CN108600969A - A kind of method and system of LTE network lower-pilot short message and speech message - Google Patents
A kind of method and system of LTE network lower-pilot short message and speech message Download PDFInfo
- Publication number
- CN108600969A CN108600969A CN201810246033.2A CN201810246033A CN108600969A CN 108600969 A CN108600969 A CN 108600969A CN 201810246033 A CN201810246033 A CN 201810246033A CN 108600969 A CN108600969 A CN 108600969A
- Authority
- CN
- China
- Prior art keywords
- target
- lte
- gsm
- short message
- base stations
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
Abstract
The invention belongs to field of information security technology, a kind of LTE network lower-pilot short message and the method and system of speech message are disclosed, target MS IMSI parameter informations are obtained by target MS phone number;According to target MS IMSI parameter informations, the hidden fixed point ground sucking target MS of LTE pseudo-base stations;Target MS is redirected to GSM pseudo-base stations by LTE pseudo-base stations, and target MS falls back to GSM network from 4G LTE networks;Man-in-the-middle attack is carried out to target MS under GSM network, hidden fixed point is monitored, intercepted, distorting short message and voice messaging with camouflaged target mobile station.The present invention carries out man-in-the-middle attack under GSM network by the way that target MS is redirected to GSM network from LTE network to target MS, realizes the function of acquisition and manipulation of objects mobile station short message and voice messaging under LTE network.
Description
Technical field
The invention belongs to field of information security technology more particularly to a kind of LTE network lower-pilot short message and speech messages
Method and system.
Background technology
Currently, the prior art commonly used in the trade is such:With the development of epoch progress and society, wireless communication technique
Content has caused a revolution in the world, and informationized society is being formed and constantly moved to maturity.Wireless communication technique by
Gradually by as a kind of strategyization social resources, and in the various aspects such as e-commerce, Mobile banking, artificial intelligence, unmanned
Generate important function.Wireless communication is limited unlike finite element network by geographical environment and communication cable, free and convenient
Communication on the move.It wirelessly communicates these advantages and comes from used wireless channel, and wireless channel is an open letter
Road is highly prone to intercept and eavesdrop etc., thus, wireless communication network security problem is increasingly by every country experts and scholars
Explore and study.LTE network work is the most popular cordless communication network in the world today, introduces multiple antennas MIMO, OFDM, cell
Between the new technologies such as interference coordination, realize higher bandwidth, the capacity of bigger, higher message transmission rate and lower transmission
Time delay effect.As global LTE network number of users increases rapidly, the whole world comes into the 4G LTE network epoch.Target is moved
The acquisition and manipulation of platform short message and voice, the means mainly used at present are IMSI Catcher, for being moved under GSM network
Platform unidirectionally authenticates loophole and man-in-the-middle attack technology using GSM network, and IMSI Catcher is made to replace mobile station in GSM network
Under identity information, realization obtains IMSI parameter informations under GSM network, monitoring mobile station voice communication and short message content.But
Present society comes into the 4G LTE epoch, and GSM network user is fewer and fewer, and IMSI Cather are to utilize base in GSM network
Mobile station can be authenticated by standing, and mobile station cannot carry out base station to authenticate this unidirectional authentication loophole and design, but
This repaired loophole that is LTE network in design, using bi-directional authentification certification and more complicated between mobile station and base station
Encryption Algorithm, so IMSI Catcher cannot monitor mobile station under LTE network and manipulate short message and voice messaging, simultaneously
IMSI catcher using mobile station around high-power interference signal interference mobile station, destroy mobile station and current service cell it
Between communication channel, force mobile station to carry out cell reselection process and be connected to GSM pseudo-base stations and monitored, but high-power dry
Target MS can not only be influenced by disturbing signal, while all mobile stations in certain area can all can be had an impact and be forced
They are connected into GSM pseudo-base stations, and all mobile stations can all lose signal of communication in several seconds, and all short messages and voice all can be by
It destroys, thus substantially increases the probability being found.IMSI Catcher are to carry out owner in certain area to monitor
Voice and short message cannot execute specific someone, so only monitoring and intercepting function, can not achieve and distort target movement
Platform short message, camouflaged target mobile station make a phone call and send the function of short message to other users.
In conclusion problem of the existing technology is:
(1) IMSI Cather can only realize monitoring voice communication and short message content under GSM network, in LTE network system
It cannot use, IMSI Catcher cannot be monitored, intercepted and be distorted to mobile station under LTE network.
(2) IMSI Catcher can only execute function to owner in certain area, cannot act only on some target, no
With concealment and fixed point property.IMSI Catcher influence all users around target MS, and pseudo-base station indistinguishably sucks
Mobile station, mobile station used can all have several seconds signals to disconnect around target, extremely be easy to be noticeable.
(3) IMSI Catcher only monitor and intercept function, can not achieve and distort target MS short message, camouflaged target
Mobile station makes a phone call and sends the function of short message to other users.
Solve the difficulty and meaning of above-mentioned technical problem:The LTE epoch are come into now, can only be monitored under GSM network
Voice and short message cannot be met the requirements completely, by realizing in LTE network lower-pilot voice and short message, safety
Target suspect reception, the voice sent and short message can be monitored and be changed in organ, preferably safeguard social safety, have huge
Big society and security implications.
Invention content
In view of the problems of the existing technology, the present invention provides a kind of LTE network lower-pilot short message and speech messages
Method and system.
The invention is realized in this way a kind of LTE network lower-pilot short message and the method for speech message, the LTE network
Lower-pilot short message and the method for speech message include:
The IMSI ginsengs of target MS are obtained by being inquired in HLR-lookup query webs according to target mobile phones number
Number information.
LTE pseudo-base stations are built using USRPB210 software radios and Open-LTE softwares, LTE pseudo-base stations scan mobile station
Service and abutting subdistrict obtain MCC, MNC, TA and cell absolute priority parameter.
MCC and MNC identical with abutting subdistrict is arranged in LTE pseudo-base stations, and TA selects different Reasonable Parameters values, cell absolute
Priority parameters selection is set above service and abutting subdistrict absolute priority parameter, is traditionally arranged to be 7.Target MS
IMSI value is stored in LTE pseudo-base station databases.
It is closed that authentication parameters in LTE pseudo-base station configuration files, which are arranged, and opens LTE pseudo-base stations, LTE
Pseudo-base station can be automatically drawn into target MS and be had no effect to other people.
Mobile station sends out TAU requests to LTE pseudo-base stations, and LTE pseudo-base stations are with Reason For Denial 17 (LTE service do not allow) to shifting
Dynamic platform sends out connection refusal order.
LTE pseudo-base stations send RRC connection Release Connection Release orders to target MS, allow mobile station
Release connection simultaneously carries redirection information redirect Carrier Info in order, and instruction mobile station is connected to specified
GSM pseudo-base stations
Message sequence is redirected by CSFB, target MS automatically can be connected to GSM network puppet base from LTE pseudo-base stations
It stands, mobile phone is changed into 2G GSM signals from 4G LTE signals.
Man-in-the-middle attack is executed to target MS under GSM network, attack mobile phone is made to replace target to move tower completely.
Hidden fixed point attack is carried out to target MS.
Further, target MS is redirected to GSM pseudo-base stations and target MS falls back to GSM nets from 4G LTE networks
After network, further include:
It monitors, intercept and distort the short message that target MS receives in hidden fixed point ground;
It is hidden fixed point the target MS identity that disguises oneself as send short message to other people.
Further, target MS is redirected to GSM pseudo-base stations and target MS falls back to GSM nets from 4G LTE networks
After network, further include:
The voice communication that hidden fixed point ground is monitored and interception target mobile station receives;
It is hidden fixed point the target MS identity that disguises oneself as made a phone call to other people.
Another object of the present invention is to provide a kind of LTE network lower-pilot short message and the methods of speech message
The system of the system of LTE network lower-pilot short message and speech message, the LTE network lower-pilot short message and speech message includes:
LTE pseudo-base station modules, for building 4G LTE base stations, by the sucking target movement of target MS IMSI parameter informations
Target MS is redirected to GSM pseudo-base stations by platform;
GSM pseudo-base station modules, for building the base stations 2G GSM, the target that hidden fixed point sucking is redirected from LTE pseudo-base stations
Mobile station.
Further, the LTE network lower-pilot short message and the system of speech message further include:
IMSI information acquisition module, the IMSI parameter informations for obtaining target MS.
Further, the LTE network lower-pilot short message and the system of speech message further include:
Mobile module is attacked, authentication and encryption information between the base stations GSM and the real base stations GSM are used for transmission, in GSM
Target MS is replaced in network.
Another object of the present invention is to provide a kind of application=LTE network lower-pilot short message and the sides of speech message
The information data processing terminal of method.
In conclusion advantages of the present invention and good effect are:Target MS is obtained by target MS phone number
IMSI parameter informations, according to target MS IMSI parameter informations, the hidden fixed point ground sucking target MS of LTE pseudo-base stations, LTE
Target MS is redirected to GSM pseudo-base stations by pseudo-base station, and target MS falls back to GSM network from 4G LTE networks, is completed
To the monitoring of the hidden fixed point of target MS, intercept, distort and pretend the purpose of voice and short message content.Solution must not 4GLTE
Fixed point obtains the problem of target information under network, the versatility with bigger.
Description of the drawings
Fig. 1 is the method flow diagram of LTE network lower-pilot short message provided in an embodiment of the present invention and speech message.
Fig. 2 is the signaling flow that target MS provided in an embodiment of the present invention is redirected to GSM pseudo-base stations from LTE pseudo-base stations
Cheng Tu.
Fig. 3 be it is provided in an embodiment of the present invention under GSM network to target MS man-in-the-middle attack signaling diagram.
Fig. 4 be it is provided in an embodiment of the present invention under GSM network to the monitoring of target MS short message and voice, interception,
Distort flow chart.
Fig. 5 is LTE network lower-pilot short message provided in an embodiment of the present invention and the schematic device of speech message.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
The present invention provides a kind of LTE network lower-pilot short message and the method for speech message, for solve it is existing cannot be in LTE
The problem of monitoring, intercept under network, distorting with camouflaged target voice and short message content.
As shown in Figure 1, the method and system packet of LTE network lower-pilot short message provided in an embodiment of the present invention and speech message
Include following steps:
Step S11:Target MS IMSI parameter informations are obtained by target MS phone number.
It is inquired by HLR-lookup according to the phone number of target MS, in HLR-lookup online queries website
Input target MS phone number, which adds corresponding national area code, can get the parameters such as target MS IMSI, MCC, MNC
Information.
Step S12:According to target MS IMSI parameter informations, the hidden fixed point of LTE pseudo-base stations sucks target MS, mesh
Mark mobile station is redirected to GSM pseudo-base stations from LTE pseudo-base stations, and target MS is downgraded to 2G GSM networks from 4G LTE networks;
Step S13:Target MS is redirected to built GSM pseudo-base stations by LTE pseudo-base stations, and target MS can be from 4G
LTE network is fallen back under GSM network.
Step S14:Man-in-the-middle attack is executed to target MS under GSM network, completes to monitor target MS, block
It cuts, distort and camouflaged target mobile station identity makes a phone call or send short message to other mobile stations.
Specifically, the flow of LTE pseudo-base stations sucking target MS is:
Scan mobile station ambient service cell.
LTE pseudo-base station scanning functions are opened, target MS serving cell and the parameter information of surrounding abutting subdistrict are scanned,
Obtain target MS serving cell and surrounding abutting subdistrict base station MCC, MNC, TA and native region priority parameter information.
Configure LTE pseudo-base stations
It is identical that LTE pseudo-base stations MCC, MNC parameter value identical with serving cell is set in LTE pseudo-base station configuration files,
And TA values are different, and a parameter value that will be high than serving cell and abutting subdistrict service priority is arranged, and cell reselection is excellent
First grade parameter value control configuration LTE pseudo-base stations in LTE pseudo-base station HLR database between 0-7 only allow and target MS
The identical authentication verification of IMSI parameter values passes through, and to pinpoint sucking target MS, and does not generate and appoints to other user of mobile station
What is influenced.
It opens LTE pseudo-base stations and sucks target MS;
LTE pseudo-base stations are opened near target MS, only target MS is connected into LTE pseudo-base stations automatically, and other
User of mobile station is normally connected into real LTE base station;
Target MS is redirected to the signaling process figure of GSM pseudo-base stations from LTE pseudo-base stations, as shown in Fig. 2, including:
S21 target MSs are established channel with LTE pseudo-base stations and are connect
The TA different from the connected LTE base station of original target MS is arranged in LTE pseudo-base stations, can trigger target MS TAU
REQUEST signalings;
Target MS sends out Tracking Area Update Request to LTE base station, can present rrc layer foundation company
It connects target MS and sends out RRC Connection Request orders to target LTE pseudo-base stations, rrc layer connection is established in request
After LTE pseudo-base stations receive RRC Connection Request signalings, RRC Connection are sent out to target MS
Setup signalings agree that foundation is connect with the rrc layer channel of target MS;
S22 asks TAU Request to LTE pseudo-base stations
Then target MS sends out RRC Connection Setup Complete signalings to LTE pseudo-base stations, indicates
LTE pseudo-base stations have built up rrc layer with target MS and connect., simultaneously as with original connect Tracking Area not
Together, it needs to carry out Tracking AreaUpdate Request TA update requests.
S23LTE pseudo-base stations refuse target MS connection
After LTE pseudo-base stations receive Tracking Area Update Request signalings, directly refuse target MS TA
Update request, sends out Tracking Area Update Reject signaling destination mobile stations to target MS and receives
After Tracking Area Update Reject signalings, it is attached that Attach Request to LTE pseudo-base stations are sent out according to LTE protocol
Order, wherein comprising target with dynamic IMSI parameter informations, after LTE pseudo-base stations are connected to the attachment signaling of target MS,
To target MS to refuse the attachment of target MS the reasons why network failure
S24 target MSs are redirected to GSM pseudo-base stations
LTE pseudo-base stations send out rrc layer Connection Release signaling to target MS, and order target MS discharges rrc layer and connects
It connects, while incidentally redirecting base station commands in release signaling, redirect the parameter that parameter in base station commands is GSM pseudo-base stations and believe
Breath.Target MS installation instruction is connected automatically to GSM pseudo-base stations
To target MS man-in-the-middle attack signaling diagram under GSM network, as shown in figure 3, including:
Step S31:Mobile station sends position updating request to pseudo-base station, and GSM pseudo-base stations receive target MS position more
New request Concurrency out position update response.
In the present invention in target MS man-in-the-middle attack, the step S31 is specifically included under GSM network:
Target MS is connected into GSM pseudo-base stations, and position updating request Location is sent from trend GSM pseudo-base stations
Update Request signalings, while IMSI the and IMEI parameter informations of itself are sent to the base stations GSM pseudo-base station GSM can be always
The incoming of parameter information is waited for, information is transferred to attack mobile phone after receiving target MS IMSI and IMEI parameter information, attacks
After hitter's machine receives IMSI and IMEI parameter informations, position is sent out to GSM real ones with the IMSI parameter informations of target MS
It sets update request command Location Update RequestGSM real ones and receives meeting after attack mobile phone location more newer command
Identification Identity Request orders are initiated to attack mobile phone, mobile phone is asked to beam back IMEI information attacks mobile phone receiving
The IMEI information of target MS issues GSM real ones with Identity Response identification response commands;
After step S32 pseudo-base stations receive IMEI to attack mobile phone transmission authentication request GSM real ones, to attack mobile phone hair
Go out authentication request Authentication Request orders, and generate authentication triple (RAND, SRES, Ki), while to attacking
Hitter's machine sends out authentication random number RAND.
Step S33 attacks mobile phone and sends Authentication Response to target MS, while sending authentication random number RAND in this hair
It is bright under GSM network in target MS man-in-the-middle attack, the step S33 is specifically included:
It is pseudo- to GSM pseudo-base stations transmission authentication random number RANDGSM immediately after attack mobile phone receives authentication random number RAND
After base station receives authentication random number RAND, authentication request is sent out to the target MS sucked with authentication random number RAND
After Authentication Request order target MSs receive authentication request, calculated using the A3 and A8 of SIM card in mobile phone
Method generates Authentication Response SRES, while SRES parameters are sent to GSM puppets with Authentication Response Authentication Response
Base station GSM pseudo-base stations receive attack base station after receive Authentication Response SRES after, Authentication Response parameter SRES is transferred to attacks immediately
Hitter's machine
Authentication Response SRES is sent to GSM real ones by step S34 attack mobile phones, completes authentication
After attacking mobile phone reception all SRES parameter informations, SRES information with Authentication Response Authentication
Response sends back to GSM real ones, and the whole process of authentication is no more than 5 seconds, after GSM real ones receive Authentication Response,
It SRES can be compared in the triple of itself, if the two is identical, authentication passes through, and in gsm networks, base station can be recognized
It is true mobile subscriber for attack mobile phone, to replace target MS completely;
Under GSM network to the monitoring of target MS short message and voice, intercept, distort flow chart, as shown in figure 4, packet
It includes:
When other mobile subscribers send short message and voice to target MS, GSM network thinks that it is true to attack mobile phone
Target MS, attack between mobile phone and GSM real ones and have been set up connection, GSM real ones think attack mobile phone
For target MS, and it is connected between target MS and GSM pseudo-base stations, attack mobile phone is moved instead of target completely
Platform.
When other mobile subscribers send short message to target MS, attack mobile phone can be given short message sending, if attack
The voice and short message that receive are not sent to GSM pseudo-base stations by mobile phone, are just completed and are blocked to target MS voice and short message
If cut attack mobile phone is sent to GSM pseudo-base stations the voice and short message that receive, GSM constructs voice and short message again to mesh
Mobile station transmission voice and short message are marked, the hidden fixed point monitoring to target MS voice and short message is completed.
If the voice and short message that receive are sent to GSM pseudo-base stations by attack mobile phone, GS distorts voice and note data
Voice and short message are transmitted to target MS again afterwards, completes and the hidden fixed point of target MS voice and short message is distorted.
The target MS identity that disguises oneself as under GSM network makes a phone call or sends short message to other mobile subscribers using attack
Mobile phone directly sends short message to other people mobile stations, if GSM real ones do not ask authentication, attacker's chance is with mesh
The phone number of mark mobile phone is successfully transmitted short message to other people, is executed among GSM again if GSM real ones ask authentication
7-9 steps in people's attack, equally can be successfully transmitted short message with the phone number of target mobile phones to other people.
The embodiment of the present invention additionally provides the device of a kind of LTE network lower-pilot short message and speech message, as shown in figure 5,
Including:
LTE pseudo-base station modules, it is adjacent for building 4G LTE networks, scanning target MS institute's Connection Service cell and surrounding
Cell base station parameter information and hidden fixed point sucking target MS are connect, and the target MS sucked is redirected to GSM
Pseudo-base station module;
GSM pseudo-base station modules be used for build 2G GSM networks, receive redirected from LTE pseudo-base stations target MS,
Authentication and encryption information in GSM man-in-the-middle attacks are transmitted between target MS and attack mobile phone, and target MS is made to believe GSM
Pseudo-base station is the true base stations GSM, distorts short message content and sender's number and send short message to target MS;
Mobile module is attacked to be used to transmit authentication and encryption information between GSM pseudo-base stations and GSM real ones,
Target MS identity is replaced in GSM network.
The embodiment of the present invention additionally provides a kind of analytical equipment of LTE network downlink interference, the LTE pseudo-base stations module packet
It includes:
USRP software radio hardware adaptors, digital baseband and intermediate-frequency section for serving as LTE wireless communication systems, connect
It receives and sends, USRP is connected to host by high-speed link, and host software controls USRP hardware and transmission/reception number with it
According to.Some USRP models also integrate the general utility functions of host with embeded processor, enable USRP equipment with only
The operation of cube formula.
For software realization 3GPP LTE specification network open source protocols stack, it includes simple built in one to OpenLTE protocol stacks
The eNodeB of evolution block core and some tools based on GNU Radio scannings and record LTE signals
The embodiment of the present invention additionally provides a kind of analytical equipment of LTE network downlink interference, the GSM pseudo-base stations module packet
It includes:
USRP software radio hardware adaptors, digital baseband and intermediate-frequency section for serving as LTE wireless communication systems, connect
It receives and sends, USRP is connected to host by high-speed link, and host software controls USRP hardware and transmission/reception number with it
According to.Some USRP models also integrate the general utility functions of host with embeded processor, enable USRP equipment with only
The operation of cube formula.
Openbsc increase income gsm protocol stack software realization for GSM network protocol stack sofeware realize, coordinate USRP softwares
Radio peripheral hardware builds GSM pseudo-base station modules, freely receives and makes a phone call, sends and receivees short message, modification short message content
With the phone number of receiving-transmitting sides.
The embodiment of the present invention additionally provides a kind of analytical equipment of LTE network downlink interference, the attack mobile module packet
It includes:
C118 mobile phones are for coordinating Osmocombb to realize attack mobile module, and can increase income base band as Osmocombb
Physical layer is realized;
Osmocombb increases income mobile phone baseband, for realizing GSM software base band, including the analog- and digital- base band of GSM is (integrated
And outside) driver and GSM telephony sides from the protocol stack of first layer and third layer, by being used on C118 mobile phones
Osmocombb can freely be sent with software, receive short message and dial, receive calls.
The embodiment of the present invention gets target MS IMSI parameter informations by target MS phone number, and LTE is pseudo-
Base station fixed point sucking target MS, helps safe practice personnel snugly to be obtained under 4G LTE networks and manipulation of objects movement
Amoyese sound and short message content, and LTE network signaling process is clearly analyzed.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.
Claims (7)
1. a kind of method of LTE network lower-pilot short message and speech message, which is characterized in that the LTE network lower-pilot short message
And the method for speech message includes:
Target MS IMSI parameter informations are obtained by target MS phone number;
According to target MS IMSI parameter informations, the hidden fixed point ground sucking target MS of LTE pseudo-base stations;
Target MS is redirected to GSM pseudo-base stations by LTE pseudo-base stations, and target MS falls back to GSM nets from 4G LTE networks
Network;
Hidden fixed point attack is carried out to target MS.
2. the method for LTE network lower-pilot short message as described in claim 1 and speech message, which is characterized in that target moves
Platform is redirected to GSM pseudo-base stations and target MS is after 4G LTE networks fall back to GSM network, further includes:
It monitors, intercept and distort the short message that target MS receives in hidden fixed point ground;
It is hidden fixed point the target MS identity that disguises oneself as send short message to other people.
3. the method for LTE network lower-pilot short message as described in claim 1 and speech message, which is characterized in that target moves
Platform is redirected to GSM pseudo-base stations and target MS is after 4G LTE networks fall back to GSM network, further includes:
The voice communication that hidden fixed point ground is monitored and interception target mobile station receives;
It is hidden fixed point the target MS identity that disguises oneself as made a phone call to other people.
4. the LTE network lower-pilot short message of a kind of LTE network lower-pilot short message as described in claim 1 and the method for speech message
And the system of speech message, which is characterized in that the LTE network lower-pilot short message and the system of speech message include:
LTE pseudo-base station modules suck target MS for building 4G LTE base stations by target MS IMSI parameter informations,
Target MS is redirected to GSM pseudo-base stations;
GSM pseudo-base station modules, for building the base stations 2G GSM, the target movement that hidden fixed point sucking is redirected from LTE pseudo-base stations
Platform.
5. the system of LTE network lower-pilot short message as claimed in claim 5 and speech message, which is characterized in that the LTE nets
Network lower-pilot short message and the system of speech message further include:
IMSI information acquisition module, the IMSI parameter informations for obtaining target MS.
6. the system of LTE network lower-pilot short message as claimed in claim 5 and speech message, which is characterized in that the LTE nets
Network lower-pilot short message and the system of speech message further include:
Mobile module is attacked, authentication and encryption information between the base stations GSM and the real base stations GSM are used for transmission, in GSM network
It is middle to replace target MS.
7. a kind of using the information of LTE network lower-pilot short message and the method for speech message described in Claims 1 to 4 any one
Data processing terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810246033.2A CN108600969A (en) | 2018-03-23 | 2018-03-23 | A kind of method and system of LTE network lower-pilot short message and speech message |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810246033.2A CN108600969A (en) | 2018-03-23 | 2018-03-23 | A kind of method and system of LTE network lower-pilot short message and speech message |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108600969A true CN108600969A (en) | 2018-09-28 |
Family
ID=63627315
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810246033.2A Pending CN108600969A (en) | 2018-03-23 | 2018-03-23 | A kind of method and system of LTE network lower-pilot short message and speech message |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108600969A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109688621A (en) * | 2019-02-27 | 2019-04-26 | 武汉虹信通信技术有限责任公司 | A kind of redirection localization method and device |
CN113115302A (en) * | 2021-04-08 | 2021-07-13 | 重庆邮电大学 | Method for capturing and tampering wireless access capability information based on man-in-the-middle |
-
2018
- 2018-03-23 CN CN201810246033.2A patent/CN108600969A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109688621A (en) * | 2019-02-27 | 2019-04-26 | 武汉虹信通信技术有限责任公司 | A kind of redirection localization method and device |
CN113115302A (en) * | 2021-04-08 | 2021-07-13 | 重庆邮电大学 | Method for capturing and tampering wireless access capability information based on man-in-the-middle |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10117094B2 (en) | Systems and methods for identifying rogue base stations | |
US6405030B1 (en) | System for interception of digital cellular phone communication | |
CN107683617B (en) | System and method for pseudo base station detection | |
Jover | LTE security, protocol exploits and location tracking experimentation with low-cost software radio | |
EP2742711B1 (en) | Detection of suspect wireless access points | |
EP2403283B1 (en) | Improved subscriber authentication for unlicensed mobile access signaling | |
CN110741661B (en) | Method, mobile device and computer readable storage medium for pseudo base station detection | |
CN104602241A (en) | Determination method of pseudo base station and mobile terminal | |
CN104581731A (en) | Determining method and system for mobile phone terminal hijack process by pseudo base station | |
US10820206B2 (en) | Method and fake base station for detecting subscriber identity | |
Dubey et al. | Demonstration of vulnerabilities in GSM security with USRP B200 and open-source penetration tools | |
Hadžialić et al. | An approach to analyze security of GSM network | |
CN108600969A (en) | A kind of method and system of LTE network lower-pilot short message and speech message | |
Gobbo et al. | A denial of service attack to GSM networks via attach procedure | |
CN113099455B (en) | Anti-capturing method for mobile phone number of LTE terminal user | |
CN108307380A (en) | A kind of location of mobile users method for secret protection and mobile gateway | |
CN106973396A (en) | Capture systems and method under a kind of mobile phone black state | |
Perkov et al. | Recent advances in GSM insecurities | |
CN107172614A (en) | A kind of mobile terminal number of taking localization method and system | |
CN110557753B (en) | DNS redirection method based on relay access for public security network access | |
Zhu et al. | A self-testing approach defending against rogue base station hijacking of intelligent terminal | |
US9749921B2 (en) | System and method for interrogating a mobile communication terminal | |
CN107241731A (en) | Mobile terminal network gravity treatment control method and device | |
Dai et al. | Mobile Technology Security Concerns and NESAS as a Solution | |
WO2017028031A1 (en) | Mobile network security processing method, warning method and user terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180928 |
|
RJ01 | Rejection of invention patent application after publication |