To address the lack of low-latency, scalable cellular monitoring systems for sensitive areas—resulting in failure to promptly block unauthorized mobile access and data exfiltration prior to connection establishment—this paper proposes LTag, the first operator-free, pre-connection cellular monitoring system. LTag integrates downlink protocol parsing with uplink signal feature analysis to construct a distributed multi-point sensing framework; it further combines spatial signal modeling and distributed aggregation to enable millisecond-scale source localization and real-time decision-making. Experiments demonstrate that LTag achieves geographic source localization within 2.3 ms and sub-second geofencing response, effectively blocking unauthorized communications. Its core contribution lies in overcoming the limitations of conventional approaches—namely, reliance on carrier cooperation or post-connection detection—by enabling low-latency, highly scalable, and collaboration-free cellular-layer defense at the pre-connection stage.

The widespread availability of cellular devices introduces new threat vectors that allow users or attackers to bypass security policies and physical barriers and bring unauthorized devices into sensitive areas. These threats can arise from user non-compliance or deliberate actions aimed at data exfiltration/infiltration via hidden devices, drones, etc. We identify a critical gap in this context: the absence of low-latency systems for high-quality and instantaneous monitoring of cellular transmissions. Such low-latency systems are crucial to allow for timely detection, decision (e.g., geofencing or localization), and disruption of unauthorized communication in sensitive areas. Operator-based monitoring systems, built for purposes such as people counting or tracking, lack real-time capability, require cooperation across multiple operators, and thus are hard to deploy. Operator-independent monitoring approaches proposed in the literature either lack low-latency capabilities or do not scale. We propose LTag, the first low-latency, operator-independent and scalable system designed to monitor cellular connections across all operators prior to any user data transmission. LTag consists of several downlink sniffers and a distributed network of uplink sniffers that measure both downlink protocol information and uplink signal characteristics at multiple locations to gain a detailed spatial image of uplink signals. LTag aggregates the recorded information, processes it, and provides a decision about the connection all prior to connection establishment of a UE. To evaluate LTag, we deployed it in the context of geofencing, where LTag was able to determine if the signals originate from inside or outside of an area within 2.3 ms of the initial base station-to-device message, therefore enabling prompt and targeted suppression of communication before any user data was transmitted.