Integrity of the Air interface.
Integrity of the Air interface.
Hi all,
I know that I have mentioned this very issue on another thread.
Only recently I was involved in a requested action by the Bundeswehr/Other Agencies to assist in tracking the location of AFGHANI nationals via there handsets.
These guys were basically trying to intercept mobile calls via setting up "logical" dummy base stations in known areas of German military persons who had recently come back from Afghanistan to intercept calls retrieve the IMSIs and then from there, to gather the personal details of people to use for whatever reason they could.
There are a lot of security measures in place prior to a call being established, but certain areas are weaker than others, such as the air interface, as the data is traversing over an open area, as such.
When you initiate a call from your mobile, it initally requests an "RRC Connection request transparently over the RNC to the Core network, and within this RRC message container is your dedicated IMSI ident (this is the weak point and will only last upto 3secs, but its a window nonetheless) The Core Network will check its Visitor location register (Server basically) and in that register should be at least Two TMSIs allocated to your IMIS (TMSI=Temporary Mobile Subscriber Identity) and the data on the TMSI is meaningless to anyone who maybe listening/retrieving data etc etc. Once the TMSI is allocated, the ciphering on the Air interface is enabled.
Just be careful. Who is working for the operator/vendor in theatre/who is provding managed services for the above, thus has access to your details.
Be aware.