Discovering and Triangulating Rogue Cell Towers

Presented at DEF CON 24 (2016), Aug. 7, 2016, 11 a.m. (60 minutes).

The number of IMSI-catchers (rogue cell towers) has been steadily increasing in use by hackers and governments around the world. Rogue cell towers, which can be as small as your home router, pose a large security risk to anyone with a phone. If in range, your phone will automatically connect to the rogue tower with no indication to you that anything has happened. At that point, your information passes through the rogue tower and can leak sensitive information about you and your device. Currently, there are no easy ways to protect your phone from connecting to a rogue tower (aside from some Android apps which are phone specific and require root access). In this talk I'll demonstrate how you can create a rogue cell tower detector using generic hardware available from Amazon. The detector can identify rogue towers and triangulate their location. The demonstration uses a software defined radio (SDR) to fingerprint each cell tower and determine the signal strength of each tower relative to the detector. With a handful of these detectors working together, you can identify when a rogue cell tower enters your airspace, as well as identify the signal strength relative to each detector. This makes it possible to triangulate the source of the new rogue cell tower.


Presenters:

  • Eric Escobar / JusticeBeaver - Security Engineer, Barracuda Networks Inc   as JusticeBeaver (Eric Escobar)
    JusticeBeaver (Eric Escobar) is a Security Engineer at Barracuda Networks. His interests are broad and generally include putting computers in places you wouldn't expect. From chicken coops to rockets and even bee hives. Before being called to the dark side, Eric procured a Bachelor's and Master's degree in Civil Engineering. He now enjoys all things wireless, from WiFi, to SDR, and Ham Radio. Last year his team placed 1st in DEF CON 23's Wireless CTF.

Links:

Similar Presentations: