{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,23]],"date-time":"2025-10-23T21:08:32Z","timestamp":1761253712914,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":88,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Hessian State Ministry of Higher Education, Research, Science and the Arts","award":["National Research Center for Applied Cybersecurity ATHENE"],"award-info":[{"award-number":["National Research Center for Applied Cybersecurity ATHENE"]}]},{"name":"Federal Ministry of Education and Research of Germany (BMBF)","award":["16KIS014"],"award-info":[{"award-number":["16KIS014"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3678898","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"613-629","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Catch You Cause I Can: Busting Rogue Base Stations using CellGuard and the Apple Cell Location Database"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-5362-4907","authenticated-orcid":false,"given":"Lukas","family":"Arnold","sequence":"first","affiliation":[{"name":"TU Darmstadt, Secure Mobile Networking Lab, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9163-5989","authenticated-orcid":false,"given":"Matthias","family":"Hollick","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Secure Mobile Networking Lab, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4341-2808","authenticated-orcid":false,"given":"Jiska","family":"Classen","sequence":"additional","affiliation":[{"name":"Cybersecurity - Mobile & Wireless, Hasso Plattner Institute, University of Potsdam, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"National\u00a0Security Agency. 2023. Ghidra. https:\/\/ghidra-sre.org"},{"volume-title":"WWDC 2016 \u2013 Unified Logging and Tracing. https:\/\/devstreaming-cdn.apple.com\/videos\/wwdc\/2016\/721wh2etddp4ghxhpcg\/721\/721_unified_logging_and_activity_tracing.pdf","year":"2016","key":"e_1_3_2_1_2_1","unstructured":"Apple. 2016. WWDC 2016 \u2013 Unified Logging and Tracing. https:\/\/devstreaming-cdn.apple.com\/videos\/wwdc\/2016\/721wh2etddp4ghxhpcg\/721\/721_unified_logging_and_activity_tracing.pdf"},{"key":"e_1_3_2_1_3_1","unstructured":"Apple. 2022. Emergency SOS via satellite available today on the iPhone 14 lineup in the US and Canada. https:\/\/www.apple.com\/newsroom\/2022\/11\/emergency-sos-via-satellite-available-today-on-iphone-14-lineup\/"},{"key":"e_1_3_2_1_4_1","unstructured":"Apple. 2022. Location Services & Privacy. https:\/\/www.apple.com\/legal\/privacy\/data\/en\/location-services\/"},{"key":"e_1_3_2_1_5_1","unstructured":"Apple. 2023. Bug Reporting Profiles and Logs. https:\/\/developer.apple.com\/bug-reporting\/profiles-and-logs\/"},{"key":"e_1_3_2_1_6_1","unstructured":"Apple. 2023. Dispatch. https:\/\/developer.apple.com\/documentation\/DISPATCH"},{"key":"e_1_3_2_1_7_1","unstructured":"Apple. 2024. Choosing a Membership. https:\/\/developer.apple.com\/support\/compare-memberships\/"},{"key":"e_1_3_2_1_8_1","unstructured":"Apple. 2024. iPhone SE (2nd generation) - Technical Specifications. https:\/\/support.apple.com\/kb\/SP820?locale=en_US"},{"key":"e_1_3_2_1_9_1","unstructured":"Apple Developer Forum. 2020. Log Retention on iOS Sysdiagnose. https:\/\/forums.developer.apple.com\/forums\/thread\/123393"},{"key":"e_1_3_2_1_10_1","unstructured":"Nikias Bassen and Martin Szulecki. 2023. libimobiledevice. https:\/\/libimobiledevice.org"},{"key":"e_1_3_2_1_11_1","unstructured":"Pete Bell. 2023. 2G and 3G Shutdowns Continue. https:\/\/blog.telegeography.com\/2g-and-3g-shutdowns-continue"},{"key":"e_1_3_2_1_12_1","unstructured":"blacktop. 2023. ipsw. https:\/\/github.com\/blacktop\/ipsw"},{"volume-title":"arkasha, and uhtu","year":"2023","key":"e_1_3_2_1_13_1","unstructured":"bobzilla, arkasha, and uhtu. 2023. WiGLE: Wireless Network Mapping. https:\/\/www.wigle.net"},{"key":"e_1_3_2_1_14_1","unstructured":"Ravishankar Borgaonkar and Swapnil Udar. 2023. Darshak. https:\/\/github.com\/darshakframework\/darshak"},{"key":"e_1_3_2_1_15_1","unstructured":"Amat Cama. 2018. A walk with Shannon: A walkthrough of a pwn2own baseband exploit. https:\/\/www.youtube.com\/watch?v=6bpxrfB9ioo"},{"key":"e_1_3_2_1_16_1","unstructured":"Cellmapper. 2023. Cellular Coverage and Tower Map. https:\/\/www.cellmapper.net"},{"key":"e_1_3_2_1_17_1","unstructured":"CellularPrivacy. 2023. Android IMSI-Catcher Detector. https:\/\/github.com\/CellularPrivacy\/Android-IMSI-Catcher-Detector"},{"key":"e_1_3_2_1_18_1","unstructured":"Nick Chan Lakhan Lothiyi Nebula Mineek and Tom. 2023. palera1n. https:\/\/github.com\/palera1n\/palera1n"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3448300.3467826"},{"key":"e_1_3_2_1_20_1","unstructured":"Jiska Classen. 2020. Fuzzing the phone in the iPhone. https:\/\/media.ccc.de\/v\/rc3-11358-fuzzing_the_phone_in_the_iphone"},{"key":"e_1_3_2_1_21_1","unstructured":"Jiska Classen. 2023. Frida Scripts. https:\/\/github.com\/seemoo-lab\/frida-scripts"},{"key":"e_1_3_2_1_22_1","unstructured":"Joseph Cox. 2018. With $20 of Gear from Amazon Nearly Anyone Can Make This IMSI-Catcher in 30 Minutes. https:\/\/www.vice.com\/en\/article\/gy7qm9\/how-i-made-imsi-catcher-cheap-amazon-github"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664272"},{"key":"e_1_3_2_1_24_1","unstructured":"Adam Demasi. 2021. Documentation Home. https:\/\/theos.dev\/docs\/"},{"key":"e_1_3_2_1_25_1","unstructured":"Zak Doffman. 2024. Apple\u2019s iOS 18 RCS Release Gets Closer\u2014Encryption Still A Problem. https:\/\/www.forbes.com\/sites\/zakdoffman\/2024\/03\/30\/new-apple-iphone-16-pro-max-and-ios-18-leak-googles-imessage-warning\/"},{"key":"e_1_3_2_1_26_1","unstructured":"Electronic Frontier Foundation. 2022. Crocodile Hunter. https:\/\/github.com\/efforg\/crocodilehunter"},{"key":"e_1_3_2_1_27_1","unstructured":"Ettus Research. 2024. USRP X310. https:\/\/www.ettus.com\/all-products\/x310-kit\/"},{"key":"e_1_3_2_1_28_1","unstructured":"Lars Fr\u00f6der. 2023. TrollStore. https:\/\/github.com\/opa334\/TrollStore"},{"key":"e_1_3_2_1_29_1","unstructured":"Galan. 2023. GSM Spy Finder. https:\/\/apk.support\/app\/kz.galan.antispy"},{"key":"e_1_3_2_1_30_1","unstructured":"William Gallagher. 2023. Apple says 2 billion of its devices are in active use. https:\/\/appleinsider.com\/articles\/23\/02\/02\/two-billion-apple-devices-are-in-active-use"},{"key":"e_1_3_2_1_31_1","unstructured":"Nico Golde. 2018. There\u2019s Life in the Old Dog Yet: Tearing New Holes into Intel\/iPhone Cellular Modems. https:\/\/comsecuris.com\/blog\/posts\/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems\/"},{"key":"e_1_3_2_1_32_1","unstructured":"Nico Golde and Daniel Komaromy. 2016. Reverse Engineering and Exploiting Samsung\u2019s Shannon Baseband. https:\/\/comsecuris.com\/blog\/posts\/shannon\/"},{"key":"e_1_3_2_1_33_1","volume-title":"5G Security when Roaming \u2013 Part 1. Mpirical","author":"Green Graeme","year":"2021","unstructured":"Graeme Green. 2021. 5G Security when Roaming \u2013 Part 1. Mpirical (2021). https:\/\/www.mpirical.com\/blog\/5g-security-when-roaming-part-1"},{"key":"e_1_3_2_1_34_1","volume-title":"The Mobile Economy","author":"Intelligence GSMA","year":"2022","unstructured":"GSMA Intelligence. 2023. The Mobile Economy 2022. https:\/\/www.gsma.com\/mobileeconomy\/wp-content\/uploads\/2022\/02\/280222-The-Mobile-Economy-2022.pdf"},{"key":"e_1_3_2_1_35_1","unstructured":"Mark Gurman. 2021. Apple Plans to Add Satellite Features to iPhones for Emergencies. https:\/\/www.bloomberg.com\/news\/articles\/2021-08-30\/apple-plans-to-add-satellite-features-to-iphones-for-emergencies"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3507657.3528546"},{"key":"e_1_3_2_1_37_1","unstructured":"Hex-Rays. 2023. IDA Pro. https:\/\/hex-rays.com\/ida-pro\/"},{"key":"e_1_3_2_1_38_1","unstructured":"iVerify. 2024. iVerify. https:\/\/iverify.io\/"},{"key":"e_1_3_2_1_39_1","volume-title":"Roaming in the 5G System: The 5GS Roaming Architecture. Ericsson Reports","author":"Keller Ralf","year":"2021","unstructured":"Ralf Keller, David Castellanos, Anki Sander, Amarisa Robinson, and Afshin Abtin. 2021. Roaming in the 5G System: The 5GS Roaming Architecture. Ericsson Reports (2021). https:\/\/www.ericsson.com\/4981f6\/assets\/local\/reports-papers\/ericsson-technology-review\/docs\/2021\/roaming-in-the-5g-system.pdf"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24365"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","unstructured":"Tobias Kr\u00f6ll. 2021. ARIstoteles: iOS Baseband Interface Protocol Analysis. https:\/\/doi.org\/10.26083\/tuprints-00019397","DOI":"10.26083\/tuprints-00019397"},{"key":"e_1_3_2_1_42_1","volume-title":"Computer Security \u2013 ESORICS","author":"Kr\u00f6ll Tobias","year":"2021","unstructured":"Tobias Kr\u00f6ll, Stephan Kleber, Frank Kargl, Matthias Hollick, and Jiska Classen. 2021. ARIstoteles \u2013 Dissecting Apple\u2019s Baseband Interface. In Computer Security \u2013 ESORICS 2021, Elisa Bertino, Haya Shulman, and Michael Waidner (Eds.). Springer International Publishing, Cham, 133\u2013151."},{"key":"e_1_3_2_1_43_1","volume-title":"Qualcomm Gains Baseband Share in Q3","author":"Kundojjala Sravan","year":"2022","unstructured":"Sravan Kundojjala. 2023. Qualcomm Gains Baseband Share in Q3 2022. https:\/\/www.strategyanalytics.com\/strategy-analytics\/blogs\/components\/handset-components\/handset-components\/2023\/02\/14\/qualcomm-gains-baseband-share-in-q3-2022"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-70903-6_11"},{"key":"e_1_3_2_1_45_1","unstructured":"Sukchan Lee. 2024. Open5GS. https:\/\/open5gs.org\/"},{"key":"e_1_3_2_1_46_1","unstructured":"Zhenhua Li Weiwei Wang Christo Wilson Jian Chen Chen Qian Taeho Jung Lan Zhang Kebin Liu Xiangyang Li and Yunhao Liu. 2017. FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild.. In NDSS."},{"key":"e_1_3_2_1_47_1","unstructured":"Berly Lipton. 2022. Police Are Still Abusing Investigative Exemptions to Shield Surveillance Tech While Others Move Towards Transparency. https:\/\/www.eff.org\/deeplinks\/2022\/07\/police-are-still-abusing-investigative-exemptions-shield-surveillance-tech-while-0"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395351.3399360"},{"key":"e_1_3_2_1_49_1","unstructured":"Slava Makkaveev. 2022. Vulnerability within the Unisoc Baseband opens Mobile Phones Communications to Remote Hacker Attacks. https:\/\/research.checkpoint.com\/2022\/vulnerability-within-the-unisoc-baseband\/"},{"key":"e_1_3_2_1_50_1","unstructured":"Mandiant. 2023. macos-UnifiedLogs. https:\/\/github.com\/mandiant\/macos-UnifiedLogs"},{"key":"e_1_3_2_1_51_1","unstructured":"Gy\u00f6rgy Miru. 2017. Path of Least Resistance: Cellular Baseband to Application Processor Escalation on Mediatek Devices. https:\/\/comsecuris.com\/blog\/posts\/path_of_least_resistance\/"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-65127-9_19"},{"key":"e_1_3_2_1_53_1","unstructured":"Aleksander Morgado and Dan Williams. 2021. libqmi. https:\/\/www.freedesktop.org\/wiki\/Software\/libqmi\/"},{"key":"e_1_3_2_1_54_1","unstructured":"Mozilla. 2023. Mozilla Location Service. https:\/\/location.services.mozilla.com"},{"key":"e_1_3_2_1_55_1","unstructured":"MVT. 2024. Mobile Verification Toolkit. https:\/\/docs.mvt.re\/en\/latest\/"},{"key":"e_1_3_2_1_56_1","unstructured":"National Security Agency. 2024. Mobile Device Best Practices. https:\/\/www.documentcloud.org\/documents\/21018353-nsa-mobile-device-best-practices&xcust=2-1-2330195-1-0-0"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","unstructured":"Peter Ney Ian Smith Gabriel Cadamuro and Tadayoshi Kohno. 2017. SeaGlass: Enabling City-Wide IMSI-Catcher Detection. Vol.\u00a02017. 36\u201353. https:\/\/doi.org\/10.1515\/popets-2017-0027","DOI":"10.1515\/popets-2017-0027"},{"key":"e_1_3_2_1_58_1","unstructured":"Oros42. 2022. IMSI-catcher. https:\/\/github.com\/Oros42\/IMSI-catcher"},{"key":"e_1_3_2_1_59_1","unstructured":"Andrew Orr. 2022. Craig Federighi outlines iOS 17 privacy and Apple\u2019s stance on AI. https:\/\/appleinsider.com\/articles\/23\/06\/05\/craig-federighi-outlines-ios-17-privacy-apples-stance-on-ai"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108137"},{"key":"e_1_3_2_1_61_1","unstructured":"Daniele Palmas. 2020. Wireshark QMI dissector for Qualcomm based modems. https:\/\/github.com\/dnlplm\/WiresharkQMIDissector"},{"key":"e_1_3_2_1_62_1","volume-title":"White-Stingray: Evaluating IMSI Catchers Detection Applications. In 11th USENIX Workshop on Offensive Technologies (WOOT 17)","author":"Park Shinjo","year":"2017","unstructured":"Shinjo Park, Altaf Shaik, Ravishankar Borgaonkar, Andrew Martin, and Jean-Pierre Seifert. 2017. White-Stingray: Evaluating IMSI Catchers Detection Applications. In 11th USENIX Workshop on Offensive Technologies (WOOT 17). USENIX Association, Vancouver, BC. https:\/\/www.usenix.org\/conference\/woot17\/workshop-program\/presentation\/park"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338498.3358649"},{"key":"e_1_3_2_1_64_1","unstructured":"PentHertz. 2023. OpenBTS. https:\/\/github.com\/PentHertz\/OpenBTS"},{"key":"e_1_3_2_1_65_1","volume-title":"VICTORY: Google Releases \u201cdisable 2g","author":"Quintin Cooper","year":"2022","unstructured":"Cooper Quintin. 2022. VICTORY: Google Releases \u201cdisable 2g\u201d Feature for New Android Smartphones. https:\/\/www.eff.org\/deeplinks\/2022\/01\/victory-google-releases-disable-2g-feature-new-android-smartphones"},{"key":"e_1_3_2_1_66_1","unstructured":"Ole Andr\u00e9\u00a0Vadla Ravn\u00e5s. 2022. Frida. https:\/\/frida.re"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24283"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00006"},{"key":"e_1_3_2_1_69_1","unstructured":"Security Research Labs. 2015. IMSI Catcher Score. https:\/\/opensource.srlabs.de\/projects\/snoopsnitch\/wiki\/IMSI_Catcher_Score"},{"key":"e_1_3_2_1_70_1","unstructured":"Security Research Labs. 2015. Snoop Snitch SQL Queries for Detection. https:\/\/github.com\/srlabs\/snoopsnitch\/tree\/master\/analysis\/catcher\/sql"},{"key":"e_1_3_2_1_71_1","unstructured":"Security Research Labs. 2018. SnoopSnitch Compatibility. https:\/\/opensource.srlabs.de\/projects\/snoopsnitch\/wiki\/DeviceList"},{"key":"e_1_3_2_1_72_1","unstructured":"Security Research Labs. 2022. SnoopSnitch. https:\/\/opensource.srlabs.de\/projects\/snoopsnitch"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23236"},{"key":"e_1_3_2_1_74_1","unstructured":"Adam Simmons. 2022. Cell Tower Range: How Far Do They Reach?https:\/\/dgtlinfra.com\/cell-tower-range-how-far-reach\/"},{"key":"e_1_3_2_1_75_1","unstructured":"skibapps. 2023. Cell Spy Catcher (Anti Spy). https:\/\/play.google.com\/store\/apps\/details?id=com.skibapps.cellspycatcher"},{"key":"e_1_3_2_1_76_1","unstructured":"SS7ware. 2024. YateBTS. https:\/\/yatebts.com"},{"key":"e_1_3_2_1_77_1","unstructured":"Software\u00a0Radio Systems. 2024. srsRAN. https:\/\/github.com\/srsran\/srsran_4g"},{"key":"e_1_3_2_1_78_1","unstructured":"Riley Testut. 2023. AltStore. https:\/\/github.com\/altstoreio\/AltStore"},{"key":"e_1_3_2_1_79_1","unstructured":"Mika Tuupola. 2017. Reverse Engineering Apple Location Services Protocol. https:\/\/www.appelsiini.net\/2017\/reverse-engineering-location-services\/"},{"key":"e_1_3_2_1_80_1","unstructured":"Unwired Labs. 2023. OpenCelliD. https:\/\/opencellid.org\/"},{"key":"e_1_3_2_1_81_1","volume-title":"Proceedings of the 6th USENIX Conference on Offensive Technologies","author":"Weinmann Ralf-Philipp","year":"2012","unstructured":"Ralf-Philipp Weinmann. 2012. Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks. In Proceedings of the 6th USENIX Conference on Offensive Technologies (Bellevue, WA) (WOOT\u201912). USENIX Association, 2. https:\/\/www.usenix.org\/system\/files\/conference\/woot12\/woot12-final24.pdf"},{"key":"e_1_3_2_1_82_1","unstructured":"Ralf-Philipp Weinmann. 2017. Did I hear a shell popping in your baseband?https:\/\/vimeo.com\/214013463"},{"key":"e_1_3_2_1_83_1","unstructured":"Harald Welte. 2022. OsmoBTS. https:\/\/osmocom.org\/projects\/osmobts\/wiki"},{"key":"e_1_3_2_1_84_1","unstructured":"Amy While. 2022. SignalReborn. https:\/\/github.com\/elihwyma\/SignalReborn"},{"key":"e_1_3_2_1_85_1","unstructured":"Tim Willis. 2023. Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems. https:\/\/googleprojectzero.blogspot.com\/2023\/03\/multiple-internet-to-baseband-remote-rce.html"},{"key":"e_1_3_2_1_86_1","unstructured":"Wireshark Foundation. 2023. Wireshark. https:\/\/www.wireshark.org"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/3643833.3656131"},{"key":"e_1_3_2_1_88_1","unstructured":"Zerodium. 2019. Zerodium Payouts. https:\/\/zerodium.com\/program.html"}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID '24","location":"Padua Italy"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678898","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3678898","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678898"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":88,"alternative-id":["10.1145\/3678890.3678898","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3678898","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}