They were trying to trick thousands of smartphones with fraudulent text messages purporting to be a health insurance campaign. This February 16, five people were indicted for alleged fraud through a device commonly used by intelligence services: an IMSI-catcher.
This machine, which is in the shape of a large box equipped with multiple antennas, costs several tens of thousands of euros, and is designed to hack the connections of any mobile. With a fairly basic principle: it simulates a false repeater antenna so that all the surrounding mobiles connect to it and pass all their data through it. A very efficient way to retrieve large amounts of telephone numbers in a specific area, to better adapt the SMS according to the target.
A very framed legality
Within this perimeter of a few hundred meters, the IMSI-catcher will transmit all the calls or SMS exchanged by the victims, without being detected: the box also connects to the real repeater antennas in the surroundings to route all these conversations and make make users unaware of anything.
Often used without a legal framework by French intelligence, IMSI-catchers were authorized under the intelligence law, after the 2015 attacks. They were thus mobilized during the arrest of two people in April 2017, suspected of planning an attack.
But these machines also have several limitations. how do you remember The world, its operation is based on a flaw inherent to the 2G (GSM) network, which does not require authentication of the repeater antenna by the phone, which allows it to artificially replace this same repeater antenna. An operation that will be called into question with the end of 2G networks in the coming years.
Furthermore, IMSI-catchers can only access data that passes without encryption, such as calls and SMS. Encrypted information, for example a WhatsApp conversation, remains inaccessible.
Source: BFM TV
