Downgrade Attacks
Downgrade attacks force mobile devices to connect to older, less secure network technologies (2G) where encryption is weaker and easier to break, enabling various attack vectors.
- Exposure to weak 2G encryption
- Vulnerability to IMSI catcher attacks
- Increased susceptibility to interception
- Bypass of modern security features
- Denial of high-speed data services
- Selective jamming of 3G/4G/5G frequencies
- Fake BTS advertising only 2G support
- Protocol manipulation to force downgrade
- Exploiting automatic network selection
- Combining with IMSI catcher for full attack chain
- 1Deploy jamming equipment for 3G/4G/5G bands
- 2Set up fake 2G BTS with strong signal
- 3Wait for devices to downgrade automatically
- 4Capture connections on 2G network
- 5Execute secondary attacks (IMSI catching, interception)
- 6Maintain downgrade to prevent re-upgrade
- Disable 2G in device settings (LTE-only mode)
- Use network selection to prefer 4G/5G
- Monitor for unexpected network changes
- Implement network-level downgrade detection
- Use encrypted communication apps regardless of network
- Deploy 2G sunset policies in networks
- •IMSI catcher operations forcing 2G connection
- •Surveillance operations at public events
- •Border control and customs enforcement
- •Corporate espionage at conferences
- •Government surveillance programs
IMSI Catching
IMSI catchers are rogue base stations that trick mobile devices into connecting to them, allowing attackers to capture International Mobile Subscriber Identity (IMSI) numbers and intercept communications.
A5/1 Encryption Breaking
A5/1 is the encryption algorithm used in 2G GSM networks. Due to its weak 64-bit key and known vulnerabilities, it can be broken in real-time to decrypt voice calls and SMS messages.
Fake BTS Attacks
Fake Base Transceiver Station (BTS) attacks involve deploying rogue cell towers that impersonate legitimate network infrastructure to intercept communications and perform man-in-the-middle attacks.