Explore the mysterious world of IMSI catchers in this informative conference talk. Delve into the technical aspects of these unauthorized cell sites, originally developed for military use and now employed by law enforcement, foreign intelligence, and spammers. Learn about their functionality, including coercing phones to provide persistent identifiers, enabling RF direction-finding, intercepting traffic, and delivering spam. Discover how IMSI catchers convince phones to connect, reveal IMSIs, and capture or release specific devices. Gain insights into RF direction-finding techniques for precise user location. Understand methods to identify IMSI catchers based on cellular standards abuse. Examine a city-wide passive monitoring system and an open-source app for IMSI catcher detection using Calypso-based GSM phones. Explore the legal framework surrounding IMSI catchers and their use in domestic law enforcement. Investigate cellular network fundamentals, from pre-cellular systems to AMPS and GSM. Follow the speaker's journey in accidentally building an IMSI catcher and learn about the SeaGlass project for measuring and detecting these devices. Conclude with future directions and parting thoughts on this controversial technology.
Overview
Syllabus
Intro
What are IMSI Catchers?
The Sketchy Legal Framework of IMSI Catchers
Domestic Law Enforcement Use of IMSI Catchers
Sidenote: What's going on here?
Cellular Network Fundamentals: Pre-Cellular
Cellular Network Fundamentals: AMPS
Cellular Network Fundamentals: GSM
Software Manuals Describe Functionality
How IMSI Catchers Work
Accidentally Building an IMSI Catcher
Attempt #1: SeaGlass
Measurement Study
Anomalies Found
SeaGlass Limitations
Attempt #2: SeaGlass App
Future Directions
Parting Thoughts
Taught by
0xdade
