Presentation Material
Abstract
It is said that 80% of the world’s population now has a mobile phone. They use mobile devices to make call, send SMS message, to access internet via the cellular network infrastructure. End-users carrying mobile phones 24 hr trust cellular network operators and believe that provided mobile communication link is secure.
However, on the other hand, mobile operators, device manufacturers, OS providers, baseband suppliers do little to provide best security and privacy features to them. In particular, security capabilities of mobile communications are not shown to the end-users. Hence it is easy for malicious attackers to mount subsequent attacks using IMSI catcher equipments. Further some hidden features for example ‘silent SMS’, are supported in currently used mobile telephony systems but not notified to the end users when in use. Attackers or illegitimate agencies exploit this weakness to track user movements regularly without user’s consent.
AI Generated Summary
The talk addresses the problem of detecting illegal base stations, such as IMSI catchers, which exploit weaknesses in GSM and 3G networks to intercept communications, send phishing SMS, or track user location. Existing solutions, like commercial crypto phones or network firewalls, are either costly, unreliable, or lack transparency. The speaker highlights the absence of a user-accessible method on mainstream smartphones to verify if a call was encrypted or if the network is behaving suspiciously.
To address this, the researchers developed the Hawk framework, an Android application that transforms a Samsung Galaxy S3 or S2 into a low-cost monitoring device. The tool operates in the background, periodically extracting baseband logs to analyze security parameters from cellular transactions. Key features include real-time detection and user alerts for unencrypted calls, silent SMS reception (often used for tracking), and irregular TMSI (Temporary Mobile Subscriber Identity) changes—a critical indicator of potential tracking, as TMSIs should rotate frequently. It also identifies authentication failures and flags suspicious network behavior without requiring external hardware like a laptop or Wireshark.
The framework serves a dual purpose: it provides individual users with immediate visibility into their network security, and it facilitates large-scale data collection. Users can optionally upload anonymized logs to a central server, creating an open, global map of mobile network operator security postures—a dataset previously unavailable. The project source code is released under GPL, and the app is freely available.
Practical implications include empowering users to detect local fake base station deployments and operator negligence, such as infrequent TMSI updates or disabled encryption. The talk concludes by noting ongoing challenges, including limited device compatibility (due to baseband log access restrictions) and the need for standardized APIs, though Google has expressed interest in developing such an API following this research. The work underscores systemic flaws in cellular protocols, where base stations retain unilateral control over encryption and authentication, leaving users with no inherent verification mechanism.