LTE networks have taken over from older technologies like GSM in much of the world. Outfitted with the right hardware, like a software defined radio, and the right software, it’s theoretically possible to sniff some of this data for yourself. The LTESniffer project was built to do just this.
LTESniffer is able to sniff downlink traffic from base stations using a USRP B210 SDR, outfitted with two antennas. If you want to sniff uplink traffic, though, you’ll need to upgrade to an X310 with two daughterboards fitted. This is due to the timing vagaries of LTE communication. Other solutions can work however, particularly if you just care about downlink traffic.
If you’ve got that hardware though, you’re ready to go. The software will help pull out LTE signals from the air, though it bears noting that it’s only designed to work with unencrypted traffic. It won’t help you capture the encrypted communications of network users, though it can show you various information like IMSI numbers of devices on the network. Local regulations may prevent you legally even doing this, and if so, the project readme recommends setting up your own LTE network to experiment with instead.
Cellular sniffing has always been somewhat obscure and arcane, given the difficulty and encryption involved, to say nothing of the legal implications. Regardless, some hackers will always pursue a greater knowledge of the technology around them. If you’ve been doing just that, let us know what you’re working on via the tipsline.