Two attacks were conducted using off-the-shelf kit and a rooted — or modified — femtocell unit which broadcasted a 3G signal. The attacks were made by intercepting, altering and injecting 3G Layer-3 messages into communication between the base station and mobile phones in both directions.
The researchers wrote that the attacks could be used to track staff movements within a building.
“[The employer] would first use the femtocell to sniff a valid authentication request. This could happen in a different area than the monitored one. Then the employer would position the device near the entrance of the building. Movements inside the building could be tracked as well by placing additional devices to cover different areas of the building,” they wrote.