Skip to content

Services, Wiki-Artikel, Blog-Beiträge und Glossar-Einträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen
What is an IMSI Catcher? How mobile networks are manipulated!
Offensive Security

What is an IMSI Catcher? How mobile networks are manipulated!

An IMSI Catcher is used to manipulate mobile networks, locate devices and eavesdrop on conversations. What is behind the devices?

Vincent Heinen Vincent Heinen Abteilungsleiter Offensive Services
Updated: October 7, 2024 3 Min. read
OSCP+ OSCP OSWP OSWA
Table of Contents (3 sections)

An IMSI Catcher can simulate a mobile phone cell of a network operator. Thus, the IMEI number of surrounding devices can be found out. The International Mobile Equipment Identity (IMEI) number is a unique 15-digit serial number. Meanwhile there are devices for listening to connections. The costs range from 300 to 300,000 Euro.

Mobile phones do not immediately check where a message comes from - this leads to problems!

Device eavesdropping, as well as tracking and tracing the location of devices, is popular in high traffic locations such as airports and train stations. Setting up an IMSI catcher does not comply with applicable law. The main source of the problem, says Yomna Nasser, a technician at the Electronic Frontier Foundation (EFF), is that the devices cannot verify the identity of the mobile phone base station in the early stages of the connection. A smartphone connects to an IMSI Catcher instead of the real mobile phone cell. Source: eff.org The manipulation of the network is an existing problem against which little or nothing can be done by the users. Meanwhile, IMSI stands for “International Mobile Subscriber Identity” and is used for the unique identification of network subscribers. The IMSI has nothing to do with the telephone number, but helps to track the device. It is unlikely that the problem will be solved in the foreseeable future. The technologies would have to be backwards compatible, as there are already billions of devices on the market and in use.

An IMSI Catcher for 1.500 EUR in self-construction

Just under a decade ago, it was already shown at Defcon that it is in principle also possible to construct the building yourself. At the hacker conference, Chris Paget showed how GMS networks can be eavesdropped with Hardware for about 1,500 EUR. https://www.youtube.com/watch?v=fQSu9cBaojc&t

An IMSI Catcher can become a danger if the emergency call fails

An IMSI Catcher manipulates the mobile network. If an existing mobile network is superimposed, the victim runs the risk of not being able to make an emergency call. Thus, in addition to observing and eavesdropping on the person, the operation can also pose a concrete danger. Little is known about professional, commercial devices.

Normally, telephone monitoring is handled by the operator. This requires a court order. Using an IMSI Catcher can bypass this process. This data could not be admitted as evidence in court - but at first it is difficult to prove its use. Thus, the police can (technically speaking) always fall back on the use of an IMSI Catcher.

Next Step

Our certified security experts will advise you on the topics covered in this article — free and without obligation.

Book free consultation View services

Free · 30 minutes · No obligation

Share this article

LinkedIn X E-Mail

About the author

About the Author

Vincent Heinen
Vincent Heinen

Abteilungsleiter Offensive Services

E-Mail
PGP 1DDAA57F2B972787

M.Sc. IT-Sicherheit mit über 5 Jahren Erfahrung in offensiver Sicherheitsanalyse. Leitet die Durchführung von Penetrationstests mit Spezialisierung auf Web-Applikationen, Netzwerk-Infrastruktur, Reverse Engineering und Hardware-Sicherheit. Verantwortlich für mehrere Responsible Disclosures.

Responsible Disclosures: CVE-2023-0865 CVE-2025-43579 CVE-2025-53533
OSCP+ OSCP OSWP OSWA
Vollständiges Profil ansehen
Certified ISO 27001ISO 9001AZAVBSI

Cookielose Analyse via Matomo (selbst gehostet, kein Tracking-Cookie). Datenschutzerklärung