1

I need to uniquely identify a mobile device using the "ping" packets that it transmits to cellular towers regularly, in an area of interest by installing a packet sniffer at that location? I only need to identify the device real time, and not store the data somewhere for later use. Is that possible, and what are the circumstances under which that would become unlawful to do?

Ashley
  • 11
  • 3
  • 3
    If you've done some research, what are your current approaches? – Silverfox Feb 17 '16 at 08:33
  • I've ruled out WiFi and Bluetooth based detection, because the respective radios need to be enabled and running. Also a system where an app on the device actively transmits its identity someway is also not in consideration due to the battery drain and unnecessary network activity. A passive method wherein the mobile keep transmitting its bare minimum details to nearby towers, which it always does, and by in doing so, if we're able to catch some of those details, like the IMSI # for instance, is what I'm looking for. – Ashley Feb 17 '16 at 10:10

2 Answers2

1

Mobile devices work across many channels, often in completely different frequency bands depending on the provider. So, even if you did have a device that could listen to traffic and watch for the IMSI/TMSI (IMSI is rarely ever broadcast, you can watch for TMSI which is a quasi-unique ID) it would need to operate across all the hundreds of viable channels, or else you are going to have to spend hours just doing one sweep (assuming your device is limited to one channel), in which time many devices will have probably arrived/left. The practical (note this does not mean legal) way is to impersonate a base station and wait for the devices to come to you. That is what IMSI catchers do, basically a MITM attack to get all nearby devices to admit who they are, because they think that your device is a nearby cell tower.

Here is a similar question on SE: https://networkengineering.stackexchange.com/questions/18070/detecting-2g-3g-4g-devices and here is an article about the lengths one needs to go to in order to just intercept ONE devices' IMSI without impersonating a base station: http://www.rtl-sdr.com/rtl-sdr-cell-phone-imsi-tmsi-key-sniffer/

Community
  • 1
Jeff Meden
  • 3,966
  • 13
  • 16
0

If you can ping the device then you should be able to get the mac address of the hardware interface you are pinging (for a network everything needs a MAC address for the network lay communication).

The legality of it is grey, very grey, though if genuine non malicious research that does not hinder or risk hindering anyone and you can not identify that person nor have any data saved on that person. then I don't see why it would be a problem, though I would consult someone with a bit more legal standing than my self. its really hard to say.

I hope I understood your question

TheHidden
  • 4,265
  • 3
  • 21
  • 40
  • I'm not sure if I can ping the device. Though I feel IMSI catchers can do that. And no, the MAC address will not be so useful, since it needs WiFi to be enabled. If there's a surefire way to just get the IMSI #, then that's what I'm looking at. – Ashley Feb 17 '16 at 10:06