Real concerns about IMSI catchers, aka fake base station threats
IMSI catchers, also known as fake base station threats, have recently become a real concern. There are currently a few freely available tools to detect such threats, most of which are Android apps that warn users when they are connected to the fake cellular base station.
Our partners from the University of Oxford joined colleagues from TU Berlin and Telekom Innovation Laboratories to evaluate these Android apps and test how resistant they are against various attacking techniques. Such an evaluation is important for not only measuring the available defense against IMSI catchers attacks but also identifying gaps to build effective solutions.
5G-ENSURE at USENIX Workshop on Offensive Technologies
The researchers developed White-Stingray, a systematic framework with various attacking capabilities in 2G and 3G networks, and used it for the study. Results of five popular Android apps are worrisome: none of these apps are resistant to basic privacy identifier catching techniques. The research teams have identified the limitation of these apps and propose remedies for improving the current state of IMSI catchers detection on mobile devices.
Much of this is because these apps typically only have limited access to a host phone's capabilities; meaning that for more effective countermeasures, developers may need additional support from mobile operators themselves.
This is where 5G-ENSURE comes into play, which conducts research aimed at addressing the problem of IMSI catchers on 5G networks so it will be more and more difficult to run these IMSI catachers at least.
Paper presented ar USENIX Scurity conference at WOOT 2017 White-Stingray: Evaluating IMSI Catchers Detection Applications Ravishankar Borgaonkar‚ Andrew Martin (University of Oxford), Shinjo Park‚ Altaf Shaik‚ and Jean−Pierre Seifert (TU Berlin and Telekom Innovation Laboratories).
Media coverage on IMSI Catcher Research by 5G-ENSURE partner