Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Catch Me If You Can: Building Your Own 3G IMSI Catcher

Ravishankar Borgaonkar

3 vote(s)

The IMSI catchers, aka stingray devices, are widely used as a cellphone surveillance tool for security management. As advertised by the manufacturers, these devices operates mostly as 2G fake network to track any mobile phone user by downgrading techniques.

Few network operators are planning to shut down 2G services, but mobile phones still may support 2G. However, it is possible (in some extend) to force few mobiles phones to use only 3G and 4G networks to protect against these 2G based tracking devices. Hence, there is a new race in building next generation IMSI catcher devices for 3G and 4G to circumvent detection and add new capabilities.

In this talk, present known technical methods of downgrading attacks against 3G mobile phones. Then we discuss our efforts in demonstrating new methods to build an IMSI catcher device for *3G network mobile phones only*. We explore additional technical capabilities that can be exploited to track 3G mobile phone users. Further we outline how such modern 3G IMSI catchers can be detected by network providers, regulators and government agencies. While showing a demo of effective 3G IMSI catchers, we emphasis on protecting end-users and detecting such devices.

Altaf’s and Ravi’s previous work discovered several vulnerabilities in popular 3G/4G mobile basebands and received rewards from Huawei, Qualcomm, Samsung, and Google in the past.

About Ravishankar Borgaonkar

Dr. Ravishankar Borgaonkar works as a research fellow at University of Oxford in the area of 5G security and principle scientist at Kaitiaki Labs. His research themes are related to mobile telecommunication and involved security threats. This ranges from GSM/UMTS/LTE network security to end-user device security. His research has previously been presented at the Blackhat USA and Europe, Hack in The Box, Ruxcon, Troopers, T2, and 44Con.

About Altaf Shaik

Altaf Shaik works as a PhD researcher at security in the telecommunication's department at TU Berlin and principle engineer at Kaitiaki Labs. He primarily works on LTE security aspects and known for building first publicly known low-cost 4G IMSI catcher. His research has previously been presented at Blackhat Europe, T2, and Nullcon Goa.