As part of a counterterror training we got the following terror scene to solve An Inexpensive Explosive Device IED connected to a cell phone is on place. A presumption is that the IED will be fired by either a call or a text message.
We try to catch the phone's Temporary Mobile Subscriber Identity TMSI to shutdown the phone by a targeted stingray gun.
Within the case we have 5 sub-scenarios to resolve
1) GSM/EDGE attack
2) UMTS attack
3) LTE/LTE-A attack
4) 5G/NR attack - New Radio NR
6) WiFi 2.4GHz/5GHz attack
The top goal is to shutdown the device immediately. An Electro Magnetic Pulse EMP attack would risk to fire up before shutdown and is not part of the case.
Do you think an EMP attack would work? What elements of time-critical risks would you recommend to take into consideration?
If you like, present your mind -) Thank you in advance.
Will followup the story
An Electro Magnetic Pulse EMP attack would risk to fire up before shutdown and is not part of the case.
Do you think an EMP attack would work?
I don't get it.
Is the EMP attack (however you can actually perform it) part of the case or is it not?
jaclaz
is not
The cell phone has to be recovered for evidence.
is not
Then WHAT (the heck) is the actual question?
This is not a telegram service, you don't pay a fee per word you post.
Please, take some time and expose the (theoretical) issue and questions (if any) in such a way that other people may understand them.
jaclaz
TMSI is used instead of IMSI to protect subscriber from being identified. My opinion is that whichever protocol is the fastest for accessing the SIM and processing AT+CSIM commands to read the TMSI is the winner.
It's just my opinion, feel free to correct me, if I'm wrong.
@passcodeunlock, thank you, good point.
IMSI is assigned and resides on the USIM on activation by the operator. TMSI's occur as old (if assigned before) and new, TMSI o or TMSI n.
We defined that if we bring the cell phone to the state 'overheated' then it would shutdown without attack sub-scenarios. To freeze down remotely is difficult. To overheat remotely brings the danger of blowing up the IED, or can be that the cell phone resides on the backside of the IED (shadow side).
First step would be to connect to the cell phone in a way far from being a call or text message (see description of case). The modem as part of CPU would listen to debugging or user interaction. Our team was given a greenfield approach that we can define the tech specs of the stingray gun.
All depends on the phone as well. What if the phone's modem is separated from the SOC ?!
Absolutely. For 1) we got 1a) Nokia C2-05 and 1b) Samsung SCH-V890 ("Blade"). Older or burner phones are less accesible then newer ones.
Day 3 of our training. A question occurred yesterday How to disable the USIM only? Is it possible to confuse or disturb the USIM? Would it be possible to fake the device-IMSI? If the phone gets not reachable the same effect would be like shutdown.
The killer function of if the cell phone shuts down, then the IED would blow up remains. Then no chance.