How to spoof a cell phone tower (cell site, base station) -- homemade IMSI-Catcher
An answer to a recent question has given me an idea for a school project (security CS program).
Also, an active attacker (with a fake base station) can potentially force a mobile phone to use another variant [of encryption]...
This sounds very cool, and I want to implement this on an at-home basis.
This article talks about a 2010 presentation of just such an experiment. I've done some limited research, but I have two main questions:
What equipment would I need to buy and how much would it cost (this project is self-funded)? The article said $1,500, including the laptop (which I already have), but did not give any specific information on the antenna.
What sort of APIs/libraries/etc., if any, exist for the communications protocols? If none, I can probably try to implement the protocol myself, but this could take a lot of time.
Conclusion so far: While cell phones can operate in a HAM radio band in the United States, I'm concerned about potential legal implications of spoofing a cell phone tower. Specifically, I think I would need to identify myself as another carrier in order to perform a MITM attack, which may be a crime.
Some helpful links:
keep cell phone at home and relay calls threw it... do not use call forwarding because the carrier will see it as a incoming call but use perhaps Bluetooth to control that phone from a remote location all the carrier will see is incoming outgoing calls from ur home although you are in Hawaii at the beach sippin on coronas eating polky ;) please if you figure it out post up the results im not a electronic wizard or even a techy I got the idea from the blue tooth in my car witch is voice activated... to make my idea stupid easy to understand imagine this.... I leave my cell in my car at home wit
Is this how the police use Stingray? See https://en.m.wikipedia.org/wiki/Stingray_Phone_Tracker.
@user31155, Bluetooth is a short range technology, ~100 meters max. Probably the easiest solution would be remote control software to control your phone remotely.. http://www.makeuseof.com/tag/remote-control-iphone-computer/ Not sure how well it works though
The concept was demonstrated by white-hat hackers at DEFCON, as shown here: https://security.stackexchange.com/questions/157316/gsm-encryption-suppression/160390#160390
Defcon has had a few presentations on this subject. An active attacker can turn off encryption altogether, never mind just changing it.
Also there is an open source program available just for this. I will edit this with the link when I find it.
- Software: http://openbts.org/
- Antennas https://www.ettus.com/product/category/Antennas
- RF Daughterboards https://www.ettus.com/product/category/Daughterboards
- Video: https://www.youtube.com/watch?v=wjYAAmHvt-g