Threat Category: Cellular Air Interface
ID: CEL-2
Threat Description: A rogue base station could use a device’s unique identifiers to identify the device owner and whether an individual is, or is not, residing within a specific location.
Threat Origin
3G Security: Security Threats and Requirements (Release 4) 1
LTE Architecture Overview and Security Analysis 2
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
To increase the complexity of tracking a device over a longer term (e.g., following consecutive hand-offs), use devices that generate temporary device identities.
To reduce the amount of high-quality data an attacker can use to track a device, employ methods of rogue base station detection
Original Equipment ManufacturerTo reduce the amount of high-quality data an attacker can use to track a device, employ methods of rogue base station detection
References
3G Security; Security Threats and Requirements (Release 4), 3GPP TS 21.133 V4.0.0, 3rd Generation Partnership Project, 2003; www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/Old_Vsns/21133-400.pdf [Accessed 8/23/2016] ↩
J. Cichonski, J.M. Franklin, and M. Bartock, NIST Special Publication 800-187: Guide to LTE Security, National Institute of Standards and Technology, 2017; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf [Accessed 3/29/2022] ↩