Discovery of Rogue Mobile Phone Towers Jóannes í Sandagerði Kongens Lyngby 2015 IMM-M.Sc.-2015- Technical University of Denmark Department of Applied Mathematics and Computer Science Matematiktorvet, building 303B, 2800 Kongens Lyngby, Denmark Phone +45 4525 3351 [email protected] www.compute.dtu.dk IMM-M.Sc.-2015- Summary (English) SinceAugust/September2014,multiplenewspapershaveclaimedtohavefound evidence of rogue mobile phone towers, so called IMSI Catchers. An IMSI Catcher is capable of imitating a normal mobile phone tower, and thus is able totrickanunsuspectingphonetoconnecttoit. Onceadevicehasconnectedto the tower, it may become vulnerable to various “over-the-air” attacks as having identifying information stolen, eavesdropping on calls and texts. This project aims to propose a solution for discovering IMSI Catchers. We will document whatidentifyingartefactsaretransmittedbyIMSICatchers. Wewilldocument what software and hardware is required. Lastly, we will perform an empirical study of cells operating in Copenhagen. We will, using our proposed solution, attempt to determine whether we are able to detect an IMSI Catcher. The proposed solution is able to detect mobile towers, and we have shown that the discovery of IMSI Catchers, using our system is feasible. However, due to time- constraints preliminary results are inconclusive on whether any IMSI Catchers were found. ii Summary (Danish) Siden august/september 2014 har flere aviser hævdet at have fundet beviser for falske mobiltelefon tårne, såkaldte IMSI fangere. En IMSI fanger er i stand til at efterligne en normal mobiltelefon tårn og er således i stand til at narre en intetanende telefon til at oprette forbindelse til den. Når en enhed er tilsluttet tårnet,kandetblivesårbaroverforforskellige“over-the-air” angrebsomhavende identificerendeoplysningerstjålet,fåaflyttetopkaldogsmser.Detteprojekthar til formål at foreslå en løsning til at opdage IMSI fangere. Vi vil dokumentere hvad identificerende artefakter overføres af IMSI fangere. Vi vil dokumentere hvilken software og hardware er påkrævet til at bygge en IMSI fanger. Endelig vilviudføreenempiriskundersøgelseaftårne,deroperereriKøbenhavn.Vivil, ved hjælp af vores foreslåede løsning, forsøge at afgøre, om vi er i stand til at opdageenIMSIcatcher.Denforeslåedeløsningeristandtilatdetekteremobile tårne, og vi har vist, at opdagelsen af IMSI fangere, ved hjælp af vores system er mulig. Men på grund af tids begrænsninger viser vores foreløbige resultater ikke klart, om nogen IMSI fangere blev fundet. iv Preface This thesis was prepared at the department of Informatics and Mathematical Modelling at the Technical University of Denmark in fulfilment of the require- ments for acquiring an M.Sc. in Informatics. Lyngby, 23-June-2015 Jóannes í Sandagerði vi Acknowledgements I would like to thank my supervisors Christian D. Jensen, and Luke Herbert for their in work for this thesis. Additionally, I would like to thank Jens A. Bjørnager from Berlingske for his contributions to the data gathering process. viii