WingNews logo WingNews
top | item 40643537

(no title)

LZ2DMV | 1 year ago

The problem is mostly the insecure defaults. Every modern phone is configured to be backward compatible and connect to an older generation of network if a newer generation is not present (like in the case of being deliberately jammed by an adversary). In 2G, mutual authentication is not existent, it happens only one way - only the network authenticates the handset. If you are close enough to the victim (only screaming louder, i.e. more power than the legitimate network, but from a significant distance doesn't work, because of the RTT of the signal - TDMA-based systems are very time-sensitive in nature), nothing prevents you from operating your own mobile infrastructure and disable any encryption (i.e. in 2G, during the handshake, you just say A5/0 - no encryption, to the handset) - you can not enable encryption anyway, because you do not have the corresponding key that is on the SIM card, only the legitimate carrier has that.

Whether or not the victim will be notified about the absence of encryption, depends on the state of a single bit on the SIM card [1]. In 99% of the cases, there is no warning that the handset is currently using A5/0.

From now on, you are at the grace of the rogue network operator - they can send you anything from any number, sit in the middle of every call and capture every frame of data.

I don't think the current level of technological education of the general public is enough for most of them to know why it is important to force your phone to work only with modern network standards and that is what police and other government agencies interested in operating IMSI catchers exploit.

[1] http://blog.taddong.com/2011/02/does-your-phone-warn-you-whe...

discuss

order

seabass-labrax|1 year ago

> ...that is what police and other government agencies interested in operating IMSI catchers exploit.

Is encryption really significant to whether or not the police are able to monitor cellular phones? As bandwidth is already centrally allocated, there is a limited number of legal cellular network operators, and a competent authority could already compel (indeed, could have already compelled) mobile operators to provide master keys and diversification information under the Snooper Charter 2016[1].

https://www.legislation.gov.uk/ukpga/2016/25/

LZ2DMV|1 year ago

This implies compliance with the law and a formal procedure, and an authority might not always follow the law for various reasons. At least the use of encryption means one is less likely to be a subject of surveillance in an unlawful manner.

Consider intelligence operation abroad, for example.