LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How can device and identity tracking be performed against LTE, and what defends against it?

The IMEI and IMSI can be intercepted and used to track a phone or user — rogue base stations perform a MitM attack by forcing UEs to connect at high power, capturing the IMEI/IMSI sent while attaching. Mitigations: use temporary identities and never transmit them unencrypted; IMSI-catcher-catchers.

Rogue cell forces attach, harvesting the IMEI/IMSI the UE sends.

* Identity tracking: a rogue cell forces attach to harvest IMEI/IMSI. *

The threat:

  • The IMEI (device identity) and IMSI (subscriber identity) can be intercepted and used to track a phone and/or user
  • A rogue base station performs a MitM attack by forcing UEs to connect to it by transmitting at high power level
  • The phone may transmit its IMEI or IMSI while attaching or authenticating — exactly when the catcher harvests it

The mitigations:

  • UEs should use temporary identities and not transmit them (the permanent IDs) over unencrypted connections
  • IMSI-catcher-catcher — a detector that spots the tell-tale behavior of a fake base station (e.g., a too-strong cell that asks for IMSIs)

The persistent problem: even in LTE, there are moments (initial attach, certain authentication steps) where a permanent identity must be exposed. The defense is to minimize those moments and protect them — but it's an arms race, hence "IMSI-catcher-catchers."

Tip: This is the LTE-era survival of the classic GSM IMSI catcher — mutual authentication stops fake call delivery, but identity harvesting at attach time is harder to fully eliminate.

Go deeper:

From Quiz: MOBINFSEC / LTE Attack Vectors (NIST) | Updated: Jul 05, 2026