Prisoners’ ‘innovative’ anti-IMSI catcher defence was… er, tinfoil
Scottish prison guards left mobile network snooping device in sight of jailbirds
Exclusive Prisoners at a Scottish jail evaded an IMSI catcher deployed to collar them making illegal phone calls – by putting up tinfoil after bungling guards left the spy gear visible to inmates.
“As you are also aware the invisible grabber at HMP Shott [sic] was visible,” Maurice Dickie of the Scottish Prison Service wrote in an internal email of May 2014.
This referred to the trial of an IMSI catcher in North Lanarkshire prison HMP Shotts that year.
The idea was to use the IMSI catcher to find out which prisoners were making illegal calls using smuggled mobile phones from within the jail. Officially, the trial was declared a failure, having evidently not caught any lags making unlawful mobile calls, because prisoners were said to have developed “innovative countermeasures”.
The Register understands these “countermeasures” were just tinfoil used to block line of sight to the IMSI catcher after prisoners spotted the device, which appeared to have been placed on the “inside of the prison perimeter”.
Improperly redacted copies of emails seen by The Reg revealed the cockup. Ofcom, which regulates the use of IMSI catchers in the UK, declined to comment. The Scottish Prison Service had not responded by the time of publication.
IMSI catchers are known as Stingrays in the US. They are fake mobile network base stations used to fool nearby mobile phones into connecting to them, thus revealing the unique International Mobile Subscriber Identity number. They are used extensively in America, where law enforcement agencies must apply for a court warrant to use them.
New proposals in the Prisons and Courts Bill currently before Parliament will allow British mobile network operators to deploy them under authorisation from the Justice Secretary.
Similar authorisations for mobile network snooping, though required by law, are normally given on a blanket basis and for practical purposes do not provide any meaningful safeguard against misuse. ®
Source: The Register – Security @ March 1, 2017 at 02:09AM