Fake BTS Attacks of GSM System on Software Radio Platform
The 2G GSM communication system only provides one-way authentication mechanism which just authenticate the identities of mobile users. As the authors know, this is not resistant to fake BTS attack. But for the huge cost for building a fake BTS before, this kind of attack were not really implemented before. This paper presents an implement of fake BTS based on software radio technologies. Furthermore, this paper discusses two types of fake BTS attacks on their software radio platform. The attack is IMSI/IMEI catch attack, which can get the mobile phone's IMSI and IMEI. With this information, attacker can got the track of the man with this phone.