Towards Carrier Based IMSI Catcher Detection

March 15, 2016 (at 9:45 a.m.) in The "Telco Security Day" (TSD) is an additional event to Troopers. It takes place on Tuesday the 15th. As the event aims to bring together only researchers, vendors and practitioners from the telecommunication / mobile security field, it is an invitation only event. The event is intended to be a discussion round for current topics accompanied by talks covering various subjects from different domains (e.g. practical security research or hacking, 3GPP standardization, Telco security operations). The TSD is a closed event and no filming will be allowed or recording will take place. It will be held in English. The agenda is publicly available and will be published here soon. Please note there is also a Shared Dinner at 19:30 for TSD Speakers and Attendees. For questions, talk submissions or invitation requests, please contact hschmidt@ernw.de.

An IMSI Catchers, also known as Stingrays or rogue cells, are readily available as commercial products as well as do-it-yourself projects running open-source software, and are obtained and used by law enforcement agencies and criminals alike. In this presentation we discuss multiple detection capabilities from the network operator’s point of view. We draw a comprehensive picture on current threats against mobile phone devices and networks, including 2G, 3G and 4G IMSI Catchers and present detection and mitigation strategies under the unique large-scale circumstances of a real European carrier. One of the major challenges from the operator’s point of view is the fact that cellular networks were specifically designed to reduce global signaling traffic, and manage as many transactions regionally as possible. Unlike popular belief, a network operator does not have a global view of its network by default.

Adrian Dabrowski