We are proud to announce, that our paper “IMSI-Catch Me If You Can: IMSI-Catcher-Catchers” has been accepted to the 2014 Annual Computer Security Applications Conference (ACSAC).
In this paper, we identify and describe multiple methods for detecting artifacts in the mobile network produced by IMSI Catchers. IMSI Catchers are used in mobile networks to identify, track, attack, spam, reconfigure, and eavesdrop on phones. The first IMSI Catchers date back as early as 1993 and were big, heavy, and expensive. Only a few manufacturers existed and the economic barrier limited the device’s use mostly to governmental agencies.
In the recent years prices for these devices dropped and the number of vendors increased. Even self-made devices have been demonstrated for about US$ 1,500. However, today, it is not ensured, that these devices are solely in the hand of authorized domestic authorities.
Read the short version / paper as preprint
The Android app is planed to go into public beta sometime in fall to allow us to fine tune the rule set. It will eventually be open sourced. We aim to make this application to be usable for average smart-phone users. If you are an experienced user and like to help, please contact us at firstname.lastname@example.org
For the stationary IMSI Catcher Catcher we like to find enough places to build a gapless aera for another field test. Ideally we like to cover the inner districts of Vienna – which demands for about 20-30 stations. If you can offer a rooftop place or penthouse veranda with a free field of view, please contact us at email@example.com.