research-article

The diverse and variegated reactions of different cellular devices to IMSI catching attacks

Authors:

Francesco Gringoli,

Giuseppe Bianchi,

Nicola Blefari MelazziAuthors Info & Claims

WiNTECH '20: Proceedings of the 14th International Workshop on Wireless Network Testbeds, Experimental evaluation & Characterization

Pages 80 - 86

https://doi.org/10.1145/3411276.3412191

Published: 21 September 2020 Publication History

Abstract

The goal of this paper is to assess how different User Terminals react to IMSI-catching attacks, namely location privacy attacks aiming at gathering the user's International Mobile Subscriber Identity (IMSI). After having implemented two different attack techniques over two different Software-Defined-Radio (SDR) platforms (OpenAirInterface and srsLTE), we have tested these attacks over different versions of the mobile phone brands, for a total of 19 different radio modems tested. We show that while the majority of devices surrender almost immediately, iPhones seem to implement some cleverness that resembles proper countermeasures. We also bring about evidence that the two chosen SDR platforms implement different signaling procedures that differentiate their ability as IMSI-catchers. We finally analyse IMSI-catchers' behaviors against subscribers of different operators, showing that successfulness of the attack depends only on the chipset and the SDR tool. We believe that our analysis may be useful either to practitioners that need to experiment with mobile security, as well as engineers for improving the design of mobile modems.

References

[1]

Andy Lilly. Imsi catchers: hacking mobile communications. Network Security, 2017(2):5--7, 2017.

Digital Library

[2]

Haibat Khan, Benjamin Dowling, and Keith M Martin. Identity confidentiality in 5g mobile telephony systems. In International Conference on Research in Security Standardisation, pages 120--142. Springer, 2018.

[3]

Mohsin Khan, Philip Ginzboorg, Kimmo Järvinen, and Valtteri Niemi. Defeating the downgrade attack on identity privacy in 5g. In International Conference on Research in Security Standardisation, pages 95--119. Springer, 2018.

[4]

Chuan Yu, Shuhui Chen, and Zhiping Cai. Lte phone number catcher: A practical attack against mobile privacy. Security and Communication Networks, 2019:7425235:1-7425235:10, 2019.

Digital Library

[5]

S. Hussain, O. Chowdhury, S. Mehnaz, and E. Bertino. Lteinspector: A systematic approach for adversarial testing of 4g lte. Network and Distributed Systems Security (NDSS) Symposium 2018, Feb 2018.

[6]

M. Labib, V. Marojevic, J. H. Reed, and A. I. Zaghloul. Enhancing the robustness of lte systems: Analysis and evolution of the cell selection process. IEEE Communications Magazine, 55(2):208--215, 2017.

Digital Library

[7]

Roger Piqueras Jover. Lte security, protocol exploits and location tracking experimentation with low-cost software radio, 2016.

[8]

Roger Piqueras Jover. Security attacks against the availability of lte mobility networks: Overview and research directions. 2013 16th International Symposium on Wireless Personal Multimedia Communications (WPMC), pages 1--9, 2013.

[9]

Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. Imsi-catch me if you can: Imsi-catcher-catchers. In Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC '14, page 246--255, New York, NY, USA, 2014. Association for Computing Machinery.

Digital Library

[10]

Altaf Shaik, Ravishankar Borgaonkar, N. Asokan, Valtteri Niemi, and Jean-Pierre Seifert. Practical attacks against privacy and availability in 4g/lte mobile communication systems, 2015.

[11]

S. F. Mjølsnes and R. F. Olimid. Easy 4G/LTE IMSI catchers for non-programmers, volume 10446 LNCS of Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2017.

[12]

Third Generation Partnership Project (3GPP). In TS 36.300 Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access Network (E-UTRAN); Overall description; Stage 2, 2020.

[13]

Third Generation Partnership Project (3GPP). Service request procedures. In TS 23.401 General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access, 2020.

[14]

Software Radio Systems. srslte, your own mobile network. https://www.srslte.com, Last accessed on 2020-07-29.

[15]

OpenAirInterface Software Alliance (OSA). Openairinterface, 5g software alliance for democratising wireless innovation. https://www.openairinterface.org, Last accessed on 2020-07-29.

[16]

YaYa Brown, Cynthia Teng, and Alexander Wyglinski. Lte frequency hopping jammer, Dec 2019.

[17]

V. Marojevic, R. M. Rao, S. Ha, and J. H. Reed. Performance analysis of a mission-critical portable lte system in targeted rf interference. In IEEE Vehicular Technology Conference, pages 1--6, 2018.

[18]

Tektronix. Rsa3408a real-time spectrum analyzers. https://www.tek.com/datasheet/rsa3408a-real-time-spectrum-analyzers-datasheet, Last accessed on 2020-07-29.

[19]

Ettus Research, National Instruments. Usrp b210. https://www.ettus.com/all-products/ub210-kit/, Last accessed on 2020-07-29.

[20]

Open source mobile communications, Osmocom. Open source mobile communications. https://osmocom.org/, Last accessed on 2020-07-29.

[21]

Laurent Thomas. Open cells project. https://open-cells.com/, Last accessed on 2020-07-29.

Cited By

Malalatiana RSitraka R(2024)Wifi Pentesting Roadmap for Classic-Future Attacks and DefensesAmerican Journal of Networks and Communications10.11648/j.ajnc.20241301.1413:1(44-63)Online publication date: 20-Mar-2024
https://doi.org/10.11648/j.ajnc.20241301.14
Orlando DBartoletti SPalama IBianchi GMelazzi N(2023)Innovative Attack Detection Solutions for Wireless Networks With Application to Location SecurityIEEE Transactions on Wireless Communications10.1109/TWC.2022.319222522:1(205-219)Online publication date: Jan-2023
https://doi.org/10.1109/TWC.2022.3192225

Index Terms

The diverse and variegated reactions of different cellular devices to IMSI catching attacks
1. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

Defeating IMSI Catchers
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

IMSI catching is a problem on all generations of mobile telecommunication networks, i.e., 2G (GSM, GPRS), 3G (HDSPA, EDGE, UMTS) and 4G (LTE, LTE+). Currently, the SIM card of a mobile phone has to reveal its identity over an insecure plaintext ...
Anatomy of Commercial IMSI Catchers and Detectors
WPES'19: Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society

IMSI catchers threaten the privacy of mobile phone users by identifying and tracking them. Commercial IMSI catcher products exploit vulnerabilities in cellular network security standards to lure nearby mobile devices. Commercial IMSI catcher's technical ...
Forensics of a rogue base transceiver station

Mobile communication systems have become an integral part of daily life, and GSM networks are the most widely used telecommunication technology among mobile users in many nations. In recent years, the incidence of attacks with rogue BTS has risen ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiNTECH '20: Proceedings of the 14th International Workshop on Wireless Network Testbeds, Experimental evaluation & Characterization

September 2020

135 pages

ISBN:9781450380829

DOI:10.1145/3411276

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 September 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

H2020 LEIT Information and Communication Technologies

Conference

MobiCom '20

Sponsor:

SIGMOBILE

MobiCom '20: The 26th Annual International Conference on Mobile Computing and Networking

September 21, 2020

London, United Kingdom

Acceptance Rates

Overall Acceptance Rate 63 of 100 submissions, 63%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
319
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)2

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Malalatiana RSitraka R(2024)Wifi Pentesting Roadmap for Classic-Future Attacks and DefensesAmerican Journal of Networks and Communications10.11648/j.ajnc.20241301.1413:1(44-63)Online publication date: 20-Mar-2024
https://doi.org/10.11648/j.ajnc.20241301.14
Orlando DBartoletti SPalama IBianchi GMelazzi N(2023)Innovative Attack Detection Solutions for Wireless Networks With Application to Location SecurityIEEE Transactions on Wireless Communications10.1109/TWC.2022.319222522:1(205-219)Online publication date: Jan-2023
https://doi.org/10.1109/TWC.2022.3192225

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents