Fingerprinting of Cellular Infrastructure Based on Broadcast Information

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review


To avoid exploitation of known vulnerabilities, it is standard security practice to not disclose any model information regarding the antennas used in cellular infrastructure. However, in this work, we show that end-user devices receive enough information to infer, with high accuracy, the model-family of antennas. We demonstrate how low-cost hardware and software setups can fingerprint the cellular infrastructure of whole regions within a few minutes by only listening to cellular broadcast messages. To show the effectiveness and hence risk of such fingerprinting, we collected an extensive dataset of broadcast messages from three different countries. We then trained a machine-learning model to classify broadcast messages based on the model-family they belong to. Our results reveal a worryingly high average accuracy of 97% for model-family classification. We further discuss how inferring the model-family with such high accuracy can lead to a class of identification attacks on cellular infrastructure and we subsequently suggest countermeasures to mitigate the fingerprint effectiveness.

Original languageEnglish
Title of host publicationComputer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings
EditorsGene Tsudik, Mauro Conti, Kaitai Liang, Georgios Smaragdakis
Number of pages21
ISBN (Print)9783031514753
Publication statusPublished - 2024
Event28th European Symposium on Research in Computer Security, ESORICS 2023 - The Hague, Netherlands
Duration: 25 Sept 202329 Sept 2023

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14345 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference28th European Symposium on Research in Computer Security, ESORICS 2023
CityThe Hague

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.


Dive into the research topics of 'Fingerprinting of Cellular Infrastructure Based on Broadcast Information'. Together they form a unique fingerprint.

Cite this