Skip to content
GitLab
Open
Issue created by Administrator@rootContributor

Detection 2: Abnormal TMSI changes

Created by: E3V3A

Under normal circumstances, the TMSI is saved to the SIM card and only changes occasionally (upon request) and when modem is booted up in a different network environment. Most likely due to to the BTS ..blah blah not finding your last TMSI in the VLR. However, this also occurs when a fake BTS is trying to force a location update. Thus if your TMSI suddenly changes you're more likely to be tracked by an IMSI-Catcher.

How to find the TMSI?

We can find TMSI by using either:

  1. The SIM Apllication Toolkit (SAT) AOS API for reading SIM card files
  2. The AT command for looking at AT files
  3. Looking and using the modem debug output/interface.
  4. The ServiceMode app (if using a Samsung and some others)

Here's some code: http://www.devlper.com/2009/07/reading-imsi-tmsi-iccid-mnc-mcc-and-lac-using-simreadrecord-api/

Difficulty: Some other parameters need to be monitored as well, to avoid false positives.

Relevant Documents:

  1. 3GPP ETSI 100-929

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.