Attacking Mobile Privacy By Catching MSISDN Location

Ottesen, Christoffer Evjen

Ottesen, Christoffer Evjen

Master thesis

View/Open

17622_FULLTEXT.pdf (3.129Mb)

17622_COVER.pdf (1.556Mb)

URI

http://hdl.handle.net/11250/2459497

Date

2017

Metadata

Show full item record

Collections

Institutt for informasjonssikkerhet og kommunikasjonsteknologi [2002]

Abstract

Today, we find wireless technology almost everywhere. Easily, we can communicate with people on the other side of the world using our mobile phones. By June 2017, the global number of unique mobile subscribers is over 5 billion [29]. The fact that almost everyone carries a mobile device around combined with technological vulnerabilities, results in a delicate situation. Consequently, different parties with more or less legal intentions have performed attacks on the mobile technology. An IMSI Catcher is a popular device which utilises vulnerabilities in the networks.

The MSISDN also known as the phone number, is used by many personal services and situations. Hence a mobile phone number can be considered to be personal information, and can be used to violate personal privacy. Interestingly, there is not yet made MSISDN Catchers. Consequently, this master thesis investigates the possibility of building an MSISDN Catcher. With the main focus on the 4G LTE mobile network, the presence and security of the phone number in the architecture and relevant services were studied. Also, an open source IMSI Catcher was built based on the OpenAirInterface software and the USRP B200mini radio device. The IMSI Catcher was used in an experiment where the goal was to catch the IMEI identity of mobile phones camping near the base station.

It was found that there is no easy way to build an MSISDN Catcher based on the principle of an IMSI Catcher. Also, the open source IMSI Catcher was not able to catch the IMEI identity. Hence, these results show that both the identities are well protected against well-established exploit strategies.

Publisher

NTNU