Hackers of India

Darshak: how to turn your phone into a low cost IMSI catcher device

By  Ravishankar Borgaonkar   Swapnil Udar  on 11 Sep 2014 @ 44 Con


Presentation Material

Abstract

It is said that 80% of the world’s population now has a mobile phone. They use mobile devices to make call, send SMS message, to access internet via the cellular network infrastructure. End-users carrying mobile phones 24 hr trust cellular network operators and believe that provided mobile communication link is secure.

However, on the other hand, mobile operators, device manufacturers, OS providers, baseband suppliers do little to provide best security and privacy features to them. In particular, security capabilities of mobile communications are not shown to the end-users. Hence it is easy for malicious attackers to mount subsequent attacks using IMSI catcher equipments. Further some hidden features for example ‘silent SMS’, are supported in currently used mobile telephony systems but not notified to the end users when in use. Attackers or illegitimate agencies exploit this weakness to track user movements regularly without user’s consent.