Skip to main content

Stingray detectors provide little protection

Some freely available tools to detect threats to mobile device users from fake mobile phone towers, also called stingrays and International Mobile Subscriber Identity (IMSI) catchers, have been shown to have major shortcomings in a recently presented paper.

A research team from the University of Oxford and the Technical University of Berlin evaluated the capabilities of five IMSI catcher detector apps for Android devices, which claim to protect mobile device users from spying by fake base stations. The researchers found that none of the popular tested apps were able to detect the IMSI catchers effectively.

As part of the study, which was presented in August 2017 to the USENIX Workshop on Offensive Technologies, the team developed their own White-Stingray, a framework with various attacking capabilities in 2G and 3G, using techniques described in the patent database for IMSI catchers and commercial product brochures.

The framework managed to circumvent many of the apps' detection techniques. 'People incorrectly think that IMSI catcher detection apps can protect you from tracking, but they can in fact trick people into handing over their private data,' said Ravishankar Borgaonkar, a research fellow from Oxford's Department of Computer Science who led the study. 'The root cause of the ineffectiveness of catcher apps lies in both the architecture of the GSM/3G system and the limited access to baseband chip data to app developers which means that spies can always stay one step ahead. The GSM/3G network design gives all the power to the base station, while the phone is just a dumb device that listens for and accepts commands.'

The team looked at ways to help solve the architectural issues, and how to improve the detection capabilities of the IMSI-catchers on mobile devices. 'We found that not only do free Android apps need to be improved, but phone manufacturers, baseband chip providers, and carriers need to actively coordinate their efforts to tackle this fake base station problem,' said Ravishankar.

The research was partly performed within the EU’s 5G-ENSURE project, which is addressing priorities for security and resilience in 5G networks.

Ravishankar's co-researchers were Oxford's Professor Andrew Martin, and Berlin's Shinjo Park, Altaf Shaik and Professor Jean-Pierre Seifert. Their paper can be read at:

This article first appeared in the Winter 2017 issue of Inspired Research.