Detecting Fake 4G Base Stations in Real Time

Conference:  BlackHat USA 2020



Efforts to detect and prevent cell site simulator abuse
  • Cell site simulators or stingrays are a threat to user privacy and human rights
  • Previous methods to detect them are inadequate
  • EFF has developed a new method to detect cell site simulators
  • More incentives are needed for standards organizations, carriers, manufacturers, and OEMs to prioritize user privacy
  • Efforts to expose bad actors and make better laws and norms in civil society are necessary
EFF has previously worked on projects such as the Coalition Against Stalkerware and Dark Caracal to protect human rights and expose threat actors


4G/LTE IMSI-catchers (such as the Hailstorm) are becoming more popular with governments and law enforcement around the world, as well as spies, and even criminals. Until now, IMSI-catcher detection has focused on 2G IMSI-catchers (such as the Stingray), despite the fact that 2G IMSI-catchers are quickly falling out of favor.In this talk, we hope to clear up myths about what modern IMSI-catchers can and can't do, based on results from recent cell network security research. We will also demonstrate software and heuristics to detect fake 4G/LTE base stations that anyone can build. We will also present an outline for the path towards fixing some of the fundamental issues in cell network security, so that hopefully IMSI-catchers are one day a thing of the past.