not really. They can but they need something better. USIMs, unlike SIMs are authenticating the cell, too.
@loweel I am using the name "Stingray" in the generic sense, like if you want to order a "Coke". A cell tower simulator will be a man in the middle and intercept all traffic as it passes from your phone on to the legitimate cell network. Phone calls, SMS (both unencrypted) and data.
to intercept SMS there is no need to do this. Actually the SMS is being check’d by the MSC to check if you are allowed to use MAP to the SMSC.
So the MSC knows metadata. Last but not least, a PDU is ~200 Bytes Long, so it is logged by the Signaling Gateway as it is. A log of line may be 4K long, so when they log the signaling , they log the whole SMS, together with TON, NPI, TLVs and everything.
They have completely no need to tap you for SMS. What they do is to use SMS to grab your IMSI, sniffing in the meantime. After they have the IMSI, they don’t need tapping anymore. They just ask the telco.
@loweel Why go to the effort of getting data from the telcos, when they can get it directly from captured signals? No matter how they get it though, your data is captured.
because a single Signaling Gateway trace has ALL the records of ALL the traffic. The price for user of getting STP traces is much less.
If you take away, say 10 GB of protocol dump in the message Gateway, you got MILLIONS of SMS. It takes a few minutes, and the cost is little.
To intercept millions of users like you say, will cost much more money. This is why law enforcement has direct access to MSC, HLR, VLR, SGSN, GGSN, Messaging GAteways, AUC, etcetera.