Detecting Fake 4G LTE Base Stations in Real Time

Explore the detection of fake 4G LTE base stations in real-time through this 21-minute conference talk from USENIX Enigma 2021. Dive into the world of IMSI catchers, including the popular Hailstorm used by governments and law enforcement worldwide. Learn about a groundbreaking open-source software project designed to identify counterfeit 4G base stations using affordable hardware. Discover the speaker's findings and their ambitious plan to limit IMSI catcher capabilities, with the ultimate goal of rendering them obsolete. Gain insights into cell-site simulators, previous detection efforts, and the innovative Crocodile Hunter software. Follow along as the talk covers decoding broadcast messages, mapping antennas in real-time, and identifying anomalies, with a practical example from Oakland, CA. Conclude with key takeaways and future developments in this critical area of mobile network security.

Intro
What is a Cell-Site Simulator
Our First Efforts to Detect Cell Site Simulators
The Stingray
How do 4G/LTE CSS Work
How Often are CSS Being Used
Previous Efforts to Detect CSS
Crocodile Hunter Software and Hardware
Decode Broadcast Messages SRSLTE scans a list of frequencies for information blocks Decode system information blocks and send over socket
Mapping out antennas in real time
Looking for Anomalies
Oakland, CA
What's With the Name?
Future Work
Key Takeaways