Abstract
IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities (IMSIs) within an area or location within a few seconds of operation and then denies access of subscribers to the commercial network. Moreover, we demonstrate that these attack devices can be easily built and operated using readily available tools and equipment, and without any programming. We describe our experiments and procedures that are based on commercially available hardware and unmodified open source software.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Depending on the exact software version of OAI being used, UE connectivity to the eRogueB fails in various ways, but all end up with DoS until the reboot of UE.
References
Shaik, A., Seifert, J., Borgaonkar, R., Asokan, N., Niemi, V.: Practical attacks against privacy and availability in 4G/LTE mobile communication systems. In: 23nd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21â24, 2016 (2016)
Jover, R.P.: Security attacks against the availability of LTE mobility networks: overview and research directions. In: 2013 16th International Symposium on Wireless Personal Multimedia Communications (WPMC), pp. 1â9. IEEE (2013)
Jover, R.P.: LTE security, protocol exploits and location tracking experimentation with low-cost software radio. CoRR abs/1607.05171 (2016)
Lichtman, M., Jover, R.P., Labib, M., Rao, R., Marojevic, V., Reed, J.H.: LTE/LTE-a jamming, spoofing, and sniffing: threat assessment and mitigation. IEEE Commun. Mag. 54(4), 54â61 (2016)
Rupprecht, D., Jansen, K., Pöpper, C.: Putting LTE security functions to the test: a framework to evaluate implementation correctness. In: 10th USENIX Workshop on Offensive Technologies (WOOT 2016) (2016)
OpenLTE: An open source 3GPP LTE implementation. https://sourceforge.net/projects/openlte/
srsLTE: Open source 3GPP LTE library. https://github.com/srsLTE/srsLTE
Gomez-Miguelez, I., Garcia-Saavedra, A., Sutton, P.D., Serrano, P., Cano, C., Leith, D.J.: srsLTE: an open-source platform for LTE evolution and experimentation. arXiv preprint arXiv:1602.04629 (2016)
gr-LTE: GNU Radio LTE receiver. https://github.com/kit-cel/gr-lte
Open Air Interface: 5G software alliance for democratising wireless innovation. http://www.openairinterface.org
SMScarrier.EU: Mobile Country Codes (MCC) and Mobile Network Codes (MNC). http://mcc-mnc.com
Wikipedia: LTE frequency band. https://en.wikipedia.org/wiki/LTE_frequency_bands
Niviuk: LTE frequency band calculator. http://niviuk.free.fr/lte_band.php
Europen Communication Office: ECO Frequency Information System. http://www.efis.dk
ETSI TS 136 331 V13.0.0 (2016â01): LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control (RRC); Protocol specification (3GPP TS 36.331 version 13.0.0 Release 13) (2016). http://www.etsi.org/deliver/etsi_ts/136300_136399/136331/13.00.00_60/ts_136331v130000p.pdf
ETSI TS 124 301 V12.6.0 (2014â10): Universal Mobile Telecommunications System (UMTS); LTE; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 12.6.0 Release 12) (2014). http://www.etsi.org/deliver/etsi_ts/124300_124399/124301/12.06.00_60/ts_124301v120600p.pdf
ETSI TS 136 304 V12.2.0 (2014â09): LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); User Equipment (UE) procedures in idle mode (3GPP TS 36.304 version 12.2.0 Release 12) (2014). http://www.etsi.org/deliver/etsi_ts/136300_136399/136304/12.02.00_60/ts_136304v120200p.pdf
ETSI TS 136 133 V12.7.0 (2015â06): LTE; Evolved Universal Terrestrial Radio Access (E-UTRA); Requirements for support of radio resource management (3GPP TS 36.133 version 12.7.0 Release 12) (2015). http://www.etsi.org/deliver/etsi_ts/136100_136199/136133/12.07.00_60/ts_136133v120700p.pdf
Research, E.: USRP B200mini (Board only). https://www.ettus.com/product/details/USRP-B200mini
Open Air Interface: Hardware Requirements. https://gitlab.eurecom.fr/oai/openairinterface5g/wikis/OpenAirSystemRequirements
Samsung: Samsung Service Mode. http://samsungservicemode.blogspot.no
Solutions, G.: G-NetTrack Lite. https://play.google.com/store/apps/details?id=com.gyokovsolutions.gnettracklite&hl=en
Cell Mapper.net: Cell Mapper. https://play.google.com/store/apps/details?id=cellmapper.net.cellmapper&hl=en
Nikaein, N., Knopp, R., Kaltenberger, F., Gauthier, L., Bonnet, C., Nussbaum, D., Ghaddab, R.: OpenAirInterface 4G: an open LTE network in a PC. In: International Conference on Mobile Computing and Networking (2014)
RangeNetworks: OpenBTS. http://openbts.org
McGuiggan, P.: GPRS in Practice: A Companion to the Specifications. Wiley, New York (2005)
Dabrowski, A., Petzl, G., Weippl, E.R.: The messenger shoots back: network operator based IMSI catcher detection. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 279â302. Springer, Cham (2016). doi:10.1007/978-3-319-45719-2_13
Acknowledgements
The authors would like to thank master student Fredrik Skretteberg for providing the Samsung phone necessary for some experiments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
MjĂžlsnes, S.F., Olimid, R.F. (2017). Easy 4G/LTE IMSI Catchers for Non-Programmers. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds) Computer Network Security. MMM-ACNS 2017. Lecture Notes in Computer Science(), vol 10446. Springer, Cham. https://doi.org/10.1007/978-3-319-65127-9_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-65127-9_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65126-2
Online ISBN: 978-3-319-65127-9
eBook Packages: Computer ScienceComputer Science (R0)