| ▲ | yinznaughty 4 days ago | |
You can collect IMSI passively over LTE: https://github.com/SysSec-KAIST/LTESniffer You can just jam everyone in the area and see who reconnects. | ||
| ▲ | kotaKat 4 days ago | parent [-] | |
Couldn’t I just grab a Baicells eNB off eBay and point it at my own Open5GS installation and passively sniff IMSIs of users scanning around anyways that try to attach and reject? It feels like I could build some kind of “sniffer” fairly easily these days as well. | ||