[CSS-research] 5G security paper

Joseph Lorenzo Hall joe at cdt.org
Fri Sep 14 10:45:12 PDT 2018


Yasss, that is good stuff. It might be useful to think of other geographic
locations where people suddenly hit cell phone towers and have an IMSI
rather than a TIMSI [1] sent to the tower. I'm thinking places like the US
southern border where you can imagine immigrants' phones suddenly seeing
towers in common paths they might take. Yikes.

[1]: http://www.gsm-security.net/faq/timsi-temporary-imsi-gsm.shtml


On Fri, Sep 14, 2018 at 12:56 PM yomna n <yomnanasser at gmail.com> wrote:

> I'm not finished reading this paper, but there's a subtle observation in
> it about passive IMSI-catching attacks I found interesting/haven't seen
> mentioned elsewhere: "However, the passive approach is slow since an
> attacker has to wait for a mobile device to transmit its IMSI
> spontaneously, which is an uncommon event in most locations *(exceptions
> are, e.g., airports)*" ... because as soon as people's planes land they
> turn on their phones. Since so many foreign mobile phone users pass through
> them, airports must have an interesting variety of cell network traffic!
> (Also, makes me vaguely curious what the presence of IMSI-catchers around
> the Vegas airport is like the week of Blackhat/Defcon/etc.)
>
> I really hope the authors submit to RWC (maybe I should email them and
> suggest this). There was only one talk related to IMSI-catching last year,
> and it was on how you can setup an IMSI-catcher without needing to write
> any actual code.
>
> On Fri, Sep 14, 2018 at 9:51 AM Joseph Lorenzo Hall <joe at cdt.org> wrote:
>
>> I'd be interested in that too... I'm curious if the IMSI-catcher
>> resistance will actually survive practicality and deployment.
>>
>> On Thu, Sep 13, 2018 at 9:53 PM yomna n <yomnanasser at gmail.com> wrote:
>>
>>> Does anyone know if there's a publicly accessible talk that accompanies
>>> this paper anywhere? I've done quite a bit of googling and haven't been
>>> able to find anything.
>>>
>>> On Thu, Sep 13, 2018 at 8:04 PM Cooper Quintin <cooperq at eff.org> wrote:
>>>
>>>> Hah nevemind, Seamus sent it months ago, which is probably why I had the
>>>> tab open. Carry on! :)
>>>>
>>>> Cooper Quintin
>>>> Senior Staff Technologist | EFF
>>>> PGP: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
>>>> Twitter: @cooperq
>>>>
>>>> On 09/13/2018 05:03 PM, Cooper Quintin wrote:
>>>> > I can't remember if it already got sent to the list or not, but this
>>>> 5G
>>>> > security proposal from erricson was pretty interesting.
>>>> > https://www.ericsson.com/research-blog/protecting-5g-imsi-catchers/
>>>> >
>>>> > I was going to write to the guys who wrote it and see if any of their
>>>> > proposals made it into the final spec.
>>>> >
>>>> _______________________________________________
>>>> CSS-research mailing list
>>>> CSS-research at lists.eff.org
>>>> https://lists.eff.org/mailman/listinfo/css-research
>>>>
>>> _______________________________________________
>>> CSS-research mailing list
>>> CSS-research at lists.eff.org
>>> https://lists.eff.org/mailman/listinfo/css-research
>>>
>>
>>
>> --
>> Joseph Lorenzo Hall
>> Chief Technologist, Center for Democracy & Technology [
>> https://www.cdt.org]
>> 1401 K ST NW STE 200, Washington DC 20005-3497
>> e: joe at cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
>> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>
>>

-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
1401 K ST NW STE 200, Washington DC 20005-3497
e: joe at cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/css-research/attachments/20180914/2d8a847a/attachment.html>


More information about the CSS-research mailing list