As it turns out, you do not even need cell site simulators / false base station to do IMSI catching.<p>In my research, I developed a technique to attack a phone with low power from km away, without being able to be detected at all with traditional tools like SeaGlass or Crocodile Hunter. It‘s published here and works against production LTE networks, no downgrade attacks whatsoever necessary:<p><a href="https://dl.acm.org/doi/10.1145/3495243.3560525" rel="nofollow noreferrer">https://dl.acm.org/doi/10.1145/3495243.3560525</a>
Here's something I've never understood about these: as devices that transmit on FCC-licensed bands, wouldn't each use of these require specific permission from the FCC? Especially for state level law enforcement and state courts, they wouldn't have the authority to authorize this without the federal government saying it's OK.
If I read the results correctly, weird to see a potential cell-catcher at the US Immigration center. Could this reasonably be interpreted as "someone is sniffing immigrant's cell traffic" .. gathering intelligence about potential candidates for immigration?
Does this still work against current cell networks, is it a downgrade attack to 2g or are there other holes in how the network authenticates itself to the phone?
2017, code link: <a href="https://github.com/seaglass-project/seaglass">https://github.com/seaglass-project/seaglass</a><p>Pi connected to a Cell modem, mobile hotspot, and "bait phone" ... and a separate GPS.<p>All powered by wall warts off an inverter to the car's 12v system.<p>This makes me feel better about my own systems designs.
> There are some cases where legitimate cell towers will be moved to deal with a temporary increase in demand, like a sporting event, but this is relatively uncommon.<p>My understanding is these are quite commonly used for concerts, sporting events etc., Vodafone called them COWS (Cell site on wheels).<p>Anecdotally when the Vodafone CEO of the time came to visit NZ, some lackeys were charged with staying physically close behind him with a COW so he would always see good reception.
An explanation wasn't prominently displayed on that web site, so
from <a href="https://en.wikipedia.org/wiki/IMSI-catcher" rel="nofollow noreferrer">https://en.wikipedia.org/wiki/IMSI-catcher</a> :<p>An international mobile subscriber identity-catcher, or IMSI-catcher, is a telephone eavesdropping device used for intercepting mobile phone traffic and tracking location data of mobile phone users. Essentially a "fake" mobile tower acting between the target mobile phone and the service provider's real towers, it is considered a man-in-the-middle (MITM) attack.
I always figure that the times when I have 3 bars and yet zero internet are when local leo is using a stingray. You would think cell providers would sue over the disruption of their service.<p>/i am mostly clue free about this stuff so this post might include erroneous assumptions