claims to detect such gadgets, and warn users if their data is at risk.
Called SnoopSnitch, the app scans for signals that indicate a switch from a legitimate tower to a ‘stingray’, where information may be being collected.
IMSI catchers - eavesdropping devices used for intercepting mobile phone traffic and tracking the movement of smartphone users - are controversial because they act like ‘fake’ mobile towers.
WHAT ARE IMSI CATCHERS?
IMSI catchers are known as ‘stingrays’ and are eavesdropping devices for intercepting mobile phone traffic and tracking the movement of mobile phone users.
A ‘fake’ mobile tower acts between the target smartphone and service provider’s real towers.
In this way, it is considered a ‘man-in-the-middle attack’ and can be detected by the app.
Catchers work by exploiting a security hole.
The GSM specification - the default global standard for mobile communications - requires a smartphone to authenticate to the network, but doesn’t require the network to make itself known to the handset.
The IMSI catcher masquerades as a base station and logs IMSI numbers of all the mobile stations in the area, as they attempt to attach to the IMSI-catcher.
It forces mobile phones connecting to it to use no call encryption, or to use breakable encryption, making call data easy to intercept and convert to audio.
They sit between a real phone and telecom tower to launch a man-in-the-middle attack and intercept data.
Once a phone has connected to a stingray, it makes it easy for a hacker to intercept and convert data to audio, enabling experts to listen to people’s phonecalls.
While experts may be using the techonology to target specific handsets of suspected criminals, it is almost impossible to avoid capturing data from other ‘innocent’ smartphones in the process, too.