5G IMSI Catchers Mirage

Conference:  BlackHat USA 2021



The presentation discusses the security vulnerabilities in 5G networks, particularly in non-standalone and standalone networks, and the need for continuous proactive security measures.
  • 5G security has improved, but post-deployment security differs from the mandatory baseline
  • EMC capture attacks are possible in both non-standalone and standalone networks, but are targeted
  • Some radio protocols in 5G networks have not been fixed, allowing for targeted attacks
  • There is no control over choosing the most secure network for end-users
  • Lack of enforcement of security features in operational networks allows for easy tracking of 5G users
  • Continuous proactive security measures are needed to address security vulnerabilities in 5G networks
The presentation gives an example of how an attacker can use an MC catcher to decode all the sushi and differentiate between users in a particular building or area. This reveals information about the users, but not necessarily the target. However, if the attacker knows the random UTN, they can use a 5G base station to replay those UTNs to the targeted mobile phone and easily identify and exploit vulnerabilities.


IMSI catchers aka Stingrays aka fake base stations are well-known privacy threats to almost every mobile phone with SIM card connectivity (including iOS or Android-based) in the world. The cellular network generations such as 2G, 3G, and 4G are vulnerable to such almost undetectable and silent attacks. Finally, new security mechanisms in the next generation 5G networks have been added to address these types of issues. In this talk, we carefully investigate new security protection techniques in 5G and perform practical experiments using commercial 5G devices. Besides, we explain our failure and successful attempts at building 5G IMSI catchers for our research. Finally, we conclude with results explaining the impact of 5G IMSI catchers against 5G users without downgrading to legacy networks, guidelines for the cellular device vendors, operators, and end-users and directions towards fixing the problem in 6G networks.