Following a Parliamentary Question  to the Prime Minister of Mauritius on Tuesday 19 April 2016 by an Opposition member, an widespread interest was created about telephone tapping in the country especially after what the Opposition member described as a van lurking around the house of opposition members in order to listen to conversations. Days later, a weekly newspaper published a 3-page article  on the whole phone tapping in Mauritius and mentioned about an IMSI-Catcher which is basically a device that spoofs your mobile telephony provider’s Base Transceiver Station (In an nutshell, Base that connects your mobile phone to the telephony network) and acts as a middle-man between your device and the providers network thus capturing all of your communications. Out of my usual curiosity, I wanted to know more about it and clarify some doubts I had. I knew about the IMSI-Catcher technique and remembered an article by a hacker by the name of Simone Margaritelli who once assembled a relatively cheap bench rogue-BTS using a Raspberry Pi  that, if tweaked, could be used for that same purpose, intercept communications. I contacted him and he very kindly accepted to reply to my questions.
What is an IMSI-Catcher and how does it work?
Is the GSM protocol that vulnerable? Does moving to digital (3G,4G) change anything in the interception capabilities of the Catchers?
Is there any countermeasure at provider level that can protect from such interceptions?
In your Rogue BTS article, you mentioned that a similar setup can be used for listening purposes. How easy it is from that point on, to listen to phone calls and read sent/received SMSs?
We often talk about those silent-sms. What are they and how do they work?
As per your experience, how can we counter both those silent-sms and the IMSI-spoofing? Any tested-and-working method as countermeasure?
There’s an app for Android devices known as Android-IMSI-Catcher-Detector. Did you have any chance to work with it and review same?
The article mentions that once the device’s traffic is being intercepted and routed through the catcher, Internet traffic, Facebook and WhatsApp conversation too can be monitored. Considering SSL implementations and WhatsApp’s recently implemented End-to-End Encryptions, is this a myth or a reality?
Spare the fact the IMSI-Catcher intercepts communications from devices in its radio range, is it possible to connect it to an existing cellular communications provider network and extend its reach? (Without major modifications to the providers’ infrastructures)
A final word?
For my readers; Who is Simone?
I’m a developer and security researcher from Italy, I’ve been involved in security since I was very young and contributed to the open source community with quite a decent number of projects.
I currently work for Zimperium, a mobile security company.
Thanks Simone for your contribution to this article 🙂
 – http://mauritiusassembly.govmu.org/English/hansard/Documents/2016/hansard0416.pdf
 – http://defimedia.info/ecoutes-telephoniques-au-coeur-dune-cellule-ultra-secrete-27009/
 – https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/
 – https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector
This article does not have in any way any political intent nor anything against the Intelligence Services and Disciplined Forces of Mauritius.