IMSI catching attacks are a type of privacy threats designed to locate and track specific users by gathering their long-term identifiers, i.e., their International Mobile Subscriber Identity (IMSI). In order to understand how different mobile phone brands respond to different attack methods, this article makes a twofold contribution. We first address the feasibility and practicality of IMSI Catchers using off-the-shelf Software-Defined-Radio (SDR) platforms and two open source frameworks — OpenAirInterface and srsLTE. Second, we evaluate the behavior of different mobile phone brands/modems, when they are under attack. Specifically, we performed experiments on 26 4G devices and four more recent ones also supporting 5G. In each experiment we performed two different attack types, and we tested the attacks when using/not using a radio-frequency jammer specifically designed for our purposes. Our tests show that the sheer majority of the devices under test (also the last ones 3GPP Release 15 compliant) surrender even without any jamming. Finally, we have verified that network deployments have no impact – we repeated tests on four different operator’s networks – and we also developed a portable IMSI Catcher using a Raspberry Pi4 so as to test the attacks over early 5G Non Stand-Alone deployments we could find in our cities.
Blefari Melazzi, N., Bianchi, G., Gringoli, F., Palamà, I. (2021). IMSI Catchers in the wild: a real world 4G/5G assessment. COMPUTER NETWORKS, 194 [10.1016/j.comnet.2021.108137].
IMSI Catchers in the wild: a real world 4G/5G assessment
Blefari Melazzi, N
;Bianchi, G
;
2021-07-20
Abstract
IMSI catching attacks are a type of privacy threats designed to locate and track specific users by gathering their long-term identifiers, i.e., their International Mobile Subscriber Identity (IMSI). In order to understand how different mobile phone brands respond to different attack methods, this article makes a twofold contribution. We first address the feasibility and practicality of IMSI Catchers using off-the-shelf Software-Defined-Radio (SDR) platforms and two open source frameworks — OpenAirInterface and srsLTE. Second, we evaluate the behavior of different mobile phone brands/modems, when they are under attack. Specifically, we performed experiments on 26 4G devices and four more recent ones also supporting 5G. In each experiment we performed two different attack types, and we tested the attacks when using/not using a radio-frequency jammer specifically designed for our purposes. Our tests show that the sheer majority of the devices under test (also the last ones 3GPP Release 15 compliant) surrender even without any jamming. Finally, we have verified that network deployments have no impact – we repeated tests on four different operator’s networks – and we also developed a portable IMSI Catcher using a Raspberry Pi4 so as to test the attacks over early 5G Non Stand-Alone deployments we could find in our cities.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.