Created
March 29, 2013 22:38
-
-
Save jacobian/5274162 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The location security mechanism is that once a mobile is registered to a | |
| network, it is issued with a temporary mobile subscriber identification | |
| (TMSI), which acts as its address as it roams through the network. The attack on | |
| this mechanism uses a device called an IMSI-catcher , which is sold to police | |
| forces [488]. The IMSI-catcher, which is typically operated in a police car tailing | |
| a suspect, pretends to be a GSM base station. Being closer than the genuine | |
| article, its signal is stronger and the mobile tries to register with it. The IMSI | |
| catcher claims not to understand the TMSI, so the handset helpfully sends it | |
| the cleartext IMSI. This feature is needed if mobiles are to be able to roam | |
| from one network to another without the call being dropped, and to recover | |
| from failures at the VLR [1283]. The police can now get a warrant to intercept | |
| the traffic to that mobile or — if they’re in a hurry — just do a middleperson | |
| attack in which they pretend to be the network to the mobile and the mobile | |
| to the network. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment