[rival_elf]

I work in the field of cell network security research and want to help clear up some misinformation I'm seeing in these comments.

First, I just want to highlight that reason cell site simulators (the more general term for StingRays/IMSI-catchers) exist is because cell phones cannot authenticate all messages coming from cell towers. I'm seeing some vague comments about "a lack of encryption", but it's primarily more of an authentication issue.

You can read more about why it's primarily an authentication issue + how some of the relevant types of cell network attacks work in this technical post I wrote for EFF: https://www.eff.org/wp/gotta-catch-em-all-understanding-how-...

There are some interesting proposals for fixing this lack of authentication using a certificate-based PKI system, the most promising being this paper from Purdue: https://relentless-warrior.github.io/index.php/publications/.... This solution is very far from production-ready, but it's a much-needed step in the right direction.

[stefan_]

We have SIM cards for 30 years to authenticate unique users to the network, but those same cards can't authenticate the network? No, this is entirely by choice and could have been trivially solved. They just forgot the "server certificate" part.

[dunmalg]

I'd say it's less a "choice" than an "oversight". SIM cards solve the problem of "how do we know if Random Phone is attached to an account and the bill is paid?" The question of "how does the phone know it's talking to a real tower" was never even ASKED, as the very idea would have seemed preposterous.

[foobarian]

This happened with networked OSes too. There was a time when Ethernet jacks were trusted unconditionally and hosts could be authenticated by their IP address or worse. NIS used to use the "honor system." Great fun in college in the 90s :-)

[JacksCracked]

The movie War Games came out 36 years ago, so the claim that no-one was even asking themselves about the value of authentication in public services all these years seems preposterous.

[aeternum]

This would make features like free roaming much more difficult to implement. If given the choice, most people would probably opt for coverage over security.

Also, why couldn't law enforcement simply coerce the cellular carriers to sign their stingray cert? It's been known to happen for SSL: https://arstechnica.com/information-technology/2010/03/govts...