How IMSI catchers can be used at a protest

A brief guide to how IMSI catchers can be used at a protest and how you can minimise risks to your data (UK edition).

Explainer
Key points
  • An ‘IMSI catcher’ is a device that locates and then tracks all mobile phones that are connected to a phone network in its vicinity, by ‘catching’ the unique number that is connected to your SIM card.
  • The police can use IMSI catchers to identify who was at a protest, by capturing the IMSI numbers of all the phones that were in its vicinity at that protest.
  • Putting your phone into airplane mode or switching it off completely will mean that an IMSI catcher can’t track you or your communications.
  • There are other steps you can take too, but none are perfect solutions…
IMSI catchers

What is an IMSI catcher?

  • ‘IMSI’ stands for ‘international mobile subscriber identity’, a number unique to your SIM card. IMSI catchers are also known as ‘Stingrays’.
  • An ‘IMSI catcher’ is a device that locates and then tracks all mobile phones that are connected to a phone network in its vicinity, by ‘catching’ the unique IMSI number.
  • It does this by pretending to be a mobile phone tower, tricking mobile phones nearby to connect to it, enabling it to then intercept the data from that phone to the cell tower without the phone user’s knowledge.
  • The most accessible information about you in this situation is your location. It is unavoidable that cell towers know your rough location through triangulation - indeed, this is how they provide you with their service in the first place. By putting itself between you and the cell tower, an IMSI catcher can work out your rough location.
  • IMSI catchers do not read data stored on a phone. Instead, these devices can be used to try to intercept text messages and phone calls.
  • Depending on the IMSI catcher’s capabilities and on the network your phone is connecting to, more advanced attacks could take place, even though this is unlikely. Some Stingray devices rely on known weaknesses of communication protocols and can force your phone to downgrade the protocols it is using, to make your communications less secure and more easily accessible (e.g. by downgrading communications over 3G to 2G, because as far as we know, content interception and real-time decryption can only be performed when the target is connected over the 2G network).
  • IMSI catchers cannot read the contents of encrypted messages you exchange through platforms that use end-to-end encryption (e.g. Signal, WhatsApp, Wire).

How might IMSI catchers be used at a protest?

  • The police can use IMSI catchers to identify who was at a protest, by capturing the IMSI numbers of all the phones that were in its vicinity at that protest.
  • Some types of IMSI catchers can even enable the police to disrupt or prevent protests before they even happen.
  • For example, they can be used to monitor or block your calls and messages; edit your messages without your knowledge; or even write and send someone messages pretending to be from you. [1]

    What to think about when going to a protest

    • Putting your phone into airplane mode or switching it off completely will mean that an IMSI catcher can’t track you or your communications.
    • If you want to prevent the content of your text messages being tracked by an IMSI catcher, you can use messaging services that use end-to-end encryption, such as Signal and WhatsApp. The only information an IMSI catcher could potentially collect is the fact that you are using these messaging apps, not the content itself.
    • While IMSI catchers do not read data stored on the phone, do bear in mind that the police have other technology that does enable them to access data on your phone, such as ‘mobile phone extraction’ and hacking tools.

    You can download this guide as a jpeg by saving the image below, or by downloading the pdf version in 'Attachments'.

     

Footnotes

[1] We don’t know for sure whether British police forces are currently using IMSI catchers with these kinds of capabilities. As police forces ‘neither confirm, nor deny’ the use of IMSI catchers, it’s hard to know what type they are using.