Cyber Security / IT World / Software and Tools

LTESniffer: A funny eavesdropper

22/11/2023

Spread the love

LTESniffer is a tool that can listen to and understand the communication happening over LTE networks, which are used for things like mobile data on phones. It’s open-source and open to improvement.

Here’s how it works:

Imagine LTE networks as a busy street with cars (data) moving around. LTESniffer eavesdrops on the traffic, understanding the signals that control how the cars (data) move. It can figure out who’s sending what and where they’re sending it.

For security purposes, it has a set of tools that can do three main things:

Identity Mapping: It can track and map who is who in the LTE ‘street.’
IMSI Collecting: It can gather unique identifiers associated with mobile users (like license plates for cars).
Capability Profiling: It can understand what each ‘car’ (device) on the street is capable of doing.

The important thing is that this tool is designed for security research to help understand and improve the safety of LTE networks.

Requirements

So far this tool has been tested on Ubuntu 18.04/20.04/22.04.

The requirements are no joke.

Hardware requirements

Intel i7 CPU with at least 8 core
>= 16 GB RAM
256 GB SSD

SDR

Extracted from the README:

Requires different SDR for its uplink and downlink sniffing modes.

To sniff only downlink traffic from the base station, LTESniffer is compatible with most SDRs that are supported by the srsRAN library (for example, USRP or BladeRF). The SDR should be connected to the PC via a USB 3.0 port. Also, it should be equipped with GPSDO and two RX antennas to decode downlink messages in transmission modes 3 and 4.

On the other hand, to sniff uplink traffic from smartphones to base stations, LTESniffer needs to listen to two different frequencies (Uplink and Downlink) concurrently. To solve this problem, LTESniffer supports two options:

- Using a single USRP X310. USRP X310 has two Local Oscillators (LOs) for 2 RX channels, which can turn each RX channel to a distinct Uplink/Downlink frequency. To use this option, please refer to the main branch of LTESniffer.

- Using 2 USRP B-Series. LTESniffer utilizes 2 USRP B-series (B210/B200) for uplink and downlink separately. It achieves synchronization between 2 USRPs by using GPSDO for clock source and time reference. To use this option, please refer to the LTESniffer-multi-usrp branch of LTESniffer and its README.