Mobile Subscriber Identity Threat, Wi-Fi Entry Points for Hackers

127

Ever since the beginning of the cyber era, mobile users have put their refuge on mobile security systems on the market. However, mobile users are now susceptible to threats more than ever, as per security is concerned, because of the growing number of technologies in devices that are being developed at a pace.

For instance, IMSI Catchers are devices that mimic cell towers which are deliberately used for federal purposes, such as tracking the movement or location of mobile users at a particular location and time, or intercepting through mobile call traffic. IMSI or International Mobile Subscriber Identity is simply a unique identification (usually in a form of 15-digits) which is used by cellular networks to help identify mobile subscribers using SIM cards as channels. Since IMSI Catchers are intended for a viable commercial purpose, the cost is, as one would have it, rather pricey.


Due to the convenience brought about by these devices, such tactics are now being adapted for other viable and much cheaper devices, such as Wi-Fi networks. Through the continuous research and development of these devices, which are inevitable, it poses both the good and the bad for its clients, the latter being that of exploitation of identities of the mobile subscribers and their confidential data as well. Currently, Wi-Fi connections turn out to be just as functional as IMSI catchers when it comes to exposing the IMSI numbers of mobile devices. The probability of such scenario is likely to happen because of the extremely high demand for the use of Wi-Fi services by mobile subscribers, and since mobile data offloading technologies are considered in a way as a more cost-efficient free-bandwidth communication system compared to data networks.

However, regardless that these devices are meant for a good cause, it can turn into a devastating tool when put into the hands of the wrong people, such as cyber criminals.

The auto-connectivity features in Wi-Fi are subtle weak spots that are now being targeted by hackers since Auto Wi-Fi connections require subscribers to provide their IMSI for initial authentication as well as temporary identities in cases of re-authentication. And since automatic Wi-Fi connections are now commonly integrated to every mobile device’s OS, cyber perpetrators can simply set up a rogue access point with SSIDs identical to ones that those devices have previously been connected to. As a result, mobile subscribers unsuspectingly provide these pseudo networks their IMSI upon request for authentication.  

The issue on IMSI seepage has made quite a distress for the mobile providers and their clients as well. The good news is that the leading researchers on the subject have advised OS manufacturers, mobile operators and GSM Trade Groups about the detection of such attacks. Thus, companies of mobile providers are doing their best to acknowledge the problem, for instance, the integration of the so-called “conservative” peer mode for Apple devices with iOS 10, which is an improved privacy support.