Next time you see an open WiFi hotspot, you’d best be careful
Another danger of smartphone security is that your device can be traced and hijacked without your knowledge using a very sophisticated spying tool called IMSI catchers. IMSI catches has long been used by law enforcement personnel to track suspects and here is how it works. By mimicking a cellphone tower and tricking their devices to connect to them, it even intercepts calls and internet traffic, sends fake texts, and installs spyware on a victim’s phone, all the while the user being unaware of what is going on.
Now it has been found out that WiFi is capable of doing the exact same thing, and you will be none the wiser in figuring out who and when they managed to hijack your smartphone. A WiFi network is easily able to capture IMSI numbers, but it can only do so from nearby smartphones. Devices that are not in the range of the network will remain safe, but for how long exactly.
In case you were wondering about the term ‘IMSI’, it stands for international mobile subscriber identity and is a unique 15-digit number used for authentication of a person when moving network to network. The number is stored in the read-only section of a SIM card and with the mobile operator. During BlackHat Europe, researchers from Oxford University demonstrated a new type of IMSI catcher attack that operates over WiFi, and it allows to capture a smartphone’s IMSI number within a second as soon as the smartphone user comes in close range of the network. This is then used to spy on the user’s every moment and as a reminder, this issue can affect both Android and iOS.
The great news to hear is that you can disable the WiFi calling feature on your device, but WiFi auto connect can only be disabled when such a network is in range. iOS 10 for iPhones and iPads have introduced better security to reduce the effectiveness of WiFi to catch IMSI, but that does not keep them completely protected.