Shinjo Park and Altaf Shaik, TU Berlin / Telekom Innovation Laboratories; Ravishankar Borgaonkar and Andrew Martin, University of Oxford; Jean-Pierre Seifert, TU Berlin/Telekom Innovation Laboratories
IMSI catchers, also known as fake base station threats, have recently become a real concern. There are currently a few freely available tools to detect such threats, most of which are Android apps that warn users when they are connected to the fake cellular base station.
In this paper, we evaluate these Android apps and test how resistant they are against various attacking techniques. Such an evaluation is important for not only measuring the available defense against IMSI catchers attacks but also identifying gaps to build effective solutions. We developed White-Stingray, a systematic framework with various attacking capabilities in 2G and 3G networks, and used it for our study. Our results of five popular Android apps are worrisome: none of these apps are resistant to basic privacy identifier catching techniques. Based on our results, we identify limitation of these apps and propose remedies for improving the current state of IMSI catchers detection on mobile devices.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Shinjo Park and Altaf Shaik and Ravishankar Borgaonkar and Andrew Martin and Jean-Pierre Seifert},
title = {{White-Stingray}: Evaluating {IMSI} Catchers Detection Applications},
booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/woot17/workshop-program/presentation/park},
publisher = {USENIX Association},
month = aug
}