5G-ENSURE partners from the University of Oxford are among the authors of a paper on White-Stingray: Evaluating IMSI Catchers Detection Applications being presented at WOOT'17. The 11th USENIX Workshop on Offensive Technologies (WOOT'17) takes place 14-15 August in Vancouver, co-located with the 26th USENIX Security Symposium, 16-18 August.
Authors of the paper are: Ravishankar Borgaonkar and Andrew Martin (University of Oxford); Shinjo Park, Alatf Shaik, and Jean-Pierre Seifert (TU Berlin).
White-Stingray: Evaluating IMSI Catchers Detection Applications
IMSI CATCHERS, aka fake base station threats, have recently become a real concern. Currently, there are a few freely available tools to detect such threats, most of which are Android apps that warn users when they are connected to a fake cellular base station.
The authors present their evaluation of these Android apps and test how resilient they are against various attacking techniques. Such an evaluation is important for not only measuring the available defence against IMSI catcher attacks but also in identifying gaps to build effective solutions.
The authors have developed White-Stingray, a systematic framework with various attacking capabilities in 2G and 3G networks, and used for the study. The results of five popular Android apps are worrisome: none of these apps are resistant against basic privacy identifier catching techniques. Based on the results, the authors identify limitation of these apps and propose remedies for improving the current state of IMSI catchers detection on mobile devices.
The paper complements on-going work by the University of Oxford on release 2 of the enabler "Security Indicator" for 5G networks. This is one a set of enablers developed within 5G-ENSURE.