1. Could OpenWRT + LTE modem be configured to lock onto a whitelist of known-good provider cell tower IDs?
2. If the physical location of a known-good tower is available, could a directional LTE antenna be used to ensure that tower's signal is the "strongest"?
... continues to be the best checklist of suspicious or incorrect behavior that would indicate the base station to which you were connected was not a real base station.
Scroll down to the "IMSI catcher detection" table and see behaviors like:
- Cell is not advertising any neighbor cells
- The LAC of a base station changes
- Your phone sends at the highest possible power
Many of these behaviors to test are GSM specific however the attacker can perform a downgrade attack and force your 4G phone to collapse down to 2G service, thus exposing you to these.
Fake towers have always been super easy to detect. There are ways to be sneaky about it, but law enforcement doesn't care because it's not like they're going to have to face any consequences.
> With $20 of Gear from Amazon, Nearly Anyone Can Make This IMSI-Catcher in 30 Minutes. Surveillance takes on different character when it trickles down to more ordinary, everyday users. The significance and threat from IMSI-catchers is multiplied when a lot more people can deploy one using cheap tech from Amazon and free code from Github.
An adversary is an adversary, law enforcement or otherwise. If you crowd source a list of that's useful in limiting your adversary's skulduggery, they're going to figure out how to become part of that crowd and "contribute" to your list in ways that make it useless.
The fix is to get the crowd to participate in some kind of hygiene/self policing activity: Not impossible, but if we had a readily available solution to that problem we wouldn't have governments that don't follow their rules in the first place
For a while maybe. When such lists/apps become common enough then Siemens and others would just sell a addon for a fee that does a better job of spoofing the legit towers some of which they make. Then the block-lists would just become a placebo.
1. Could OpenWRT + LTE modem be configured to lock onto a whitelist of known-good provider cell tower IDs?
2. If the physical location of a known-good tower is available, could a directional LTE antenna be used to ensure that tower's signal is the "strongest"?