Understand the mechanics, risks, and the future of IMSI catching (a.k.a. stealing your cellular ID) in 2025. Read our primer on this niche form of hacking.
The GSM (better known as 2G) protocol has a security vulnerability that exposes a user’s personal identifier (IMSI) in the clear, allowing for attribution and geolocation. This vulnerability is also in the UMTS (a.k.a. 3G) spec, and in the LTE (4G) spec. While the vulnerability was finally addressed in NR (5G), it’s imperfect and remains an exploitable 5G network vulnerability… and my favorite cybersecurity topic.
How to block an IMSI catcher
There’s no way to block an IMSI catcher. The only simple thing you can do, that can have an effect, is to set your network priority to 5G-SA – but most phones don’t support this feature.
If you’re really paranoid, stay in airplane mode until you’re in a very dense coverage area. While this is far from a guarantee, IMSI catchers are more likely to be sitting in areas with compromised signal quality.
Finally, you can keep your phone in a Faraday bag, which can provide up to 100 dB of signal attenuation. GSM
Germany's top security official says the country will bar the use of critical components made by Chinese companies Huawei and ZTE in core parts of its 5G networks in two steps starting in 2026.
In this vulnerability disclosure report, we discuss details of 5Ghoul – a family of implementation-level 5G vulnerabilities. Such a family of vulnerabilities are present in the firmware implementation of 5G mobile network modems from major chipset vendors i.e., Qualcomm and MediaTek. Consequently, many 5G-capable commercial products such as smartphones, Customer-premises Equipment (CPE) routers and USB modems are potentially impacted due to the employment of vulnerable 5G modems in such products. In total, we have found 12 new vulnerabilities (14 total), out of which 10 affect 5G modems from Qualcomm and MediaTek. More importantly, three of these ten vulnerabilities are confirmed to have high severity. We also wrote a scraper to send crafted queries to https://www.kimovil.com/en/ and to have an estimate on the number of smartphone models affected due to these vulnerabilities. We found over 710 smartphone models that are currently in the market to be affected. We emphasize that the actual number of affected models might be more, as firmware code is often shared across different modem versions. In this disclosure report, we also demonstrate the exploitation of 5Ghoul vulnerabilities to drop and freeze 5G connection on smartphones and CPE routers. We also show downgrade attacks across multiple smartphones that result in downgrading the 5G connection to 4G.
A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.
Mobile operators have traditionally relied on proprietary hardware from vendors like Ericsson, Nokia and Huawei to build their networks. And now with 5G comes the push to “virtualize” network functions, replicating key elements in software so they can run on generic hardware, or even in the cloud.
The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks.
The Government of Canada has serious concerns about suppliers such as Huawei and ZTE who could be compelled to comply with extrajudicial directions from foreign governments in ways that would conflict with Canadian laws or would be detrimental to Canadian interests.
Rules for industries and governments aim to prevent all-out cyber breakdown.
