top | item 12848686

(no title)

rupellohn | 9 years ago

For 3G/4G networks there is strong mutual authentication between the device and the network, for 2G(GSM) networks only the device is authenticated so these interception devices work by jamming the 3G/4G bands forcing the device onto the (fake) 2G network.

discuss

mmagin|9 years ago

And in the world of TLS, this is called a downgrade attack and treated as a serious problem...

vog|9 years ago

Indeed! A very good advice that read on this topic was this one:

As a rule of thumb, any security protocol that contains lots of "MAY" parts (options) in its specification is suspicious. Even more so if the security layer itself is optional. Ideally, a security protocol contains no "MAY" parts, not even "SHOULD" parts, but only "MUST" parts.

(Not sure where I read this, or who wrote that. So I'm paraphrasing it here. Maybe it's common sense without a single attributable source.)

leeoniya|9 years ago

there's a feature in cell modems that can indicate radio link encryption/auth..put on tinfoil hat...and it's disabled in pretty much all phone firmware

http://www.jmeds.eu/index.php/jmeds/article/view/Enabling_th...

https://github.com/PrivacyCollective/Android-CipheringIndica...

leeoniya|9 years ago

https://code.google.com/p/android/issues/detail?id=5353

DasIch|9 years ago

What's the point of such a feature anyway? I don't want my phone to even connect to such tower, just tell me there is no service available.

unknown|9 years ago

[deleted]

guelo|9 years ago

Which makes me wonder how Stingray/Hailstorm works. Does Harris Corp have a universal key for LTE?

digi_owl|9 years ago

Best i can tell, stingray is a passive device.

It just use a directional antenna to listen for the "keepalive" exchange between cell tower and device, focusing on a specific IMSI.

Also, even if your device is currently using LTE or similar, the GSM (or whatever 2G radio it has) will still be on and talking to the relevant network (unless you specifically tell the device otherwise, and the OEM allowed you to). This to provide a smoother handover should the LTE signal drop too low.

Hailstorm on the other hand is basically a jammer tuned to 3G and 4G frequencies, thus forcing any devices in range to drop down to 2G. For the general public a jammer would be a big nono, but law enforcement is a different matter.

unknown|9 years ago

[deleted]

digi_owl|9 years ago

Could have sworn that even though a more recent network is the preferred one at that time, the older ones are still connected and listening to provide a smoother handover experience.

Depending on the device you may be able to tell it to use newer network only though (my somewhat aging Android device can opt for UMTS only for example).

Tharkun|9 years ago

Indeed. But I haven't come across any phones that let you specifically disable 2G(GSM). Most let you disable 4G or 3G, or let you prioritise one over the other, but disabling 2G altogether seems to be missing.

ac29|9 years ago

On Android dial [star]#[star]#4636#[star]#[star] in the phone app and you can change what types of cell networks can be connected to. Apparently doesn't work on all phones, but definitely works on my stock Nexus 5X on Android 7.

MrRadar|9 years ago

My Blackberry Priv lets me select any combination of LTE, 3G, and 2G. I currently have it set to use LTE and 3G only. That's the only phone I've seen with that feature, though.