We seek to understand and document all radio transmissions, legal and otherwise, as part of the radio listening hobby. We do not encourage any radio operations contrary to regulations. Always consult with the appropriate authorities if you have questions concerning what is permissible in your locale.

Author Topic: With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Min  (Read 1057 times)

Offline ChrisSmolinski

  • Administrator
  • Marconi Class DXer
  • *****
  • Posts: 31106
  • Westminster, MD USA
    • View Profile
    • Black Cat Systems
With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Minutes

With some dirt cheap tech I bought from Amazon and 30-minutes of set-up time, I was streaming sensitive information from phones all around me. IMSIs, the unique identifier given to each SIM card, can be used to confirm whether someone is in a particular area. They can also be used as part of another attack to take over a person’s phone number and redirect their text messages. Obtaining this information was incredibly easy, even for a non-expert.

Full story: https://motherboard.vice.com/en_us/article/gy7qm9/how-i-made-imsi-catcher-cheap-amazon-github
Chris Smolinski
Westminster, MD
eQSLs appreciated! csmolinski@blackcatsystems.com
netSDR / AFE822x / AirSpy HF+ / KiwiSDR / 900 ft Horz skyloop / 500 ft NE beverage / 250 ft V Beam / 58 ft T2FD / 120 ft T2FD / 400 ft south beverage / 43m, 20m, 10m  dipoles / Crossed Parallel Loop / Discone in a tree

Offline R4002

  • DXing Phenomena
  • *******
  • Posts: 2984
    • View Profile
    • R4002 - YouTube Videos
With a SDR, a cheap computer with Ubuntu installed and some h4x0r-level computer work, you too can set up your own cellular phone interception site! 

Fake cell towers in dorm rooms. 
U.S. East Coast, various HF/VHF/UHF radios/transceivers/scanners/receivers - land mobile system operator - focus on VHF/UHF and 11m

Offline ChrisSmolinski

  • Administrator
  • Marconi Class DXer
  • *****
  • Posts: 31106
  • Westminster, MD USA
    • View Profile
    • Black Cat Systems
With a SDR, a cheap computer with Ubuntu installed and some h4x0r-level computer work, you too can set up your own cellular phone interception site! 

Fake cell towers in dorm rooms.

More exciting than listening to 49.86 MHz with a scanner back in the 80s.
Chris Smolinski
Westminster, MD
eQSLs appreciated! csmolinski@blackcatsystems.com
netSDR / AFE822x / AirSpy HF+ / KiwiSDR / 900 ft Horz skyloop / 500 ft NE beverage / 250 ft V Beam / 58 ft T2FD / 120 ft T2FD / 400 ft south beverage / 43m, 20m, 10m  dipoles / Crossed Parallel Loop / Discone in a tree

Offline ThElectriCat

  • Full Member
  • ***
  • Posts: 113
  • Hillsboro OR
    • View Profile
With one of the spendier SDRS (anything full duplex) One could do what the cops have sometimes done.
you listen to the cell traffic, grab an IMSI, and figure out which tower they are linked to.
You use the tower channel with a fake embedded signal power indicator to 'be' the tower, next time the user makes a call
when they connect, you send their IMSI to the actual tower(on their channel) convincing the tower you are them.

In the GSM standard, The tower sets all the encryption and data rate paramaters, this is important.

You give the tower whatever it wants, but tell the phone to send everything in the clear with no encryption.
Now you have access to the channel traffic in both directions (both phone numbers, and any call, text message, image etc in either direction)

This is not so straightforward with other LTE standards, but anyone with a multiband phone and AT&T or US cellular is subject as their phone can be tricked into thinking the GSM signal is the strongest.

P.S This is ridiculously illegal (like, federal prison illegal) don't do it. If you do do it, you are responsible for your own actions
In another life, I could have been a telephone engineer.