DragonOS FocalX Cellular Security Research + IMSI Capture w/ LTESniffer (X310, srsRAN) part 3

The purpose of this video is to support security and analysis research on cellular networks. It's also created from an educational perspective to help learn more about cellular networks in ...general by means of a controlled lab environment and software defined radios. Privacy is respected at all times and any use of this tool or software defined radios in general is on the user to follow all local regulations.

LTESniffer is now included in the latest DragonOS FocalX ISO, but it can also be installed to current DragonOS FocalX systems by using the following PPA.

To learn more about LTESniffer please see the following project page

In this 3rd and most expensive video I've ever done in terms of hardware (thanks to all those who donated the hardware), we take a look at setting up the same srsRAN network w/ PinePhone attached, but this time the Ettus X310 with 2x Ubx-160 daughterboards is used to run the LTESniffer Security API mode set to three. This utilizes both radios to sniff the downlink and uplink at the same time.

Spectran's RTSA Pro software w/ the SpectranV6 also makes a short appearance when I use it to have a look at the srsRAN downlink.

Once LTESniffer is ran we can see that it's capable of identifying the PinePhone's IMSI passively once it turns on and connects to the srsRAN network. I think this is incredible as it's the only working open source solution that I know of that's capable of passively identifying such information. While IMSI's on LTE networks are rare to show themselves, so I hear, it's still important to understand the security implications of an exposed IMSI. I guess a recommendation based on observation is to try and limit turning on/off your phone when you’re stationary.

If you find this video helpful consider the following,
Follow @cemaxecuter on Twitter for more DragonOS and SDR info.
Become a patron @
[+] Show More
1 of 20 Next