We introduce LTrack, a new tracking attack on LTE that allows an attacker to
stealthily extract user devices’ locations and permanent identifiers (IMSI). To
remain stealthy, the localization of devices in LTrack is fully passive,
relying on our new uplink/downlink sniffer. Our sniffer records both the times
of arrival of LTE messages and the contents of the Timing Advance Commands,
based on which LTrack calculates locations. LTrack is the first to show the
feasibility of a passive localization in LTE through implementation on
software-defined radio.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

Passive localization attacks reveal a user’s location traces but can at best
link these traces to a device’s pseudonymous temporary identifier (TMSI),
making tracking in dense areas or over a long time-period challenging. LTrack
overcomes this challenge by introducing and implementing a new type of IMSI
Catcher named IMSI Extractor. It extracts a device’s IMSI and binds it to its
current TMSI. Instead of relying on fake base stations like existing IMSI
Catchers, which are detectable due to their continuous transmission, IMSI
Extractor relies on our uplink/downlink sniffer enhanced with surgical message
overshadowing. This makes our IMSI Extractor the stealthiest IMSI Catcher to

We evaluate LTrack through a series of experiments and show that in
line-of-sight conditions, the attacker can estimate the location of a phone
with less than 6m error in 90% of the cases. We successfully tested our IMSI
Extractor against a set of 17 modern smartphones connected to our
industry-grade LTE testbed. We further validated our uplink/downlink sniffer
and IMSI Extractor in a test facility of an operator.

By admin