[LINK] IMSI / IMEI detection
ash at melbpc.org.au
Sun Jun 13 07:49:41 EST 2010
The recent incident in the US where 114,000 AT&T iPad+3G-owning customers
had their email addresses needlessly exposed doesn't seem to have been
discussed here. Yes, we frequently "expose" our email addresses simply by
using them publicly, as in this list, but few would be happy to have them
released unwittingly to the world at large.
Quote: "Two security researchers told eWEEK that the ICCIDs (integrated
circuit card identifiers) of iPad owners could be used to determine their
IMSIs (International Mobile Subscriber Identities). With an IMSI in hand, it
would be easier for an attacker to potentially find the person in an area by
using an IMSI catcher to scan for mobile devices. "
I had neither heard of IMSI or IMSI catchers but this breach may have served
to expose that knowledge wider than was previously the case. The article
doesn't mention where you can get such a device but my search for the terms
"IMSI EMEI" revealed one:
http://www.neosoft.ch/solutions/hanset_det_syst.php even before I found the
article. The company's other products are also interesting.
One of the devices acts like a 3G/GSM cell tower and tricks a 3G phone of
interest to let go of a genuine cell and puts it in GSM mode to retrieve the
TMSI, EMEI, IMSI, phone model, carrier, etc. The only clue to the target
user is that the phone has been placed in GSM mode and it stays in that mode
until it is rebooted. While legitimate government agencies and carriers can
get such data easily, these portable devices in the hands of individuals
could be problematic.
Makes me wonder about their cost and why they can't be used by army patrols
in Afghanistan to ward off signals to IEDs.
I'll start a separate thread about IMSI formats in Australia.
More information about the Link