Rogue Mobile Phone Base Station

Abstract

Mobile network protocols have greatly improved over the decades both in terms of speed as well as security. Nonetheless, as of 2023, the outdated and vulnerable 2G network generation is still operational around the globe. This poses a threat to the general public due to known security vulnerabilities found in 2G. While various 2G rogue base stations were tested over the years, little work was done on how they perform in a modern world. In this study a 2G rogue base station was built using YateBTS and a BladeRF. Furthermore, its effectiveness was tested in areas where there are faster networks available. Importantly, the rogue base station was built with off-the-shelf components and open-source software limiting deployment costs to a minimum. The findings of this thesis suggest that in areas covered with faster network base stations modern phones prefer new generation networks (e.g. 4G) over 2G despite the signal strength. However, in areas with no cellular connection such as tunnels or metros 2G rogue base stations can still be effective to this day. SMS phishing, SMS interception and IMSI catching attacks were all possible once the phones connected to the rogue base station.