LTE networks have taken over from older technologies like GSM in much of the world. Outfitted with the right hardware, like a software defined radio, and the right software, it’s theoretically possible to sniff some of this data for yourself. The LTESniffer project was built to do just this.
LTESniffer is able to sniff downlink traffic from base stations using a USRP B210 SDR, outfitted with two antennas. If you want to sniff uplink traffic, though, you’ll need to upgrade to an X310 with two daughterboards fitted. This is due to the timing vagaries of LTE communication. Other solutions can work however, particularly if you just care about downlink traffic.
If you’ve got that hardware though, you’re ready to go. The software will help pull out LTE signals from the air, though it bears noting that it’s only designed to work with unencrypted traffic. It won’t help you capture the encrypted communications of network users, though it can show you various information like IMSI numbers of devices on the network. Local regulations may prevent you legally even doing this, and if so, the project readme recommends setting up your own LTE network to experiment with instead.
Cellular sniffing has always been somewhat obscure and arcane, given the difficulty and encryption involved, to say nothing of the legal implications. Regardless, some hackers will always pursue a greater knowledge of the technology around them. If you’ve been doing just that, let us know what you’re working on via the tipsline.
Takedown in 3…2…1…
They’re already running tic-toc on those phones they’re sniffing, so…
Better download now and buy an USRP later.
It’s certainly not a cheap system.
The USRP X310 is over $9000.00 on ebay
I always find myself wondering about HackRF or BladeRF units.
There is/was a project that uses the BladeRF with OpenBTS and Yate to create a LTE/GSM “cell site”
Exactly, the USRP X310 isn’t for a pet project.
Dang it. I only have a B200.
Thanks for sharing. Who needs privacy anyway. Any Joe should be able to record mine or anyone elses’ communications, mobile banking, and other browser information if they have a few extra bucks.
If he manages to decrypt my banking, the X310 can pay for itself though.
100% opposed to this post.
I’d love to hear your thoughts on how to decrypt the data. Wait, no I wouldn’t.