Abstract

IMSI catching attacks are a type of privacy threats designed to locate and track specific users by gathering their long-term identifiers, i.e., their International Mobile Subscriber Identity (IMSI). In order to understand how different mobile phone brands respond to different attack methods, this article makes a twofold contribution. We first address the feasibility and practicality of IMSI Catchers using off-the-shelf Software-Defined-Radio (SDR) platforms and two open source frameworks — OpenAirInterface and srsLTE. Second, we evaluate the behavior of different mobile phone brands/modems, when they are under attack. Specifically, we performed experiments on 26 4G devices and four more recent ones also supporting 5G. In each experiment we performed two different attack types, and we tested the attacks when using/not using a radio-frequency jammer specifically designed for our purposes. Our tests show that the sheer majority of the devices under test (also the last ones 3GPP Release 15 compliant) surrender even without any jamming. Finally, we have verified that network deployments have no impact – we repeated tests on four different operator’s networks – and we also developed a portable IMSI Catcher using a Raspberry Pi4 so as to test the attacks over early 5G Non Stand-Alone deployments we could find in our cities.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call