Network technology: 2G/3G
This feature will access the control panel, the user dials a secret code and is then prompted for the control panel. A second secret code is required to access the main Special Functions menu.
This feature calibrates the Stealth Phone, tests the GSM network and stores data about the home network which is part of the self-learning process to detect network anomalies.
This feature allows the user to control the way of IMEI change (after any event such as a call or SMS, on network or IMSI Catcher request, etc.) and also to define his own IMEI, thus performing different protection scenarios.
IMEI is the phone ID. When this feature is enabled, calls and SMSs cannot be intercepted, and location cannot be tracked. Also, the target correlation methods of modern GSM-Interceptors that match the IMEI of the phone with the IMSI (SIM card used in that phone) will fail. Combined with the special Dynamic IMSI feature, the Stealth Phones capabilities become a weapon. Changing the IMEI is legal as long as you are not doing it with a stolen phone. For legal reasons, you can always restore the original IMEI.
IMEI Change feature is designed to protect conversations against control and interception by GSM-Interceptor. To intercept your calls, a GSM-Interceptor will capture and use the following phone identifiers:
1. Your phone number (not transmitted over the air but known to the operator).
2. IMSI – unique SIM registration number.
3. IMEI – unique phone registration number, other than the phone number contained in the SIM.
If you change the IMEI and IMSI then all the phone identifiers are different. Therefore, the system operator does not know who to put under surveillance. If you have only changed the SIM or the IMEI, you will get nothing and your calls will continue to be intercepted as if you had not changed anything.
If you change the IMEI and IMSI at the same time, you can avoid any GSM-Interception. Since all your phone identifiers have changed (which were previously registered in the target selection list of a GSM-Interceptor), the GSM-Interceptor operator has to make additional efforts to receive and register your new identifiers. In addition, the system operator cannot understand that he has lost control of your phone.
XStealth has a fully automated IMEI and IMSI change, making it impossible to be identified.
This feature transforms your phone into a sophisticated counter-intelligence weapon by allowing the user to automatically change the IMSI number. SIM cloning starts and generates a new valid IMSI to be used for the next calls or messages. No internet connection, third party servers or special SIMs are required. No monthly fees or commitments.
HOW DOES IT WORK?
The phone will clone any SIM card inserted. Once cloned, the real SIM is quarantined and a virtual SIM is used instead, which can change its IMSI by generating valid IMSIs. IMSI change is done automatic. Please note that the MSISDN (the phone number associated with the SIM card in use) does not change when you use the IMSI change function.
XStealth has a fully automated IMEI and IMSI change, making it impossible to be identified.
This feature allows the user to switch between Hunting mode (call and SMS interception detection) and Anti Interception mode (no calls and messages can be sent or received while interception is active, regardless of whether GSM-Interceptor or SS7 means are used).
This feature alerts the user in real time when voice and data connections are being intercepted.
All mobile calls and messages are encrypted by default in almost all mobile networks. The GSM standard encryption algorithm is called A5. There are four variants of A5 in GSM, of which only the first three are widely used: A5/0, A5/1, A5/2 and A5/3. The latest interception technologies are capable of intercepting not only calls and messages, but also data (Internet usage). A GSM-Interceptor or IMSI Catcher forces mobile phones into A5/0 mode (no encryption), which makes it easy to intercept call data and convert it into audio.
XStealth detects this situation and alerts the user in real time.
This feature is a location tracking and Ki extraction alert. When a location tracking ping is received, XStealth will alert you.
Tracking methods used by law enforcement are based on mobile networks. The target phone does not need to be connected to the internet. In most cases, network operator assistance is required, unless SS7 is used to track the location of the phone.
Every time a GSM-Interceptor tries to obtain Ki (the encryption key stored on the SIM card), it sends out so-called “challenges” and waits for the SIM card to respond with parts of the encryption key. The Ki is then calculated later. Ki extraction alerts are also provided by this feature.
This feature is true GSM location spoofing. The user can choose which cell tower the phone is connected to. In this way, any triangulation technique used for location tracking will produce false results, resulting in a false location.
Most so-called location spoofing applications are internet-based and only spoof GPS data. This creates a false sense of security because the GSM location is revealed every time the target phone is connected to a mobile network. GSM location data (Cell ID, Location Area Code, etc.) is often used by law enforcement agencies to locate mobile phones.
XStealth is immune to this type of location tracking since connecting to more distant towers will cause false locations to be stored with the providers, leading to false results if analysed.
Caution: The mobile data connection is also provided by the network operator (via cell towers, which are easy to find). If the phone is connected to the internet via a mobile hotspot, the phone can be tracked instantly.
Optimal location spoofing is implemented for ease of use. XStealth will always connect to the most distant cell tower, whether it is stationary or in motion.
This feature allows the user can block the ARFCN (uplink and downlink – the pair of radio channels used by the cell tower to communicate with the phone and vice versa) to prevent a forced handover (the phone is forced to silently disconnect from the home network and connect to a fake cell tower spoofed by a GSM-Interceptor). XStealth remains connected to the real cell tower, preventing it from ‘slipping’ to a fake cell tower (IMSI Catcher) using a different ARFCN to force a handover.
This feature monitors the C2 (cell re-selection criterion) parameter used by GSM-Interceptors to force mobile phones to connect. Active and semi-active GSM-Interceptors will force any mobile phone to disconnect from the home network and connect to the rogue BTS that the device is impersonating. This is also known as BCCH manipulation and is used by all modern GSM-Interceptors.
When launching this function, the phone will:
1. Extract C1 value, from serving cell.
2. Will compute C2 value by using a special algorithm, the same used by any GSM network.
3. Will look for at least other 6 neighboring cell towers, ordered by RSSI value.
4. Will compare C1 to C2.
5. Will trigger alert if no neighboring cells are found (a clear indication that a GSM-Interceptor is active within area).
6. Will look for CPICH, RSCP and BCCH.
7. Will display forced handover attempts (if any).
8. Will display Channel lock fails (if any).
This feature detects lawful interception by SS7 boxes (known as Network Switch Based Interception or Network Operator Assistance Interception). cryptoTRACERⓇ is a unique feature based on XCell’s proprietary algorithms that can instantly detect lawful interception attempts and alert the user when calls and SMS are being intercepted using SS7 (strategic interception solutions).
In addition to IMSI Catchers and GSM-Interceptors, which are small and mobile (sometimes vehicle mounted) interception systems, law enforcement agencies use so-called lawful interception (SS7 interception or operator help interception), a special piece of hardware that is directly connected to the GSM core network (at the level of the network switch).
In order to instantly detect if your XStealth is monitored by SS7 means, you don’t have to make any call or send/receive a message. Just run cryptoTRACER® and wait for results. After checking phone firmware integrity, cryptoTRACER® will start pinging core network at MSC/VLR and AUC/HLR level. Then will calculate network redundancy and compare to standard redundancy. If a ping delay will be detected, SS7 monitoring alert will be triggered by displaying:
– Network redundancy [!]
– Pingdelay [!]
– Phone status [!]
This feature creates a separate, secure partition in which the IMEI engine, IMSI engine and other security-related software components run smoothly, without the possibility of interference or tampering. The user can verify the integrity of the sandbox and its components at any time.
This feature is a live network monitoring tool that looks for IMSI Catcher and GSM-Interceptor, SS7 Interception and other network anomalies. Real-time interception detection is also available. No false alarms due to intelligent scanning mode.
This is the Proximity Alert feature. The phone will detect any abnormal LAC (Location Area Code) when stationary, changes made only by IMSI Catchers and GSM-Interceptors to force a connection.
This feature has been added an absolutely new breed of secure SMS which is not just encrypted but use a new patented technology, which makes SMS also non-interceptable.
This is a revolutionary innovation called Multi-Layer Security Protocol – MLSP®, developed and patented by XCell Technologies. Taking advantage on GSM network architecture and SMS Transport Protocol, our SMS encryption technology is capable to send/receive encrypted and non-interceptable messages.
Please note that for exchanging encrypted messages you need at least 2 phones. Sender phone will encrypt the message and receiver phone will decrypt the message.
MLSP® consist in:
1. Physical layer: encrypted text message.
The phone will encrypt text messages by using following protocols:
– AES 256
– Elliptic Curve (ECIES) 256
– Protected by ITSEC Evaluation level 3
2. Multi-layer routing and transport protocol. Encrypted SMS data is randomly segmented and distributed in bursts by Application Port Addressing Technology, via discrete GSM channels which usually are not “listened” by mobile interception systems (IMSI Catchers, GSM-Interceptors or StingRays), both in air interface (UM Interface in terms of GSM networks) and Abis, A and C-G mobile network interfaces. This way, SMS data which is usually sent over GSM Layer 1 (and widely intercepted on Layer 1) will be sent by using a combination of GSM Layer 1 and GSM Layer 2 (LAPDm). By consequence, no mobile interception systems (as GSM-Interceptors) and lawful interception systems (SS7 interception also known as network switch based interception or interception by the help of network operator) will be able to intercept the whole message but only a few bursts which are encrypted anyway.
3. Metadata protection. Regular SMS metadata is not saved in a separate file (called a metadata file). XCrypt separate metadata and the data it describes (SMS encrypted text), sending metadata file in bursts over the network, by the same Port Addressing technology. Metadata is of little value without the data file (SMS) it relates too. At the same time, metadata makes the data more usable and therefore, more valuable. An encrypted text message with separate metadata file will reveal nothing about SMS sender and receiver.
Our SMS encryption application use a groundbreaking multi-layer technology to protect SMS from being intercepted and decrypted. As a unique encryption application, beside strong military grade encryption, XCrypt use a brand new patented technology in order to send/receive encrypted messages: discrete GSM channels or Multi-Layer Security Protocol®. That will protect not just encrypted text messages but also metadata which is not encrypted.