The German newspaper Die Zeit has a long feature today about IMSI catchers and their countermeasures, words that were long heard only in countersurveillance cultures at Black Hat and Defcon. Observing this phenomenon make the jump from the obscure to the mainstream tells us a lot about the years to come: surveillance and countersurveillance will be a cat-and-mouse game for quite some time.
Most people have heard of their IMEI, their phone’s unique identifier. It’s short for International Mobile Equipment Identity, and a lot of people learn how to read this number. Originally, it was produced by typing ×#06# on your phone, a sequence that amazingly still works, but it’s also on the phone receipt, in the menus, and in a number of friendlier places. This is the number you can insure, and this is the number you can report stolen to brick the phone.
A more secretive number is the IMSI, the Subscriber Identity, which identifies not the phone but the SIM card inside the phone. In most parts of the world, you’re expected to buy these separately from the phone, and you can replace the SIM card to change carriers but keep the same phone. In some other parts of the world, where telco carries have exercised regulatory capture and have a dysfunctional market, the SIM is typically card prebaked into the phone, and in these countries, you might never have seen it – but it’s still there, identified by the IMSI.
There are many good technical reasons to keep this number a secret. For example, any reconfiguration instructions sent to the phone from the carrier – so-called Over-the-Air provisioning — must be signed cryptographically with the IMSI of the current SIM card, in order to prevent fraudulent configuration. It’s also the number used when the phone contacts