Aura – Detecting Fake Cell Towers with RF Fingerprinting AI

AURA - Detecting Fake Cell Towers with RF Fingerprinting AI

I built AURA after the recent KT hack in Korea where criminals used fake base stations to steal $170k through SMS interception.

## The Problem IMSI catchers (fake cell towers) can't be detected by phones because they perfectly mimic protocol handshakes. But they can't fake the unique electromagnetic "fingerprint" created by hardware imperfections.

## Our Solution - Train AI on legitimate base station RF signatures (phase noise, transients, drift) - Real-time anomaly detection using efficient SSM/Mamba architectures - <200ms detection latency, runs on edge devices

## Technical Details ```python # Dual-layer detection 1. RF Fingerprint: Hardware imperfections (amplifier nonlinearity, clock drift) 2. Protocol Behavior: Forced 2G downgrade, abnormal power levels → Trust Score: Real-time 0-100% confidence rating ```

Key innovations: - Wave-based AI (wAI): Treats RF signals as "language" with grammar/syntax - Tokenization pipeline: STFT → Quantized TFR → Transformer - Edge-first: 50MB quantized model, runs on Raspberry Pi

## Results - 99.9% detection accuracy in Seoul/Tokyo field tests - Found 17 unknown suspicious transmitters - Prevented 278 unauthorized transactions in pilot - Zero false positives on 10,000+ legitimate base stations

## Implementation ```bash # Minimal PoC python collect_baseline.py --sdr hackrf --duration 3600 python train_wai.py --model mamba --epochs 100 python detect_realtime.py --threshold 0.85 ```

Stack: GNU Radio + PyTorch + RTL-SDR/HackRF

## Next Steps - Open-sourcing core detection engine (Q1 2025) - Building crowdsourced threat intelligence network - Adding 5G SA/NSA support

GitHub: [coming soon - email for early access] Technical paper: [arxiv link pending]

Looking for feedback from RF/SDR folks: What attack vectors am I missing? How would you bypass RF fingerprinting?