Some considerations about IMSI Detach DoS Attack

Alexander Chemeris alexander.chemeris at
Fri Jul 22 19:00:41 UTC 2011

On Fri, Jul 22, 2011 at 19:48, Gloria Mazzi
<mazzi.teodolinda.gloria at> wrote:
> Hi all,
> as stated on OsmocomSecurity:
> "A malicious attacker knowing the IMSI or TMSI of a victim can thus send
> hand-crafted IMSI DETACH messages to a cell, causing the network to assume
> the MS is no longer present in the network.This will effectively prevent the
> delivery of all mobile-terminated (MT) services, such as SMS, voice calls,
> CSD, ...".
> Following the theory i've better understood how it works [1]*, but still i
> have some questions for you:
> - what could happen if i will clone one SIM (Ki, IMSI) and use it to
> register on the same network, but on different BTS/LAC, two phones? Which
> will be rejected as first? Or both?

I can't tell about this attack, but from my experience with using
cloned SIM-cards in the real network, The last phone who did a call
receives incoming calls. If this (last active) phone is turned off
then the second phone doesn't receive incoming calls at all until it
does something. And I think this is a natural behavior, because it may
happen that some phone loose its battery, then you take SIM off and
insert in an other phone, and it should work - and the case with two
cloned SIM-cards looks about the same to an operator.

PS To make it clear, I cloned my own SIM-cards, because I used
multi-SIM card with several numbers on a single SIM. So nothing really

Alexander Chemeris.

More information about the baseband-devel mailing list