By: Jane Duncan
A recent news report about the arrest of some people for possession of a cellphone bugging technology called ‘The Grabber’ has so far received little attention. Indications that this technology, which can be deployed for political reasons, seems easily accessible in South Africa must be of great concern.
This technology is a form of International Mobile Subscriber Information (IMSI) catcher – the unique identifiers of your SIM card. IMSI catchers are surveillance tools that act like fake base stations, mounting ‘man-in-the-middle’ attacks on unsuspecting cellphones. By sending out a signal that’s stronger than your nearest cellphone tower, they fool your cellphone into believing that it’s a base station and as a result, your cellphone connects to it.
IMSI catchers exploit a basic security flaw in cellphones, in that cellphones have to verify that they’re connected to your network, but your network doesn’t have to verify that they’re connected to your cellphone. This allows the IMSI catcher to catch your cellphone information, and with more sophisticated versions, even your phone and data traffic. An IMSI catcher can capture the cellphone information of anyone with a cellphone in its vicinity.
So what are its potential uses? Well, authorities usually give the standard motherhood and apple pie ones. So for instance, it can be used to track down a criminal, providing the criminal’s number is known, of course. But in order to do so, it has to sniff through all the phones and data traffic of the rest of us non-criminals. This is why privacy and human rights groups such as Privacy International and the ACLU are up in arms about the use of this technology. Rummaging around in peoples’ cellphone traffic looking for the proverbial criminal needle in the haystack of innocents constitutes a search in legal terms, and you shouldn’t be able to search without a warrant.
But the authorities can also put them to more pernicious uses. If the spies want to know more about people attending an Economic Freedom Fighters (EFF) rally for instance, or a protest, they can use an IMSI catcher to grab the information of every cellphone carrying participant of the rally or protest.
Now in countries without SIM card registration, this is less of a problem, because all the authorities will get is a list of numbers, without being able to trace back these numbers to specific individuals. But in countries with SIM card registration, such as South Africa, the authorities can, at the touch of a button, print out the names and addresses of every single cellphone carrying participant in a rally or protest. If that doesn’t make you think about the dangers of SIM card registration, then nothing will.
The recent news report confirms the fact that IMSI catchers are in South Africa, and if criminals have them, you can bet your bottom Rand that the spies have them too (and boy, is the Rand at the bottom). The article pretty much says so anyway. See the comments by the anonymous intelligence source. And do we know the uses to which they are being put? Hmmm…
Cassandra-like, Steve Song warned about this issue as far back as 2012. He was ignored, while all of us went like sheep to ‘get Rica’d’. His prescient article warning of the dangers of SIM card registration, and the ways in which it could be abused by IMSI catcher-carrying spies, is here: https://manypossibilities.net/2012/09/35-reasons-to-worry-about-privacy-in-africa/
This piece was lifted from ujuh.co.za
Jane Duncan is a Professor of Journalism at the University of Johannesburg