posted on 2023-11-29, 18:25authored byGabriel Karl Gegenhuber, Wilfried Mayer, Edgar Weippl, Adrian Dabrowski
Cellular networks are not merely data access networks to the Internet. Their distinct services and ability to form large
complex compounds for roaming purposes make them an attractive research target in their own right. Their promise of providing a consistent service with comparable privacy and security across roaming partners falls apart at close inspection.
Thus, there is a need for controlled testbeds and measurement tools for cellular access networks doing justice to the technology’s unique structure and global scope. Particularly, such measurements suffer from a combinatorial explosion of operators, mobile plans, and services. To cope with these challenges, we built a framework that geographically decouples the SIM from the cellular modem by selectively connecting both remotely. This allows testing any subscriber with any operator at any modem location within minutes without moving parts. The resulting GSM/UMTS/LTE measurement and testbed platform offers a controlled experimentation environment, which is scalable and cost-effective. The platform is extensible and fully open-sourced, allowing other researchers to contribute locations, SIM cards, and measurement scripts.
Using the above framework, our international experiments in commercial networks revealed exploitable inconsistencies in traffic metering, leading to multiple phreaking opportunities, i.e., fare-dodging. We also expose problematic IPv6 firewall configurations, hidden SIM card communication to the home network, and fingerprint dial progress tones to track victims across different roaming networks and countries with voice calls.
History
Preferred Citation
Gabriel Gegenhuber, Wilfried Mayer, Edgar Weippl and Adrian Dabrowski. MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research. In: Usenix Security Symposium (USENIX-Security). 2023.
Primary Research Area
Secure Connected and Mobile Systems
Name of Conference
Usenix Security Symposium (USENIX-Security)
Legacy Posted Date
2023-05-09
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3942,
title = "MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research",
author = "Gegenhuber, Gabriel Karl and Mayer, Wilfried and Weippl, Edgar and Dabrowski, Adrian",
booktitle="{Usenix Security Symposium (USENIX-Security)}",
year="2023",
}