Demystifying spam messages and interpreting what a pseudo base station is.

IT 168 evaluation recently, the author often receives such short messages: Dear users, your phone bill points can be exchanged for XXX yuan in cash, and it will expire today. Please log in to integral mall, XXXX.COM immediately, and download and activate according to the prompts! China mobile. At first, the author didn't take it seriously. I just felt that operators are becoming more and more humanized now, and the expiration of points has begun to prompt. I can't help but sigh that Internet thinking has really begun to penetrate into some high-level state-owned enterprise service industries. However, the author is a slow-witted person, and the exchange of gifts is always delayed until the end, without following the tips in the short message. When the author found that every time I passed the same place at work, I would receive a short message with similar content, and suddenly realized that this short message from 10086 was not written by the government, but a pseudo base station fraud short message that we had been talking about for a year but never understood. The pseudo base station in my impression only stays in the stage of mass sending spam messages and obscene information. It's rare to see this kind of news disguised as China Mobile and official number fraud of major banks. It also caught my attention. I think it is necessary to popularize what a pseudo base station is and what harm it has been doing in recent years. Although it seems that the term pseudo base station is very professional, it doesn't need much communication knowledge to get a general understanding of its working principle. When this black box is broken, it will not be deceived by more and more realistic scam messages.

What is the pseudo base station named at the 3 15 party frequently exposed by major media?

Everyone usually watches the news and even sees banners that crack down on pseudo base stations in their neighborhood committees. Where is the pseudo base station? How did He Dehe become the key roll call object of 15 CCTV 3 15 party? At the beginning of the article, the author first popularizes the definition of pseudo base station for everyone.

▲ CCTV exposure pseudo base station industry chain

A pseudo base station is a pseudo base station as its name implies. As we all know, the reason why mobile phones can make phone calls, send short messages and surf the Internet is because mobile phones can always receive signals from operators' base stations. Connect calls, short messages and data through the connection between base stations. Symbolic buildings such as signal towers are communication base stations. However, the type of base station is not limited to the form of signal tower. Some small base stations, which we call small cells, are also increasingly applied to our daily life, which also solves the problem that many large base stations such as high-rise buildings and underground buildings cannot cover dead corners. With more and more high-spectrum resources being developed, miniaturization of base stations is also the future development trend. A brief introduction is also to let everyone know that the pseudo base station is not what we usually think of as a false signal tower, and even the volume of the pseudo base station is similar to that of the express parcel, so it is easy to put it into the computer bag. It is very likely that there is a pseudo base station sending text messages in the passers-by bag you pass by; It is also possible to hide a pseudo base station that collects nearby mobile phone information in the van parked in the parking lot under the overpass for a long time.

What are the hazards of pseudo base stations? Have you ever met a pseudo base station?

CCTV once counted a data. In 20 14, there were more than 200 billion spam messages in China. Statistics in March this year show that the number of mobile phone users in China exceeded 129 billion, which means that in 14, everyone can receive 200 spam messages on average. For an unsociable person like me, 200 short messages basically account for 60% of my short message box. Although the popularity of WeChat directly led to the decline of SMS business, it must be said that spam messages also played a certain role in the decline of SMS business.

Pseudo-base station hazard 1: spam messages and fraudulent messages

▲ Various pseudo base station fraud messages in the author's SMS box.

Friends around me always complain to the author that their phone information has been leaked countless times unconsciously, which leads to the fact that the short messages received every day are basically spam messages. Of course, there are also reasons for privacy leaks. However, according to relevant data, more than 70% of the 200 billion spam messages of 14 are sent by pseudo base stations. Pseudo-base stations adopt non-directional and intra-cell mass sending mode, that is, whether the sender of spam messages knows your phone number or not, as long as you are within the coverage of pseudo-base stations, you will receive spam messages. In other words, the flood of spam messages no longer needs to know your private information. Moreover, the pseudo base station has the function of simulating any telephone number. As mentioned earlier, the fraudulent short message sent by "10086" is sent by a pseudo base station through an analog mobile phone number. Since the beginning of this year, fraudulent short messages have accounted for an increasing proportion of spam messages sent by pseudo base stations. This is also one of the reasons why public security organs and operators have stepped up their efforts to crack down on pseudo base stations.

Pseudo-base station hazard 2: the occupation of communication channels causes the mobile phone to be unable to talk, surf the Internet and send text messages normally.

▲ Pseudo base stations can be miniaturized into ordinary schoolbags.

If the pseudo base station only stays in the stage of sending spam messages, coupled with the improvement of anti-fraud awareness of most users, the impact of pseudo base stations on most people will only stay in the stage of harassment, but in fact, the harm of pseudo base stations is far more than that. We also briefly mentioned the working principle of the base station. When the mobile phone is within the radiation range of the pseudo base station, it will automatically connect to the pseudo base station under certain conditions (under what circumstances, the mobile phone will automatically connect to the pseudo base station). The pseudo base station itself does not have the function of carrying calls, short messages and networks. At this time, there will be a full cell phone signal display, but you can't talk, surf the Internet or send text messages. I believe that everyone has encountered this situation. When you want to make an emergency call, you find that the mobile phone with full signal can't dial, and other people's calls can't come in. It is very likely that you are within the radiation range of the pseudo base station.

Pseudo base station hazard 3: stealing user-related information

▲ Pseudo base stations are an important part of stealing user information.

When a mobile phone is connected to a pseudo base station, the pseudo base station controls the user's mobile phone network. During this period, the mobile phone will also send information to the pseudo base station according to the same rules as the normal base station, which also gives the pseudo base station the right to steal the network information of mobile phone users. At the same time, once a user clicks on a phishing website on a fraudulent short message sent by a pseudo base station, deeper information in the mobile phone, such as photos, address books and even bank card information, will be stolen by Trojans or downloaded virus applications. Of course, if you reach the above stage, you will be cheated.

Why can pseudo base stations run rampant? What is the working principle? You won't be cheated if you know!

In fact, everyone sneered at online fraud and thought it was 2 1 century. As long as you remember that there will be no pie in the sky, you won't be cheated. Actually, it's not. We also mentioned that the pseudo base station can simulate anyone's phone number. Imagine, if one day a pseudo base station imitates your friend and sends you a short message, which appears in the chat conversation between you and your friend, will you feel real at the first time? This is not alarmist, but what pseudo base stations can really do. In fact, why are we cheated? Simply put, it is information asymmetry. When you understand the principle of pseudo base station, it's hard to be cheated. At this stage of the article, the author will explain the working principle of pseudo base stations in both popular and detailed ways.

An easy-to-understand explanation of PS. Just do the principle interpretation, and friends who want to know more can skip the direct browsing and explain in detail.

▲ Laptop+chassis-sized equipment constitutes a pseudo base station.

Simply put, the pseudo base station runs in the same frequency band as the normal base station, and the signal of the pseudo base station is stronger for the mobile phone around the pseudo base station. At this time, due to the mechanism that the mobile phone automatically selects the base station, the mobile phone will try to disconnect from the normal base station and turn to the embrace of the pseudo base station. Because GSM network (that is, what we usually call mobile Unicom 2G network) lacks security mechanism, the base station authenticates the mobile phone, and the mobile phone does not authenticate the base station. At this time, the mobile phone will send the identification code to the pseudo base station with stronger signal, and the pseudo base station will accept all orders and complete the connection with the mobile phone. There are several key points worthy of our attention: the automatic base station optimization mechanism of mobile phone, the one-way authentication mechanism of GSM network, and the pseudo base station receiving all the commands to establish connection. It can also be seen that the current pseudo base station can only invade mobile phones running on GSM network. Because of the two-way authentication mechanism of 3G/4G network, not only the base station can authenticate the mobile phone, but also the mobile phone can authenticate the base station, which greatly reduces the risk of being harmed by the pseudo base station. But if you think your network can rest easy on 3G or 4G, you are naive. At present, many pseudo base stations also have the function of shielding 3G/4G network signals.

Detailed explanation of pseudo base station operation mechanism

When the smart phone moves from one base station coverage area to another, it will receive the broadcast message of the new base station, and when it is found that the LAC in the broadcast of the new base station has changed, it will start the base station reselection mechanism. The mobile phone can judge whether it will pass through the handover area of the base station by identifying the signal strength of the surrounding base station network. This action is what the mobile phone has been scanning. Pseudo base stations trick mobile phones into re-selecting base stations through relatively high power (not necessarily high power, mainly by being close to the mobile phone). There will be an authentication process when re-selecting a base station. The authentication mechanism of GSM V 1 version is that the mobile phone sends the IMSI code to the base station. When the IMSI code is registered in the base station, the base station will send the TMSI to the mobile phone for subsequent communication processing and identification. We also see that in the authentication process of GSM V 1, only the base station verifies whether the mobile phone is legal, but the mobile phone does not verify whether the base station is legal. For the pseudo base station, no matter what IMSI code the mobile phone sends to the base station, it will receive all instructions and establish a connection with the mobile phone, and then it will send spam messages, fraudulent messages, phishing websites and other information to the mobile phone. At present, the pseudo base station technology has also undergone several generations of upgrades. It can change its LAC value after sending a short message to make the mobile phone quickly quit the network, thus saving the number of terminals connected by pseudo base stations and maximizing the coverage of spam messages. Moreover, it can also be simulated as an arbitrary phone number while sending information, which is why we frequently receive short messages with "official" numbers such as 10086 and 95583.

▲GSM authentication vulnerability is an important reason why pseudo base stations can survive.

It can be seen that pseudo base stations are basically only for users of GSM networks. The reason is that 3G and 4G standard networks have two-way authentication mechanism. Not only will the base station identify whether the mobile phone is legal, but the mobile phone will also identify the legitimacy of the base station, so that the pseudo base station has no chance to check. However, at present, some pseudo base stations can block 3G/4G signals at the same time, forcing mobile phones to stay in GSM networks, thus tricking connections. For CDMA users, there is no pseudo base station for CDMA users at present. In fact, CDMA 1X network also adopts a single authentication mechanism. However, due to the small number of CDMA network users, the lack of mature supporting software, and the consideration of security issues at the early stage of its design, the cost of making pseudo base stations for CDMA networks is very high. This is why mobile phone users seem to receive more spam messages.

How to identify and prevent pseudo base stations?

Principle In front of us, we briefly talked about the problem that pseudo base stations can be connected with mobile phones. At present, there are basically the following solutions for pseudo base stations in the industry:

1. Lock the signal in 3G and 4G networks: This way, users can operate by themselves, effectively solving the problem of spam messages from pseudo base stations. But at the same time, the negative impact is also very significant. First of all, most mobile users are still using the CSFB call network standard, which means that 3G and 4G networks cannot be used to carry call services. So basically, this move is not realistic for current mobile users. For Unicom users, WCDMA network can carry the call service, but if there is a real dead end in the network, the mobile phone still needs to fall back to the 2G network, so this method of anti-counterfeiting base station belongs to throwing watermelons and picking sesame seeds.

2. Replace the USIM card: At present, many business halls claim that replacing the USIM card can solve the pseudo base station problem. The reason is that USIM has a mechanism that supports two-way authentication, content encryption and communication process encryption. But as we said before, the single authentication mode of GSM V 1 version is still the mainstream authentication mode of GSM and has not been banned. Therefore, even if the USIM card is used, the pseudo base station can make the mobile phone fall back to the 2G mode through signal interference, and then make a disguised connection. It seems that replacing the USIM card cannot completely shield the pseudo base station.

3. Adopt all kinds of mobile phone security software: At present, for pseudo base stations, major domestic manufacturers have introduced security software to identify short messages from pseudo base stations, such as Baidu Guardian and 360 Guardian. And the shielding efficiency of short messages sent by pseudo base stations is also very high. However, it should be noted that at present, no software vendor has announced its own mechanism to block SMS from pseudo base stations. Whether it is possible to identify whether a mobile phone is within the coverage of a pseudo base station by software, or whether it is a pseudo base station short message by identifying the keywords of the short message content, is still inconclusive. If the latter form is used to determine whether the user's privacy has been violated, there is no good definition standard at present. However, it is undeniable that this is one of the few methods that can really identify short messages from pseudo base stations, and it is also the most widely used.

4. Identify pseudo base stations by hardware: As we mentioned earlier, the reason why pseudo base stations can exist lies in GSM single authentication. Although GSM cannot provide a two-way authentication mechanism, it can also identify whether a base station is a normal base station through a hardware chip. There are still huge differences between normal base stations and pseudo base stations in many related parameters. Therefore, for example, Huawei Mate 8 mobile phone just launched at present also effectively identifies pseudo base stations through this form. This is also one of the few anti-counterfeiting base station methods with clear mechanism and no invasion of user privacy. In the future, it is also most likely to be promoted as a standard mechanism for smart phones.

Related reading: pseudo base station Baidu Encyclopedia

GSM authentication methods and vulnerabilities

Whether replacing USIM card can solve the problem of pseudo base station.