West Science Information System and Technology Vol.
No.
April 2025, pp.
Field Measurement Results on the Presence of Rogue Base Stations (Fake BTS) in Urban Areas Mahadi Pardede Universitas Pendidikan Indonesia
Article Info
ABSTRACT
Article history:
This research examines the presence and technical characteristics of rogue base stations .
llicit BTS) through empirical field assessments conducted in densely populated urban environments.
By employing a spectrum analyzer alongside the G-NetTrack application across frequency ranges extending from 900 to 2300 MHz, the investigation revealed signal anomalies that are suggestive of unauthorized base station operations.
The signals that were detected displayed abnormal intensities coupled with variable stability, abrupt shifts from 4G/5G networks to 2G networks, and discrepancies in cell ID and network identity parameters (MCC.
MNC.
LAC).
These attributes imply coerced connections to illegitimate transmitters.
The rogue BTS units were predominantly located in close proximity to governmental offices, commercial hubs, and public venues, thereby indicating a potentially strategic deployment approach.
The results underscore the critical necessity for the implementation of early detection systems and inter-agency cooperation to alleviate the risks associated with communication interception.
By furnishing technical indicators and empirical measurement data, this study contributes to the advancement of network security frameworks and informs policy formulation aimed at safeguarding cellular infrastructure.
Received April, 2025 Revised April, 2025 Accepted April, 2025 Keywords:
Rogue Base Station Fake BTS Detection Cellular Network Security Signal Anomaly Analysis Spectrum Monitoring This is an open access article under the CC BY-SA license.
Corresponding Author:
Name: Mahadi Pardede Institution: Universitas Pendidikan Indonesia Email: adipardede@upi.
INTRODUCTION
The rapid evolution of mobile technology has significantly altered the methodologies through which individuals information, and conduct digital transactions.
In light of the pervasive adoption of mobile phones, cellular networks have emerged as a critical pillar of digital infrastructure, facilitating a diverse array of activities encompassing economic transactions, social interactions, and governmental operations (ITU, 2.
In the Indonesian context, the importance of mobile networks is particularly accentuated, especially within sectors such as banking services, public utilities, and frameworks of national security.
As a result, the protection of these networks extends beyond mere technical concerns.
it is essential for safeguarding personal data, privacy rights, and the digital sovereignty of the nation (Zhou et al.
, 2019.
Nguyen.
Lin, & Li.
Rysavy, 2019.
Asokan et al.
, 2.
However, as the critical nature of these networks has escalated, their Journal homepage: https://wsj.
westscience-press.
com/index.
php/wsist West Science Information System and Technology A 25 vulnerability to various threats has simultaneously increased.
One of the most concerning developments is the rise of illicit surveillance devices, such as rogue base stations (RBS), informally known as fake BTS.
These devices allow unauthorized actors to impersonate legitimate base stations, thereby intercepting user communications without The seriousness of this threat is compounded by the reality that average users typically lack the ability to identify any anomalies, as there are no overt signs indicating that their devices have connected to a fraudulent BTS (Shaik et al.
, 2015.
Hussain et al.
, 2021.
Borgaonkar.
Redon, & Seifert.
From a national security standpoint, fake BTSs may be leveraged for activities such as espionage, data theft, information manipulation, and the disruption of strategic communications (Arik & Poznanski, 2016.
Abdalla & Tariq, 2023.
Hoang & Nguyen.
Unfortunately, existing detection mechanisms remain insufficient, and the infrastructure is marked by significant Moreover, frameworks have yet to fully adapt to the unique security challenges introduced by these rogue devices.
This predicament results in a considerable vulnerability within IndonesiaAos Addressing this issue cannot rest solely with telecom operators.
it requires a collaborative effort from regulators, law enforcement agencies, researchers, and stakeholders in the technology sector (Rupprecht et al.
, 2018.
Karim.
Fatima, & Shah, 2022.
Ismail & Ahmad, 2021.
Adepu & Mathur, 2.
Fake BTSs present a formidable They possess the ability to replicate legitimate signals, trick devices into forming connections with them, and subsequently intercept or manipulate communications.
Some of these devices are designed to track users' locations in real-time, disrupting access to authentic networks .
hereby creating denial-of-service situation.
, or injecting malicious content such as malware or phishing links (Park et al.
, 2020.
Dabrowski et , 2014.
Rupprecht et al.
, 2018.
Zhang.
Lin, & Shen, 2019.
Liu et al.
, 2.
In certain cases, these devices have been exploited by state actors for espionage activities (Marzouki et , 2021.
Han.
Wu, & Wang, 2022.
Liu.
Yang, & Shen, 2.
Despite the inherent risks, there is a significant lack of empirical investigation regarding the operational environments and prevalence of counterfeit base transceiver stations (BTS.
A considerable portion of the existing knowledge remains predominantly theoretical or extrapolated from simulations, primarily attributable to the difficulties in obtaining genuine incident data.
Operators often demonstrate hesitance in disclosing such events, and the technological tools necessary for identifying these illicit devices are not consistently available or user-friendly (Lanz et al.
, 2020.
Kim.
Lee, & Park, 2022.
Lashkari et al.
, 2020.
Letaief et al.
, 2.
This dearth of authentic data hinders the development of effective policies or technical Consequently, empirical field studies are critically needed to obtain an accurate, practical, and contextually nuanced understanding of the growing threat posed by illicit base stations.
LITERATURE REVIEW
1 Understanding Base Stations and Rogue BTS A Base Transceiver Station (BTS) constitutes a fundamental component within the cellular network architecture, serving as the intermediary between mobile devices and channel allocations, and facilitating cell handover operations.
Authorized BTS unitsAo function under the auspices of licensed mobile operators and are subject to regulation by national telecommunications authorities (Pemerintah Republik Indonesia, 1.
Conversely, a rogue base station (RBS)Ai commonly referred to as a counterfeit BTSAi represents an unauthorized apparatus that Vol.
No.
April 2025: pp.
West Science Information System and Technology A 26 replicates the functionalities of a legitimate BTS for nefarious objectives, including the interception of communications or the illicit collection of personal data (Shaik et al.
, 2015:
These fraudulent units attract proximal mobile devices by emitting signals of greater strength than those produced by legitimate BTSs, thereby exploiting weaknesses inherent (Rupprecht et al.
, 2018: .
They have been employed in a variety of scenarios, ranging from cybercrime and surveillance to political espionage (Marzouki et al.
, 2021: .
2 Second Previous Research on Fake BTS and Network Anomalies A burgeoning corpus of scholarly research has scrutinized the perils associated with malevolent Base Transceiver Stations (BTS).
For example.
Dabrowski et al.
illustrated the capacity of these devices to communications, as well as to monitor a user's geographical position in real-time.
Zhou et al.
9: .
underscored that such threats are populations including journalists, activists, and public officials.
Arik and Poznanski .
elaborated further, noting that the efficacy of counterfeit BTS attacks is primarily authentication protocols within mobile telecommunications networks.
In response to these challenges, researchers have investigated a variety of detection methodologies and instruments, including software-defined radios (SDR.
IMSI catchers, and signal scanning applications such as AIMSICD.
CellMapper, and G-NetTrack (Hussain et al.
, 2.
These instruments are predicated on technical parametersAinamely.
Mobile Country Code (MCC).
Mobile Network Code (MNC).
Location Area Code (LAC).
Cell ID, and signal strengthAito suspicious signal behavior (Dabrowski et al.
Notwithstanding empirical field investigations remain scarce.
Lanz et al.
highlighted that limited access to authentic incident data and a dearth of reporting from mobile network operators have obstructed substantive research efforts.
Consequently, numerous proposed detection methodologies tend to be either theoretical or simulation-based, rather than grounded in empirical field conditions (Kim.
Lee, & Park, 3 Theoretical Frameworks for Detection Two principal theoretical frameworks underpin the identification of illicit Base Transceiver Stations (BTS).
The initial framework is spectrum surveillance, which operates on the premise that all radio communications must adhere to authorized frequency allocations.
Any transmission manifesting outside of designated bands may be categorized as unlawful (Pemerintah Republik Indonesia, 1.
This paradigm depends on real-time monitoring mechanisms and official frequency registries to discern The subsequent framework is the intrusion detection paradigm pertinent to mobile telecommunications networks.
This methodology encompasses four fundamental phases: data acquisition of signals, analysis of behaviors, recognition of anomalies, and implementation of corrective measures (Abdalla & Tariq, 2.
A particularly efficacious strategy within this framework is the observation of "handover reject" incidents .
or instance, code cc.
, which signify attributable to unrecognized or invalid base When these two methodologies are integrated, they yield a robust framework for detectionAicapturing atypical signal intensity and anomalous Furthermore, they facilitate the advancement of artificial intelligence-enhanced detection systems that can adjust to empirical conditions by leveraging field data and fostering interoperator collaboration (Park et al.
, 2.
Vol.
No.
April 2025: pp.
West Science Information System and Technology METHODS This descriptive-exploratory methodology, with the objective of capturing and analyzing empirical data regarding the occurrence and conduct of rogue base stations .
llicit BTS) within urban settings.
The descriptive component facilitates a nuanced representation of the intricate technical characteristics of signal behavior, whereas the exploratory facet enables researchers to identify novel patterns and risks that may have previously eluded documentation.
This methodological approach is particularly apt for examining threats such as counterfeit BTS, which typically function in a clandestine manner and are infrequently reported.
The primary focus of this inquiry is the technical signal anomalies that may signify the operation of rogue base stations.
These anomalies encompass irregular signal strength, abrupt alterations in network identification codes, and atypical transitions among network types .
or instance, shifting from 4G or 5G to 2G).
Concurrently, the subjects of the investigation are the diverse cellular signals detected across the designated research locale.
The research was executed in Jakarta, the capital of Indonesia and one of its most densely interconnected cities.
Jakarta was selected due to its strategic significance as a national center for governmental operations.
These elements render it a probable target for unauthorized surveillance Although the precise dates of the study were not delineated, data collection occurred across a spectrum of locations within the city that were identified as high-risk or high-traffic zones.
To gather empirical data, the research team utilized two principal instruments.
Initially, a spectrum analyzer was employed to scan and monitor the radio frequency spectrum, thereby facilitating the detection of Subsequently, the G-NetTrack mobile application was installed on an Android
A 27
device to log technical signal parameters, which include signal strength (RSRP), signal quality (RSRQ), cell identity codes (Cell ID.
LAC).
GPS This comprehensive overviewAiboth from a broader frequency perspective and from the vantage point of a typical mobile device's While no formal sampling framework was delineated, the study adopted a purposive sampling strategy, intentionally concentrating on strategic urban locales where rogue BTS units would likely exert their efficacyAisuch as in proximity to governmental edifices, commercial districts, and public facilities.
Data collection involved the real-time monitoring of signal activity at these sites and the documentation of any suspicious patterns or anomalies.
Field observations were particularly attentive to signal behavior that diverged from anticipated norms, such as inconsistent signal strength, swiftly fluctuating BTS identifiers, and network downgrades that limited users to emergency call functionalities exclusively.
The amassed data underwent analysis utilizing a comparative and inferential methodology.
Recorded signals were juxtaposed against baseline parameters derived from recognized, legitimate base A multivariate model was employed to classify potential threats: if a signal exhibited more than four out of six critical technical anomalies, it was flagged as a probable rogue base station.
These indicators encompassed irregular RSRP/RSRQ values, discrepancies in network identity, and evidence of enforced downgrades.
This straightforward yet efficacious framework functions as an early detection system that, with further refinement, could evolve into an RESULTS AND DISCUSSION The findings of this investigation unequivocally demonstrate the existence of Vol.
No.
April 2025: pp.
West Science Information System and Technology A 28 rogue base stations .
llegitimate BTS) across multiple urban locales in Jakarta, identified through direct empirical measurements utilizing both spectrum analyzers and the GNetTrack application.
The information anomalous characteristics that significantly diverge from the norms associated with authentic cellular base stations.
These anomalies encompass abnormally elevated signal strengths .
anging from Ae60 to Ae70 dB.
, erratic network identifiers .
otably fluctuating Cell ID and LAC), and recurrent forced transitions from 4G or 5G networks to This regression frequently resulted in devices manifesting an Auemergency calls onlyAy status or led to recurrent call dropsAi indicators that strongly imply unauthorized Further scrutiny revealed that these irregularities were not randomly dispersed but were predominantly situated in proximity to pivotal locations, including government edifices, business districts, and public venues characterized by substantial communication This spatial distribution corroborates the hypothesis that rogue BTS units are strategically deployedAitargeting high-value purposes of interception, surveillance, or data Table 1 systematically contrasts the characteristics of signals originating from legitimate versus rogue BTS sources, accentuating distinct disparities in signal strength, stability, and network identifiers.
Figures 1 through 8 present spectrum visualizations across various frequencies .
MHz, 1800 MHz, 2100 MHz, 2300 MH.
, normative and suspect signals.
Notably, rogue BTS signals exhibit pronounced peaks and erratic waveforms, in stark contrast to the smoother, more consistent profiles observed in sanctioned transmissions.
investigations, the outcomes of this research substantiate existing literature concerning rogue BTS behaviors.
For example.
Shaik et al.
and Rupprecht et al.
identified analogous signal anomalies, including robust yet unstable signals and atypical network However, this study enriches the discourse by providing empirical field data from an Indonesian urban setting, which has been comparatively underrepresented in the prevailing literature.
Furthermore, the patterns discerned in Jakarta correspond with delineated by Marzouki et al.
indicating a calculated exploitation of densely populated communication zones.
The research also introduces a preliminary multivariate detection model, wherein signals that fulfill at least four out of six anomalous criteria are flagged as This establishes a foundational framework for the prospective development of automated early warning systems, particularly if integrated with machine learning algorithms trained on an expanding dataset of signal anomalies.
In summary, the findings substantiate the central research inquiry regarding the distribution of rogue BTS units.
The analysis accentuates the pressing necessity for enhanced regulatory frameworks, real-time telecommunications operators, regulators, and law enforcement to alleviate this threat.
These findings serve as both a technical reference and a policy foundation for fortifying cellular network security in Indonesia.
Vol.
No.
April 2025: pp.
West Science Information System and Technology A 29 Figure.
Measured results of 900 MHz radio frequency of the Official BTS Figure.
900 MHz from Fake BTS Figure.
Measured results of 1800 MHz radio frequency of the Official BTS Vol.
No.
Publish date: pp.
xx-xx West Science Information System and Technology A 30 Figure.
1800 MHz from Fake BTS Figure.
2100 MHz from Fake BTS Figure.
2100 MHz from Fake BTS Vol.
No.
April 2025: pp.
West Science Information System and Technology A 31 Figure.
2300 MHz from Fake BTS Figure.
2300 MHz from Fake BTS Vol.
No.
April 2025: pp.
A 32
West Science Information System and Technology Figure.
fake BTS indication of G-Nettrack application Table 1.
Comparative Analysis of Legitimate BTS and Rogue BTS Signal Attributes Technical Parameter Legitimate BTS Rogue BTS Frequency (MH.
900 / 1800 / 2100 / 2300 Same as legitimate BTS .
Signal Strength (RSRP) -80 to -95 dBm -60 to -70 dBm .
Signal Stability Stable Fluctuating / unstable Network Technology 4G / 5G 2G .
orced downgrad.
Cell ID Changes Relatively stable Frequent changes in a short time Network Status Connected, no errors Emergency call only, frequent call drops LAC/MNC/MCC Identification Registered and valid Does not match operator database Signal Quality (RSRQ) -8 to -11 dB 0 or unreadable Source: Field Measurement Data .
CONCLUSION This investigation substantiates the existence and strategic utilization of unauthorized base stations .
ounterfeit BTS) within the densely populated urban environment of Jakarta.
Employing field Vol.
No.
April 2025: pp.
West Science Information System and Technology A 33 measurements facilitated by spectrum analyzers and the G-NetTrack application, the research uncovered signals exhibiting anomalous characteristicsAisuch as excessive yet unstable strength, abrupt alterations in cell identity, and involuntary regressions to 2G networksAiwhich are symptomatic of illicit transmission sources.
These results address the fundamental research inquiry concerning the technical attributes and spatial distributions of rogue BTS operations.
The study not only catalogs the empirical presence of such threats in Jakarta but also elucidates how these entities exploit systemic authentication protocols.
The findings bolster the objective of furnishing empirical data that enhances the understanding, detection, and mitigation of counterfeit BTS threats within IndonesiaAos particularly within high-risk locales such as congregating spaces.
Furthermore, the revision of telecommunications regulations to encompass technical protocols for the identification and response to rogue BTS will be crucial.
Lastly, enhancing public awareness and conducting internal training for field engineers on the recognition and reporting of suspicious signal activity can further fortify the national cellular network defense Building upon these discoveries, it is concentrate on the development of integrated early warning systems that amalgamate realtime frequency monitoring with anomaly detection algorithms.
Telecommunications operators, regulatory authorities, and security agencies should engage in collaborative efforts to establish routine signal audits.
ACKNOWLEDGEMENTS We extend our heartfelt gratitude to all individuals who provided their unwavering support during the duration of this research Our profound appreciation is directed towards the technical and field teams, whose indispensable efforts were crucial in the acquisition of signal data from various urban locales in Jakarta.
Furthermore, we express our sincere thanks to duty executor head of radio frequency spectrum monitoring center class I Jakarta.
Head of Monitoring and Controlling Team SFR dan APT Balai Monitor SFR Kelas I Jakarta.
PFR Balai Monitor Kelas I Jakarta for granting access to the requisite tools and facilities that facilitated the execution of this study.
REFERENCES