ABSTRACT

IMSI catchers threaten the privacy of mobile phone users by identifying and tracking them. Commercial IMSI catcher products exploit vulnerabilities in cellular network security standards to lure nearby mobile devices. Commercial IMSI catcher's technical capabilities and operational details are still kept as a secret and unclearly presented due to the lack of access to these products from the research perspective.

On the other hand, there are several solutions to detect such IMSI catchers to protect the privacy of mobile subscribers. However, detecting IMSI catchers effectively on commercial smartphones is still a challenge.

In this paper, we present a systematic study of IMSI catchers, especially commercially available ones. Starting from publicly available product brochures, we analyze information from the international patent databases, attacking techniques used by them and vulnerabilities exploited in cellular networks (2G, 3G, and 4G). To this end, we survey IMSI catcher detection techniques and their limitations. Finally, we provide insights that we believe help guide the development of more effective and efficient IMSI catcher detection techniques.