AH FCC LOGO-6

How Does The FCC Secure GSM from Illicit Hackers?

August 29, 2014 - Written By David Steele

What does one do when a way of securing the airwaves also makes it harder for the authorities to legitimately snoop on civilians? That’s the question facing the American FCC is facing. Earlier this month, FCC Chairman Tom Wheeler revealed that his agency would be putting together a task force “to combat the illicit and unauthorized use of IMSI catchers.” Let me explain what an IMSI catcher is: it’s essentially a fake cell ‘phone mast that mimics the real thing but may offer a more tempting connection for a 2G device if it has a stronger signal. IMSI catchers work because a mobile device is constantly trying to obtain the strongest signal possible so as to reduce power consumption and increase call quality. They’re able to work because our devices operating in 2G mode must ensure that they’re talking to the correct network but that’s as far as the standard goes. Since the IMSI has the same cell base number as the real network mast, as far as the mobile is concerned, it is the real deal.

IMSIs can be used to determine our location and intercept calls, text messages and data. Detecting IMSIs has proven to be extremely difficult for a few reasons. Firstly, to the device that’s being duped, it usually cannot tell. Older devices tell the user that they are not using an encrypted connection with a warning on the screen, usually a small symbol showing near the network signal bars. The use of a IMSI can interfere with other mobile ‘phones in the area as the signal is typically jammed (most IMSIs can only cope with one connection at a time and most ISMI operators will deliberately jam 3G and 4G networks). And finally, the effective range of a IMSI is small and they’re highly portable: the days of looking for a suspicious looking van are far behind us I’m afraid. It could be that little old lady sitting opposite you on the park bench with a dog for company. An important point to get across is that IMSIs only work because of an old and well-known vulnerability in the GSM standard. Depending on the size of your tin hat, there are stories circulating that various companies have been paid to ignore the security vulnerabilities present in the 2G GSM standard. If your handset is operating in 3G or 4G (LTE) mode, IMSI catchers cannot interfere with your connection.

The most logical answer to the IMSI threat is to upgrade the security standard of 2G networks. 2G is here to stay for some considerable time: it generally has longer range than 3G and 4G networks so it’s great for rural areas, plus it is used to provide backup voice coverage across the world. The FCC’s problem, however, is how to navigate between the illicit use of IMSIs and the legitimate use: that is, in the US how domestic security agencies use IMSIs to monitor civilians. If we harden the GSM standard against ISMIs we make it harder for law enforcement agencies to track criminal activities. We should be asking why a security vulnerability has been left open for decades, just quietly so they can’t hear us!