Overview
Explore a groundbreaking Black Hat conference talk introducing WiFi-based IMSI catchers, a novel approach to tracking mobile devices. Delve into two new methods that exploit WiFi authentication protocols, contrasting them with traditional Stingray-type IMSI catchers that use 2-4G radio protocols. Learn about IMSI fundamentals, conventional IMSI catchers, and the intricacies of WiFi-based alternatives, including automatic configuration, manual configuration, and automatic WiFi authentication. Examine EAP-SIM/AKA identities and transport, WiFi-calling connections, and gain insights into IPsec and Internet Key Exchange (IKEV2). Discover potential operator/vendor mitigations and user protection strategies in this comprehensive 59-minute presentation by Piers O'Hanlon and Ravishankar Borgaonkar.
Syllabus
Intro
What is an IMSI?
Conventional IMSI Catchers
WiFi-Based IMSI Catcher
Automatic configuration
'Manual Configuration
Automatic WiFi Authentication
EAP-SIM/AKA Identities
EAP-SIM/AKA transport
WiFi-Calling Connection
IPsec brief overview
Internet Key Exchange (IKEV2)
Operator/Vendor Mitigations
User Mitigation
Summary
Taught by
Black Hat