Skip to main content
SpringerLink
Log in

Easy 4G/LTE IMSI Catchers for Non-Programmers

  • Conference paper
  • First Online:
Computer Network Security (MMM-ACNS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10446))

Abstract

IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities (IMSIs) within an area or location within a few seconds of operation and then denies access of subscribers to the commercial network. Moreover, we demonstrate that these attack devices can be easily built and operated using readily available tools and equipment, and without any programming. We describe our experiments and procedures that are based on commercially available hardware and unmodified open source software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Depending on the exact software version of OAI being used, UE connectivity to the eRogueB fails in various ways, but all end up with DoS until the reboot of UE.

References

  1. Shaik, A., Seifert, J., Borgaonkar, R., Asokan, N., Niemi, V.: Practical attacks against privacy and availability in 4G/LTE mobile communication systems. In: 23nd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21–24, 2016 (2016)

    Google Scholar 

  2. Jover, R.P.: Security attacks against the availability of LTE mobility networks: overview and research directions. In: 2013 16th International Symposium on Wireless Personal Multimedia Communications (WPMC), pp. 1–9. IEEE (2013)

    Google Scholar 

  3. Jover, R.P.: LTE security, protocol exploits and location tracking experimentation with low-cost software radio. CoRR abs/1607.05171 (2016)

    Google Scholar 

  4. Lichtman, M., Jover, R.P., Labib, M., Rao, R., Marojevic, V., Reed, J.H.: LTE/LTE-a jamming, spoofing, and sniffing: threat assessment and mitigation. IEEE Commun. Mag. 54(4), 54–61 (2016)

    Article  Google Scholar 

  5. Rupprecht, D., Jansen, K., Pöpper, C.: Putting LTE security functions to the test: a framework to evaluate implementation correctness. In: 10th USENIX Workshop on Offensive Technologies (WOOT 2016) (2016)

    Google Scholar 

  6. OpenLTE: An open source 3GPP LTE implementation. https://sourceforge.net/projects/openlte/

  7. srsLTE: Open source 3GPP LTE library. https://github.com/srsLTE/srsLTE

  8. Gomez-Miguelez, I., Garcia-Saavedra, A., Sutton, P.D., Serrano, P., Cano, C., Leith, D.J.: srsLTE: an open-source platform for LTE evolution and experimentation. arXiv preprint arXiv:1602.04629 (2016)

  9. gr-LTE: GNU Radio LTE receiver. https://github.com/kit-cel/gr-lte

  10. Open Air Interface: 5G software alliance for democratising wireless innovation. http://www.openairinterface.org

  11. SMScarrier.EU: Mobile Country Codes (MCC) and Mobile Network Codes (MNC). http://mcc-mnc.com

  12. Wikipedia: LTE frequency band. https://en.wikipedia.org/wiki/LTE_frequency_bands

  13. Niviuk: LTE frequency band calculator. http://niviuk.free.fr/lte_band.php

  14. Europen Communication Office: ECO Frequency Information System. http://www.efis.dk

  15. ETSI TS 136 331 V13.0.0 (2016–01): LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control (RRC); Protocol specification (3GPP TS 36.331 version 13.0.0 Release 13) (2016). http://www.etsi.org/deliver/etsi_ts/136300_136399/136331/13.00.00_60/ts_136331v130000p.pdf

  16. ETSI TS 124 301 V12.6.0 (2014–10): Universal Mobile Telecommunications System (UMTS); LTE; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 12.6.0 Release 12) (2014). http://www.etsi.org/deliver/etsi_ts/124300_124399/124301/12.06.00_60/ts_124301v120600p.pdf

  17. ETSI TS 136 304 V12.2.0 (2014–09): LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); User Equipment (UE) procedures in idle mode (3GPP TS 36.304 version 12.2.0 Release 12) (2014). http://www.etsi.org/deliver/etsi_ts/136300_136399/136304/12.02.00_60/ts_136304v120200p.pdf

  18. ETSI TS 136 133 V12.7.0 (2015–06): LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); Requirements for support of radio resource management (3GPP TS 36.133 version 12.7.0 Release 12) (2015). http://www.etsi.org/deliver/etsi_ts/136100_136199/136133/12.07.00_60/ts_136133v120700p.pdf

  19. Research, E.: USRP B200mini (Board only). https://www.ettus.com/product/details/USRP-B200mini

  20. Open Air Interface: Hardware Requirements. https://gitlab.eurecom.fr/oai/openairinterface5g/wikis/OpenAirSystemRequirements

  21. Samsung: Samsung Service Mode. http://samsungservicemode.blogspot.no

  22. Solutions, G.: G-NetTrack Lite. https://play.google.com/store/apps/details?id=com.gyokovsolutions.gnettracklite&hl=en

  23. Cell Mapper.net: Cell Mapper. https://play.google.com/store/apps/details?id=cellmapper.net.cellmapper&hl=en

  24. Nikaein, N., Knopp, R., Kaltenberger, F., Gauthier, L., Bonnet, C., Nussbaum, D., Ghaddab, R.: OpenAirInterface 4G: an open LTE network in a PC. In: International Conference on Mobile Computing and Networking (2014)

    Google Scholar 

  25. RangeNetworks: OpenBTS. http://openbts.org

  26. McGuiggan, P.: GPRS in Practice: A Companion to the Specifications. Wiley, New York (2005)

    Google Scholar 

  27. Dabrowski, A., Petzl, G., Weippl, E.R.: The messenger shoots back: network operator based IMSI catcher detection. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 279–302. Springer, Cham (2016). doi:10.1007/978-3-319-45719-2_13

    Chapter  Google Scholar 

Download references

Acknowledgements

The authors would like to thank master student Fredrik Skretteberg for providing the Samsung phone necessary for some experiments.

Author information

Authors and Affiliations

  1. Department of Information Security and Communication Technology, NTNU, Norwegian University of Science and Technology, Trondheim, Norway

    Stig F. MjÞlsnes & Ruxandra F. Olimid

Authors
  1. Stig F. MjĂžlsnes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruxandra F. Olimid
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruxandra F. Olimid .

Editor information

Editors and Affiliations

  1. Gdansk University of Technology , Gdansk, Poland

    Jacek Rak

  2. Binghamton University , Binghamton, New York, USA

    John Bay

  3. St. Petersburg Institute for Informatics and Automation, St. Petersburg, Russia

    Igor Kotenko

  4. Utica College , Utica, New York, USA

    Leonard Popyack

  5. Binghamton University , Binghamton, New York, USA

    Victor Skormin

  6. Warsaw University of Technology , Warsaw, Poland

    Krzysztof Szczypiorski

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

MjĂžlsnes, S.F., Olimid, R.F. (2017). Easy 4G/LTE IMSI Catchers for Non-Programmers. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds) Computer Network Security. MMM-ACNS 2017. Lecture Notes in Computer Science(), vol 10446. Springer, Cham. https://doi.org/10.1007/978-3-319-65127-9_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-65127-9_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-65126-2

  • Online ISBN: 978-3-319-65127-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation