In mobile communication networks today, mobile devices or other user equipment (UE) connect to the network by attaching to a particular base station or other access point. Typically, access point devices periodically transmit a broadcast message that includes a public land mobile network (PLMN) identifier that identifies a particular provider network as well as certain communication, operational, and other parameters. UE devices that receive this broadcast message can verify whether the PLMN identifier matches its own associated network and, if so, select the access point device in order to connect to the mobile network. Upon selection of a particular access point device, the UE and the access point device engage in a handshaking procedure and exchange numerous messages.
Since the PLMN identifier is public knowledge and further many of the parameters can be discovered via eavesdropping/sniffing techniques, rouge base stations are able to transmit a broadcast message that appears to the UE to be legitimate. Thus, the UE may attach to the rogue base station instead of a legitimate base station. Once attached to the rogue base station, the UE is exposed to numerous threats and both the UE and the legitimate mobile network carrier can suffer undesirable consequences.