Easy 4G/LTE IMSI Catchers for Non-Programmers

IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities (IMSIs) within an area or location within a few seconds of operation and then denies access of subscribers to the commercial network. Moreover, we demonstrate that these attack devices can be easily built and operated using readily available tools and equipment, and without any programming. We describe our experiments and procedures that are based on commercially available hardware and unmodified open source software

Imsi-Catcher Detection For Mobile Operating Systems

Systems and methods for detecting and notifying a mobile device user of an IMSI-catcher are disclosed. The system includes a mobile device installed with an application that collects signal data and wirelessly transmits the data to a server. The application may be part of a remote attestation service and communicates directly with radio interface layer (RIL) to collect telephony network and diagnostic information data from the device’s baseband. The collected data is sent to the server for remote attestation. The method includes detecting anomalies in the signal data from crowd-sourced heuristics and notifying the device user discreetly of the presence of an IMSI-catcher. The system and method provide identification of IMSI catchers with high reliability since the detection is done using crowd-sourced data from many devices and on the server-side, it’s more difficult for an attacker to conceal being identified and to counter the detection

Precheck Sequence Based False Base Station Detection During Handover: A Physical Layer Based Security Scheme

False Base Station (FBS) attack has been a severe security problem for the cellular network since 2G era. During handover, the user equipment (UE) periodically receives state information from surrounding base stations (BSs) and uploads it to the source BS. The source BS compares the uploaded signal power and shifts UE to another BS that can provide the strongest signal. An FBS can transmit signal with the proper power and attract UE to connect to it. In this paper, based on the 3GPP standard, a Precheck Sequence-based Detection (PSD) Scheme is proposed to secure the transition of legal base station (LBS) for UE. This scheme first analyzes the structure of received signals in blocks and symbols. Several additional symbols are added to the current signal sequence for verification. By designing a long table of symbol sequence, every UE which needs handover will be allocated a specific sequence from this table. The simulation results show that the performance of this PSD Scheme is better than that of any existing ones, even when a specific transmit power is designed for FBS

A Survey of Subscription Privacy on the 5G Radio Interface - The Past, Present and Future

End-user privacy in mobile telephony systems is nowadays of great interest because of the envisaged hyper-connectivity and the potential of the unprecedented services (virtual reality, machine-type communication, vehicle-to-everything, IoT, etc.) being offered by the new 5G system. This paper reviews the state of subscription privacy in 5G systems. As the work on 5G Release 15 -- the first full set of 5G standards -- has recently been completed, this seems to be an appropriate occasion for such a review. The scope of the privacy study undertaken is limited to the wireless part of the 5G system which occurs between the service provider\u27s base station and the subscriber\u27s mobile phone. Although 5G offers better privacy guarantees than its predecessors, this work highlights that there still remain significant issues which need rectifying. We undertook an endeavor to (i) compile the privacy vulnerabilities that already existed in the previous mobile telephony generations. Thereafter, (ii) the privacy improvements offered by the recently finalized 5G standard were aggregated. Consequently, (iii) we were able to highlight privacy issues from previous generations that remain unresolved in 5G Release 15. For completeness, (iv) we also explore new privacy attacks which surfaced after the publication of the 5G standard. To address the identified privacy gaps, we also present future research directions in the form of proposed improvements