Abstract: Certain aspects of the present disclosure provide a method of wireless communications at a user equipment (UE), generally including detecting, within a period, a number of indications for modification to system information from a cell and performing one or more actions, after the detection, to prevent the UE from attempting to access the cell.

Abstract: Various embodiments may include methods and systems for avoiding connecting an illegitimate call within a telecommunications network. Various embodiments may include receiving, from a telecommunications network, an incoming call initiating message notifying the first wireless device of an incoming call, in which the incoming call initiating message includes caller information.

Abstract: Various embodiments include methods, components and wireless devices configured to identify illegitimate base station. The processor of the wireless device may determine that a device in communication with the wireless device is a suspect base station. The processor may send a fabricated message to the device, and may receive one or more response messages from the device. The processor may determine whether one or more of the response messages received from the device is an appropriate response or an inappropriate response to the fabricated message. In response to determining that a response message is an inappropriate response, the processor may determine that the device is an illegitimate base station. In response to determining that the device is an illegitimate base station, the wireless device may perform a protective action.

Abstract: Methods for countering a shared paging channel hijack attack. In an example embodiment, a wireless device may monitor the shared paging channel during a paging occasion in a DRX cycle to detect a first IMSI-based paging message in the paging occasion, and continue monitoring for IMSI-based paging in subsequent radio subframes in the paging frame and radio subframes in subsequent radio frames within the DRX cycle to determine whether there are indications of a paging channel hijack attack. In an example embodiment, this monitoring may be to determine whether one or more subframes that are not the paging occasion receive IMSI-based paging messages, in response to which a threat probability may be increased. The wireless device may perform an operation (e.g., an actuation operation such as disabling monitoring of, and preventing connection attempts to, the base station, etc.) to protect against a shared paging channel hijack attack.

Abstract: In various embodiments, a wireless device processor may determine a threat score for a first cell, determine whether the first cell threat score is below a first threat score threshold, update a good neighbor cell data structure using neighbor cell information from the first cell in response to determining that the first cell threat score is below the first threat score threshold, performing cell reselection to a second cell, determine whether the second cell transmits a system information block message indicating fake neighbor cell information, and increase a threat score for the second cell in response to determining that the second cell provides the SIB message indicating fake neighbor cell information and that a good neighbor cell data structure includes an indication of one or more good neighbor cells that are within the time threshold and the location threshold and doing countermeasures in a response to the determination.

Abstract: Various embodiments include methods, components and wireless devices configured to identify illegitimate base station. The processor of the wireless device may determine that a device in communication with the wireless device is a suspect base station. The processor may send a fabricated message to the device, and may receive one or more response messages from the device. The processor may determine whether one or more of the response messages received from the device is an appropriate response or an inappropriate response to the fabricated message. In response to determining that a response message is an inappropriate response, the processor may determine that the device is an illegitimate base station. In response to determining that the device is an illegitimate base station, the wireless device may perform a protective action.

Abstract: Methods for detecting and responding to unauthorized alert messages. In an example embodiment, a wireless device may detect a first system information block (SIB1) broadcast from a base station that includes an alert message flag that indicates that an emergency alert message is scheduled for broadcast in another system information block (e.g., in one of SIBs 10-14, etc.). The wireless device may detect an unauthorized alert based on inconsistent inputs from various base stations, and the server may detect fake or unauthorized base stations or detect unauthorized alerts based on inconsistent inputs from various UEs about same Cell ID, or same PLMN and geolocation, etc.

Abstract: A method of detecting compromised message information includes: wirelessly receiving, at a mobile wireless communication device, present unprotected information and present protected information; retrieving previous unprotected information, corresponding to the present unprotected information, and previous protected information, corresponding to the present protected information, from a memory of the mobile wireless communication device; comparing the present unprotected information to the previous unprotected information to determine that an unprotected information change has occurred; comparing the present protected information to the previous protected information to determine whether a protected information change has occurred; and determining that the present unprotected information is valid in response to the protected information change having occurred and being consistent with the unprotected information change, or that the present unprotected information is invalid otherwise.

Abstract: Methods for countering a shared paging channel hijack attack. In an example embodiment, a wireless device may monitor the shared paging channel during a paging occasion in a DRX cycle to detect a first IMSI-based paging message in the paging occasion, and continue monitoring for IMSI-based paging in subsequent radio subframes in the paging frame and radio subframes in subsequent radio frames within the DRX cycle to determine whether there are indications of a paging channel hijack attack. In an example embodiment, this monitoring may be to determine whether one or more subframes that are not the paging occasion receive IMSI-based paging messages, in response to which a threat probability may be increased. The wireless device may perform an operation (e.g., an actuation operation such as disabling monitoring of, and preventing connection attempts to, the base station, etc.) to protect against a shared paging channel hijack attack.