|
|
|
|
|
|
by red0point
1533 days ago
|
|
|
The article focuses heavily on why existing solutions are bad, but doesn’t seem to propose novel detection techniques - or at least glosses a bit over the details of the detection algorithm. Would the approach be able to detect an AdaptOver/LTrack style attack? |
|
|
LTrack is one of the stealthiest IMSI catchers I'm aware of, because it's almost entirely passive, and the victim never actually connects to the attacker. Radio Sentinel can detect AdaptOver style attacks that use empty paging requests for the DoS and downgrade attacks.
We are working on further improving Radio Sentinel to also detect suspicious "Attach Reject" and "Identity Request" messages used by LTrack. We're also adding methods to detect connected messages without a MAC, and repeated overshadowing messages, as described in the Detection section of the AdaptOver paper. Unfortunately LTrack was published just after we released the initial version of Radio Sentinel so it wasn't added, but we're continuing to improve it.
One big downside to the AdaptOver/LTrack style attacks is they require a signal at least 3dbm stronger than the real tower, which is not always feasible when dealing with noisy environments. This is a downside compared to traditional IMSI catchers that the victim directly connects to. In the AdaptOver paper they mention that even if the victim is 1km from the real tower, the attacker cannot be farther than 70m from the victim.