Did 5G Kill the IMSI Catcher?

You dial into your Zoom meeting while sitting on a moving train. Your mobile device (i.e., User Equipment, UE) must seamlessly switch towers as you go in and out of range. This concept, called mobility, remains a central requirement for mobile networks, but it’s also a central security vulnerability. You see, you may have just been hacked while leisurely zooming on said train – and you’d never know it. The GSM (better known as 2G) protocol has a security vulnerability that exposes a user’s personal identifier (IMSI) in the clear, allowing for attribution and geolocation. This vulnerability is also in the UMTS (a.k.a. 3G) spec, and in the LTE (4G) spec. While the vulnerability was finally addressed in NR (5G), it’s imperfect and remains an exploitable 5G network vulnerability… and my favorite cybersecurity topic. In this article, I’ll introduce this long-standing security exploit, known as an IMSI catcher, discuss some high-level technical aspects regarding 2G–4G IMSI catchers, then ... Read full article.