Real-world: How SUCI prevents IMSI catching

The 4G Vulnerability

IMSI catchers have been used by law enforcement and malicious actors for decades. In 4G, the attack is straightforward: a rogue base station sends an Identity Request asking for the IMSI. The UE has no choice but to respond with its permanent identity in cleartext because the protocol mandates it before security is established. The attacker captures the IMSI of every device in range, enabling subscriber tracking, movement profiling, and in some cases call interception. Commercially available IMSI catchers made this attack accessible to anyone with modest technical resources.