Reality of Cell Phone Hacking — IMSI Catcher Explained

Reality of Cell Phone Hacking — IMSI Catcher Explained

Nord VPN

Spying on suspected cybercriminals and terrorists by intercepting their phone calls and tracking their online activities have been the working fields of surveillance agencies such as NSA, FBI, CIA etc. These organizations have the authority to ask the cell phone carrier companies to provide their subscribers’ data and constantly spy on them. However, for an individual hacker(black hat), it is not possible. So he uses an IMSI Catcher to hack the cell phones.

What is the IMSI number?

IMSI stands for International Mobile Subscriber Identity. This number uniquely identifies any cell phone user having a SIM(Subscriber Identity Module) card. It is sent by the mobile device to the appropriate network. IMSI is usually represented as a 15 digit number but can be shorter than that. It was provisioned in the SIM card operating over GSM, UTMS or LTE network. IMSI is used to acquire details of the mobile in HLR(Home Location Register) or VLR(Visitor Location Register).

IMSI Representation
IMSI Representation (source:

Note: IMEI number corresponds to mobile device while IMSI number corresponds to SIM card.

What is an IMSI catcher?

An IMSI catcher is a hardware device which is used to intercept cell phone traffic and helps in tracking the location of a mobile phone user. It acts as a fake mobile tower — pretending to be a real mobile phone tower, between the target user and the real service provider’s tower. So basically it performs a Man-In-The-Middle(MITM) attack. When a user connects to the fake tower(IMSI catcher), he unknowingly communicates with the hacker who now has all the information about the user and his cell phone. An IMSI Catcher looks like this…

IMSI Catcher

Working mechanism of IMSI catcher

In normal cellular network communication, a mobile device connects to a cellular tower which is emitting strong strength signals and located at the least distance from the mobile device. The mobile phone request certain services and the tower receives user requests and respond to them.

Authorized Communication

But in case of cell phone hacking, an IMSI catcher is placed in between the mobile device and the cellular tower. As I said earlier, IMSI catcher acts as a fake cell phone tower and it is placed at a very short distance from the mobile phone so that the device gets connected to the fake tower(IMSI catcher) instead of the real one. This is because
1) IMSI catcher is programmed to emit high-frequency signals than the frequency of the real tower.
2) IMSI catcher is placed in the vicinity of a mobile device in between the mobile device and the real cellular tower.

Unauthorized Communication
(Using IMSI Catcher)

As soon as the mobile phone connects to the IMSI catcher, it provides all the services which a real cell tower provides. The victim will not know about the evil thing but the hacker will have full access to cellular traffic, phone calls, text messages placed by the victim.

Who uses IMSI catcher?

Spying and surveillance agencies have an agreement with cellular network providers about disclosing the cellular information of a criminal. However, police departments can also take advantage of IMSI catchers to keep an eye on suspicious activities. Unauthorized people(mainly black hat hackers) use these devices to evade the privacy of users.

Are IMSI catchers legal?

Different countries are having different laws and rules and regulations for using IMSI catchers. Using or trading an IMSI catcher is certainly illegal unless you are law enforcement. Whatever may be your reason for using IMSI catchers, invasion of someone’s privacy is unethical and illegal in any case.

Feasibility & Limitations of IMSI catchers

The good thing for you is that IMS catchers can only be successful on GSM network i.e. 2G standards. It does not work on UMTS(3G) and LTE(4G) networks. And nowadays, the majority of people have switched from the 2G network to 3G and 4G network.

The 2G network does not implement mutual authentication during communication between the mobile device and the cellular tower which makes it easy for IMSI catchers to exploit. To overcome this weakness, 3G and 4G networks require mutual authentication before communication.

However, some attacks can downgrade 3G and 4G or LTE network to non-LTE i.e. 2G network to perform the attack. This can be true but it must have some active support from the network operator. The hacker must know some internal parameters of the operator company to downgrade the network to 2G, which is nearly impossible for a hacker to gain. Also, modern network standards are developed not to downgrade, meaning they have a feature to “use LTE only“.

How can I detect an IMSI catcher?

Many applications claim to alert users when a possible IMSI catcher is detected in the surroundings. I have listed below some popular ones:

These applications have their limitations and may not provide complete protection.

How can I protect myself from these attacks?

If you are using a 2G device, upgrade it to 3G or preferably 4G. This decreases the possibility of getting hacked to a significant amount. Other than that, there are no confirmed ways to protect from these attacks because these attacks are carried out on a cellular network. There are no settings to adjust in your phone to stop these attacks. However, you can use the apps mentioned above to detect one.

Read more:

Call Anyone from Any Number | Caller ID Spoofing Explained

Kali Linux Overview — A Hacker’s Paradise

What is VPN? | VPN Explained In Detail

Sharing is caring!


3 thoughts on “Reality of Cell Phone Hacking — IMSI Catcher Explained”

  1. It is the best time to make a few plans for the future and it is time to be happy.
    I’ve read this put up and if I may I wish to suggest you few
    fascinating things or suggestions. Perhaps you can write next articles referring to this article.
    I desire to learn more things approximately it! I will immediately seize your rss as I can’t to find your email subscription hyperlink or newsletter service.
    Do you have any? Please allow me know in order that I may just subscribe.
    Thanks. This is a topic that is near to my heart… Many thanks!
    Where are your contact details though?

    • Thank you Jack and will definitely write more articles related to this topic in future. You can find newsletter at the end of every post or at the footer.

  2. Wow, this paragraph is nice, my sister is analyzing these things, so I am going to tell her.
    I just couldn’t depart your site before suggesting that I actually enjoyed the usual
    information an individual provide in your guests? Is
    going to be back incessantly to check out new posts
    I am sure this article has touched all the internet users, its really really fastidious article on building up new blog.


Leave a Comment

%d bloggers like this: