The diverse and variegated reactions of different cellular devices to IMSI catching attacks

Palamà, Ivan; Gringoli, Francesco; Bianchi, Giuseppe; Melazzi, Nicola Blefari

doi:10.1145/3411276.3412191

Cited by 4 publications

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mobile device security settings can be effective in preventing IMSI catcher attacks by disabling features such as automatic network selection or forcing the device to use specific encryption protocols [45]. However, the effectiveness of these settings relies on user awareness and diligence in managing their device settings.…”

Section: E Mobile Device Security Settingsmentioning

confidence: 99%

The Impact of IMSI Catcher Deployments on Cellular Network Security: Challenges and Countermeasures in 4G and 5G Networks

Kareem

2024

Preprint

View full text Add to dashboard Cite

IMSI catchers, also known as "Stingrays" or "cell site simulators," are rogue devices posing grave threats to cellular network security. With the evolution of 4G and 5G networks, these devices have grown more sophisticated, enabling unauthorized interception and manipulation of cellular communications. This paper outlines their impact on network security, including unauthorized data collection and potential privacy breaches. It highlights risks such as financial fraud and surveillance, and suggests countermeasures like signal analysis, encryption, and authentication mechanisms. However, the effectiveness of these measures in 4G and 5G environments is debated. The paper underscores the need for enhanced encryption, authentication, and detection techniques. It also stresses regulatory measures to govern IMSI catcher deployment and usage, safeguarding user privacy and security.

show abstract

Section: E Mobile Device Security Settingsmentioning

confidence: 99%

The Impact of IMSI Catcher Deployments on Cellular Network Security: Challenges and Countermeasures in 4G and 5G Networks

Kareem

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…In this, the legitimate user doesn't deauthenticate to the legitimate access point if only, if the hacker has a password of the legitimate access point. Even, the hacker send denied of the service, the legitimate user doesn't accept it because hacker doesn't have the password [10][11][12][13][14].…”

Section: Future Attackmentioning

confidence: 99%

Wifi Pentesting Roadmap for Classic-Future Attacks and Defenses

Malalatiana,

Sitraka

2024

AJNC

View full text Add to dashboard Cite

The most advanced attack on the Wireless Fidelity (WIFI) network uses social engineering. The hacker makes portal captive and forces the victim for disconnecting to internet instead of entering the real password of the WIFI. In normal actions, asking WIFI password on the web interface is not the real process, but sometimes the victim is not experience enough on security and thinks that it is a technical problem. Also, the victim didn’t have internet connection due to the hard deauthentication and the select open access, which is not his WIFI network. The future generation of WIFI could be use a secure deauthentication. So, this article proposed how the actual attack will be processed, how is the secure deauthentication and how hacker could use this same attack with more secure network. Like conclusion, solutions to resolve this problem will be proposed. New hacking arsenal for replacing the deauthentication is the smart-jamming. With the secure deauthentication, reforging the packet for telling the victim to deauthenticate to the network will not be possible anymore. The smart-jamming select the frequency of the access point of the victim and jam only this specific frequency by sending a noise. In this scenario, the same effect of the first attack is still possible. For the best security of network, two solutions will be proposed: secure deauthentication and hopping frequency. A defensive proposition about secure deauthentication will be found in this article by using cryptographic key exchange like Diffie Hellman (DH), Elliptic Curve Diffie Hellman (ECDH) and Super Isogenies Diffie Hellman (CSIDH).

show abstract

“…The attackers can use an application on the user's device to change the contents of a token, steal confidential information, and send malicious packets to the 5G core. Other examples of attacks include Man-In-The-Middle (MITM), stolen verifier, replay, pilot contamination (e.g., non-orthogonal multiple access in 5G mm-Wave massive MIMO networks [Wang et al, 2020a]) [Osorio et al, 2020], pollution attack (e.g., in cooperative MEC caching [Yang et al, 2018]), stolen smart card (enabling offline password guessing [Shin and Kwon, 2018]), jamming (e.g., pulsed based jamming attack [Schinianakis et al, 2019]), signaling storm [Ahmad et al, 2017], byzantine, sinkhole, IMSI catchers [Chlosta et al, 2021;Mjolsnes and Olimid, 2019;Palamà et al, 2020] It is also possible to transmit multiple false PSS to the target 5G NR frame (at higher power), impersonate a BS during the RRC handshake, and conduct masquerading attacks (e.g., focusing on the mobility management entity [Moreira et al, 2018]). Besides, identifiers (e.g., MAC addresses) can be cloned or spoofed, data from the IoT deployment to the 5G BS (or 5G BS to the IoT deployment) can be captured, and node memory extracted to fraudulently use the private key [Bordel et al, 2021].…”

Section: Item Description Item Descriptionmentioning

confidence: 99%

A Systematic Literature Mapping on the Security of 5G and Vertical Applications

Sobrinho,

Santos,

Silva

et al. 2023

Preprint

View full text Add to dashboard Cite

The deployment of 5G infrastructure is one of the main vectors for new application scenarios since it enables enhanced data bandwidth, low latency, and comprehensive signal coverage. As a result, this communication system supports various vertical applications such as the Industrial Internet of Things, smart health, smart cities, smart grids, and transportation systems. However, these applications bring new challenges to 5G networks due to specific requirements for such scenarios. Furthermore, as software-based technologies, including network slicing, software-defined networks, network function virtualization, and multi-access edge computing are a fundamental part of the 5G architecture, the network can expose these applications to new security and privacy concerns. This study summarizes the existing literature on 5G vertical applications security. We highlight vulnerabilities, threats, attacks, and solutions for 5G vertical applications. We conducted a Systematic Literature Mapping (SLM) to discuss security and privacy challenges regarding the 5G vertical applications. The SLM answered the following research question: what is the state-of-the-art regarding security in 5G networks and vertical applications? We reviewed 389 papers from 2,349 produced by searching with a curated search query and discussed vulnerabilities, threats, attacks, and solutions for 5G vertical applications. Smart cities, Industry 4.0, smart transportation, public services, smart grids, and smart health are vertical applications with relevant security concerns. We observed the need for more research since the 5G and vertical applications continuously evolve. This review also uncovers research gaps and future research directions.

show abstract

The diverse and variegated reactions of different cellular devices to IMSI catching attacks

Cited by 4 publications

References 11 publications

The Impact of IMSI Catcher Deployments on Cellular Network Security: Challenges and Countermeasures in 4G and 5G Networks

The Impact of IMSI Catcher Deployments on Cellular Network Security: Challenges and Countermeasures in 4G and 5G Networks

Wifi Pentesting Roadmap for Classic-Future Attacks and Defenses

A Systematic Literature Mapping on the Security of 5G and Vertical Applications

Contact Info

Product

Resources

About