The effectiveness of a homemade IMSI catcher build with YateBTS and a BladeRF. van Rijsbergen, K. abstract bibtex An IMSI-catcher, also known as a cell-sitesimulator, is a telephone eavesdropping device mainly used by law enforcement. By simulating a cell-site it can force mobile phones to connect with the fake cell-site and force unencrypted (A5/0) communication. IMSI-catchers used to be expensive and only available to law-enforcement. Nowadays an IMSI catcher can be set up cheaply using a software defined radio and open source software such as OpenBTS. Deloitte would like to find out if this technology can be used for gathering OSINT (Open Source Intelligence) for red-teams.To set up the IMSI catcher the BladeRF x40 was used running YateBTS. Then observations were made on how effective this IMSI catcher actually is in spoofing a modern phone. YateBTS is capable of simulating a 2.5G (GPRS) cell site and it was observed that phones always prefer the faster base station (regardless of signal strength). The general conclusion is that an IMSI catcher isn’t as effective nowadays against modern phones, and require specific conditions along with forcing the use of 2G for the IMSI catcher to work.
@article{van_rijsbergen_effectiveness_nodate,
title = {The effectiveness of a homemade {IMSI} catcher build with {YateBTS} and a {BladeRF}},
abstract = {An IMSI-catcher, also known as a cell-sitesimulator, is a telephone eavesdropping device mainly used by law enforcement. By simulating a cell-site it can force mobile phones to connect with the fake cell-site and force unencrypted (A5/0) communication. IMSI-catchers used to be expensive and only available to law-enforcement. Nowadays an IMSI catcher can be set up cheaply using a software defined radio and open source software such as OpenBTS. Deloitte would like to find out if this technology can be used for gathering OSINT (Open Source Intelligence) for red-teams.To set up the IMSI catcher the BladeRF x40 was used running YateBTS. Then observations were made on how effective this IMSI catcher actually is in spoofing a modern phone. YateBTS is capable of simulating a 2.5G (GPRS) cell site and it was observed that phones always prefer the faster base station (regardless of signal strength). The general conclusion is that an IMSI catcher isn’t as effective nowadays against modern phones, and require specific conditions along with forcing the use of 2G for the IMSI catcher to work.},
language = {en},
author = {van Rijsbergen, Kenneth},
pages = {12}
}
Downloads: 0
{"_id":"aeR9ECyCpYQYgWkGo","bibbaseid":"vanrijsbergen-theeffectivenessofahomemadeimsicatcherbuildwithyatebtsandabladerf","downloads":0,"creationDate":"2018-09-02T09:38:26.326Z","title":"The effectiveness of a homemade IMSI catcher build with YateBTS and a BladeRF","author_short":["van Rijsbergen, K."],"year":null,"bibtype":"article","biburl":"https://bibbase.org/zotero/21h","bibdata":{"bibtype":"article","type":"article","title":"The effectiveness of a homemade IMSI catcher build with YateBTS and a BladeRF","abstract":"An IMSI-catcher, also known as a cell-sitesimulator, is a telephone eavesdropping device mainly used by law enforcement. By simulating a cell-site it can force mobile phones to connect with the fake cell-site and force unencrypted (A5/0) communication. IMSI-catchers used to be expensive and only available to law-enforcement. Nowadays an IMSI catcher can be set up cheaply using a software defined radio and open source software such as OpenBTS. Deloitte would like to find out if this technology can be used for gathering OSINT (Open Source Intelligence) for red-teams.To set up the IMSI catcher the BladeRF x40 was used running YateBTS. Then observations were made on how effective this IMSI catcher actually is in spoofing a modern phone. YateBTS is capable of simulating a 2.5G (GPRS) cell site and it was observed that phones always prefer the faster base station (regardless of signal strength). The general conclusion is that an IMSI catcher isn’t as effective nowadays against modern phones, and require specific conditions along with forcing the use of 2G for the IMSI catcher to work.","language":"en","author":[{"propositions":["van"],"lastnames":["Rijsbergen"],"firstnames":["Kenneth"],"suffixes":[]}],"pages":"12","bibtex":"@article{van_rijsbergen_effectiveness_nodate,\n\ttitle = {The effectiveness of a homemade {IMSI} catcher build with {YateBTS} and a {BladeRF}},\n\tabstract = {An IMSI-catcher, also known as a cell-sitesimulator, is a telephone eavesdropping device mainly used by law enforcement. By simulating a cell-site it can force mobile phones to connect with the fake cell-site and force unencrypted (A5/0) communication. IMSI-catchers used to be expensive and only available to law-enforcement. Nowadays an IMSI catcher can be set up cheaply using a software defined radio and open source software such as OpenBTS. Deloitte would like to find out if this technology can be used for gathering OSINT (Open Source Intelligence) for red-teams.To set up the IMSI catcher the BladeRF x40 was used running YateBTS. Then observations were made on how effective this IMSI catcher actually is in spoofing a modern phone. YateBTS is capable of simulating a 2.5G (GPRS) cell site and it was observed that phones always prefer the faster base station (regardless of signal strength). The general conclusion is that an IMSI catcher isn’t as effective nowadays against modern phones, and require specific conditions along with forcing the use of 2G for the IMSI catcher to work.},\n\tlanguage = {en},\n\tauthor = {van Rijsbergen, Kenneth},\n\tpages = {12}\n}\n\n","author_short":["van Rijsbergen, K."],"key":"van_rijsbergen_effectiveness_nodate","id":"van_rijsbergen_effectiveness_nodate","bibbaseid":"vanrijsbergen-theeffectivenessofahomemadeimsicatcherbuildwithyatebtsandabladerf","role":"author","urls":{},"downloads":0,"html":""},"search_terms":["effectiveness","homemade","imsi","catcher","build","yatebts","bladerf","van rijsbergen"],"keywords":[],"authorIDs":[],"dataSources":["NpxDwkFvCjNmGYFSj"]}