7

As far as I know when a phone connects to a GSM (2G or 3G) network, the connection is encrypted. When I get in range of let's say an IMSI Catcher, I imagine this connection will not be encrypted in any way, so they can listen to all my calls.

Is there a way for my phone to let me know that it has connected to an insecure GSM network?

6bytes
  • 173
  • 3
  • 2
    Extremely relevant: [Stingray Attack](http://rt.com/usa/fbi-epic-stingray-cell-942/). Law enforcement can legally use this attack at any time without your knowledge, and bad guys can obviously do the same. – Rubber Duck Oct 31 '13 at 13:15
  • @RubberDuck exactly that's why I'd like my phone to go mental when it connects to an unencrypted network. – 6bytes Oct 31 '13 at 15:41
  • I would assume that, if this is even possible at all, it would be likely be different depending on the phone model. – Moshe Katz Nov 06 '13 at 00:39
  • not sure but http://stackoverflow.com/questions/3316466/identify-gsm-encryption-algorithm – Mark Evans Nov 21 '13 at 11:13

2 Answers2

2

In case you are not aware, many people have considered GSM security to be weak and there are freely available rainbow tables for decrypting GSM. Any determined eavesdropper with off the shelve equipment will be able to listen to your calls. You might be interested in reading this Are phone calls on a GSM network encrypted?

But if you are worried about the security of your calls, it should be safer to use Skype instead :)

Community
  • 1
jingyang
  • 819
  • 4
  • 9
  • 1
    /sarcasm alert ... But, seriously, any telco admin could listen in, even if you use a satphone, and telco insiders (including governments) are a much greater risk to your privacy than outsiders. Add encryption to your conversation or know it's public, IMSI Catacher or not. – K7AAY Dec 10 '13 at 01:39
  • Or you and your partner could use [RedPhone](https://whispersystems.org/) / [RedPhone G-Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone) – Serverfrog Jul 23 '14 at 10:59
0

There have been efforts to detect IMSI catcher but with limited success.

The main problem is the closed source nature of the major mobile phone producers

This is the problem because in all phones you have a GSM chip that connects you to the GSM Network. You don't know what happens inside and you can not easily replace it because closed source and really complex.

The GSM chip provides you with only basic information about the network and the connection. Without direct access to the network it is hard to tell whats going on there.

I would advice to encrypt communication using RedPhone or similar.

PiTheNumber
  • 5,394
  • 4
  • 19
  • 36