[stefan_]

We have SIM cards for 30 years to authenticate unique users to the network, but those same cards can't authenticate the network? No, this is entirely by choice and could have been trivially solved. They just forgot the "server certificate" part.

[dunmalg]

I'd say it's less a "choice" than an "oversight". SIM cards solve the problem of "how do we know if Random Phone is attached to an account and the bill is paid?" The question of "how does the phone know it's talking to a real tower" was never even ASKED, as the very idea would have seemed preposterous.

[foobarian]

This happened with networked OSes too. There was a time when Ethernet jacks were trusted unconditionally and hosts could be authenticated by their IP address or worse. NIS used to use the "honor system." Great fun in college in the 90s :-)

[JacksCracked]

The movie War Games came out 36 years ago, so the claim that no-one was even asking themselves about the value of authentication in public services all these years seems preposterous.

[aeternum]

This would make features like free roaming much more difficult to implement. If given the choice, most people would probably opt for coverage over security.

Also, why couldn't law enforcement simply coerce the cellular carriers to sign their stingray cert? It's been known to happen for SSL: https://arstechnica.com/information-technology/2010/03/govts...