[bvinc]

Can someone please explain to me why this cell security problem seems to be completely ignored? If encryption algorithms are broken, they're phased out and untrusted. But if 2g is insecure, there's not a single peep from networks or phone manufactures or Google or Apple about phasing out 2g. There isn't even an option to disable it.

Why don't towers have a sort of encryption certificate verifying they're legit?

Why doesnt my cell provider just provide my phone a list of it's legit towers?

I can think of so many ways to solve this problem. But it's super hard to find any information if how this all works.

[noselasd]

> Why don't towers have a sort of encryption certificate verifying they're legit?

Pushback from various parties/regimes to keep this out of the standards. (e.g. the brits pushed back against strong encryption in the 1. GSM standards, https://www.aftenposten.no/verden/i/Olkl/Sources-We-were-pre... , and this has gone round to other countries pushing back in all kinds of ways since then.)

> Why doesnt my cell provider just provide my phone a list of it's legit towers?

It does, but not securely, so it can be faked. And since the towers does not authenticate themselves to the phone, you can just pretend to be a tower anyway.

> I can think of so many ways to solve this problem. But it's super hard to find any information if how this all works.

Sure, there's numerous ways to solve this - but there is little incentives to do so. it does get somewhat better - LTE can authenticate the network to the phone. But then there are countries where it's illegal to encrypt the public phone networks, so the protocol specs include an option to just disable this mechanism alltogether.

- Phone manufactures want to make their phones work everywhere, and the standards make them have all kinds of fall back mechanisms. So new LTE phones supports everything from LTE to the oldest GSM standards - they don't want a reputation of their phone not working when traveling to XXX.

- Telco companies gets pushback from governments, or in most cases around the world are owned and operated by governments - and they want backdoors into networks for surveillance.

- Telco equipment manufactures just make equipment that the telco companies wants. While all the standards for all the protocols and mechanisms work, they are product of a design-by-commitee, mostly made up by telco companies and telco manufacturers.

[rsync]

"I can think of so many ways to solve this problem. But it's super hard to find any information if how this all works."

LTE and 3G solve the problem of authentication and encryption with the tower - the problem is that an attacker can, through interference or other means, force your handset to downgrade to 2G operation.

There is a very, very simple solution to this: display an icon/error when you downgrade to 2G and an even bigger icon when your 2G connection has no encryption (which is a valid option for a 2G connection).

This would be trivially simple but for reasons that are difficult to understand, phone OS and SIM providers do not do this.

"But it's super hard to find any information if how this all works."

I would recommend viewing/listening to the CCC (Congress) talks on GSM subjects that have been given over the last ten years. The osmocom "baseband-devel" is also a good mailing list to read the archives of ...

[munin]

> But if 2g is insecure, there's not a single peep from networks or phone manufactures or Google or Apple about phasing out 2g. There isn't even an option to disable it.

Good news I guess: AT&T turned off their 2G in December of 2016: https://www.att.com/esupport/article.html#!/wireless/KM10848...

It caused a bit of a stir in the alarm system market, because so many of the alarm panels connected to the home office via embedded 2G modems.

[libdjml]

I’ll take a wild guess:

* a lot of legacy kit that’s expensive and hard to upgrade

* lots of things rely on backward compatibility

* attacks are still too difficult/expensive to the point that only hushed adversaries are performing attacks

* lack of motivation from cell providers

[droopybuns]

I think there is a perfect storm of savant security nerds with piss-pour communications skills and telcos over-indexing on mba/finance leadership.

The security nerds make blustery comments that “anyone with motivation and a couple g’s worth of gear can target ANYONE.”

There are a bunch or problems with this argument. Gnuradio is not easy. You need to be in radio proximity to your target. Targeting someone requires some homework and luck (converting msisdn to timsi isn’t trivial. It’s doable, but the nerds double down on trivial, burning credibility by claiming triviality that can easily be argued against by half-wits.). The mbas (whose job it is to move the needle on billion dollar businesses) are getting asked to add expenses that require new software at the base stations, replacement of mobile endpoints, Break roaming and generate NO ADDITIONAL REVENUE BECAUSE CONSUMERS DONT REALLY CARE ABOUT SECURITY.

What would you do? These are not the best and brightest. They have built careers in avoiding risk.

The MNOs have a serious culture problem. The single best solution would be to incentivize competition, but the only thing the SV people want is net neutrality, which only entrenches the established players.

We only have ourselves to blame for this mess. The moves that would resolve this problem: taking on risk that most wont recognize will not move the needle in the right direction. Consumers think mobile internet is too pricey- they won’t pay more for security. The solution creates costs. We are doomed.

[lostlogin]

> piss pour

Eww. That’s nasty. ‘Piss poor’ is likely the phrase you’re looking for.

[obmelvin]

Naive question: how does net neutrality entrench companies? To me it seems the opposite, the more you can pay the better service your company can offer which directly benefits larger entrenched companies, no?

[droopybuns]

Imagine deciding to run a local ISP for 300 homes in your neighborhood. You don't know if all 300 will sign up for service. You don't know how long it will take to get to 300.

Do you pay for peering agreements that will meet the demands of 300 homes for the two years it will take to get there, or do you try to build up gradually? Will you be in a situation where you can't meet your existing customers' demand? Who will have leverage in that next peering agreement? It's clearly the entrenched backhaul provider.

If you have some ability to steer & prioritize traffic, you will have some wiggle room when it comes time to negotiate your next agreement. With net neutrality concepts- you lose that tool. You're totally dependent on the accuracy of your traffic predictions & the peering partner has a significant negotiating advantage.

You're going to take on the risk of digging trenches & negotiating peering agreements for underserved, rural or suburban locations. You're going to need a mass of homes to agree to the trenching & installation. You're going to have to negotiate labor for digging these trenches & laying cable in a way that will resist water damage & other threats.

All of this sucks and is hard.

>>the more you can pay the better service your company can offer which directly benefits larger entrenched companies, no?

I don't believe that anyone really wants to rate websites differently than they already are (via peering arrangements- which are how the Internet works, folks). But the argument that most people want to make is that ISPs will block access to example.com. The best example of access to a website being cut off I can point to is google's decision to block Amazon devices from accessing youtube.com.

If no ISP is doing this kind of blocking, then what's the point of exposing ISPs to risk of unfounded claims from random customers that you are violating net neutrality principals? Do you now need to absorb the cost of Audits to prove you're not? Digging trenches is hard, expensive & risky. What happens when you pile on more regulations?

Who is excited to get into this business? The established providers already have legal teams & are prepared to deal with legislators. Startup ISPs are annoying bugs that can easily be crushed with regulatory pressure. Add "ability to absorb regulatory & legal tangles" to your list of runway calculations.

All I see are increasingly challenging hurdles for startup ISPs that need pricing flexibility to manage the early, high risk tasks of starting an ISP.

[chisleu]

It's not the algo. The keys are the problem

[BuildTheRobots]

Actually with 2G (especially A5/0, /1, /2), it's very much the algorithm that's the problem.

A5/2 which is the precursor to the encryption used for 3G and LTE is a lot better but there's still issues that are only just coming to light.

[chisleu]

I'm referring to modern networks. 2G is deprecated and going bye bye very soon.

For 3G/4G/LTE, the issue is the home cell sites host the keys and people exploited those devices to create the DIY stingrays.