IMSI catchers, devices used to spoof cell towers and intercept communications, are one of the most resented open secrets of law enforcement. Strict non-disclosure agreements prevent them from being acknowledged as existing, let alone being used — but researchers think they’ve found a way to spot the shady signal-snatchers.
The devices, colloquially called Stingrays after a common model, work by sending out signals much like cell towers do; cell phones connect, identify themselves, and send information like texts and calls through the fake tower, creating a sort of mobile wiretap. Critics have argued that innocent people’s data is caught up in this dragnet, but law enforcement has been less than forthcoming owing to gag orders from the companies that provide the devices.
What’s needed is an independent method of identifying IMSI catchers in the wild. That’s what University of Washington researchers Peter Ney and Ian Smith have attempted to create with SeaGlass[1].
“Up until now the use of IMSI-catchers around the world has been shrouded in mystery, and this lack of concrete information is a barrier to informed public discussion,” explained Ney in a UW news release[2]. “Having additional, independent and credible sources of information on cell-site simulators is critical to understanding how — and how responsibly — they are being used.”
The team put together a sort of super-powered wardriving setup that uses a “bait phone,” GSM modem, GPS unit, Wi-Fi hotspot, and other wireless doodads packed into a single box. These devices monitor and record the wireless signals they encounter. In order to cover as much area as possible, boxes were attached to 15 vehicles being used by rideshare drivers in Seattle and Milwaukee.
The baseline map shown as it grew; red...
Read more from our friends at TechCrunch