[alexvr]

What? Why doesn't it work like this:

Cell phones have SIM cards with an ID and a secret key. Cell service providers have a database of these SIM associations. Cell phones encrypt IP packets in their entirety with the symmetric key and send it as the payload of some cell protocol packet that might expose my ID, if anything. Assuming the cell provider is secure and not on the dark side, this is the safest part of my my packet's trip.

I don't understand how a cell-site simulator could see what websites I visit, much less the messages I send, without knowing my key. And it's not like one could trick my phone into thinking it's the actual cell site, because it won't be able to respond to my transmission with a message that my key can decrypt.

What the heck am I missing?

[kinghajj]

FBI: "Hey, cellular provider, give us the secret key and ID for X." Provider: "Sure, thing, just one moment." ... "Here you go."

---

Or, if your provider has a bit of a spine:

FBI: "Hey, cellular provider, give us the secret key and ID for X." Provider: "Got a warrant?" FBI: "No problem, give a half hour to call our go-to judge." / "No, but here's a NSL."

[doctorshady]

That's assuming that is even necessary. Harris made an upgrade to their Stingray equipment called Hailstorm that intercepts 3G and 4G standards.

[patcheudor]

2G ruins everything. It is effectively wide-open now and handsets will connect to the strongest connection. This is one of the oldest problems in cryptography. It doesn't matter how great the latest and greatest is so long as the old broken standard is still widely used and supported.

[droopybuns]

Until you can purchase a phone that is not compatible with 2g, you will always be at risk of fallback attacks.

It works sort of like what you are describing in 3g & 4g networks.

So to answer your question: You are missing phones that don't work on 2G (unless there is a function to disable it in a user-unfriendly engineering menu).

[nitrogen]

The ID is probably the most important thing for them to track.

[superuser2]

These devices do not necessarily have insight into the contents of your communications, their main feature is that they can uniquely identify and locate a phone.

[Sir_Cmpwn]

https://www.youtube.com/watch?v=DU8hg4FTm0g

I watched this DEFCON talk a while ago. Not sure if it's still relevant, but it is quite worrying.