|
|
|
|
|
|
by mike_hearn
4235 days ago
|
|
|
It's already fixed (I think) from UMTS upwards. In GSM (2G) the tower authenticated the handset but not vice versa. In UMTS+ the authentication is mutual. To impersonate a cell tower you would therefore need to be able to sign with the carriers signing keys. One of the most interesting and unreported aspects of these Stingray boxes is how they handle the 2G/3G divergence here. In the USA there's also CDMA to think about and I don't know how that handles authentication, if at all. I suspect such IMSI catchers emulate a GSM base station and possibly jam 3G frequencies to try and force phones to downgrade. I don't think there's any way to tell phones to never use GSM even if it's the only option, but if there was, I suspect that'd "fix" things (except most people wouldn't know about or use them). Ultimately the only thing that can stop this is a phasing out of 2G entirely but that won't happen any time soon, and even once it's done, by that point law enforcement will have got used to the ability to just follow everyone around all the time and would insist that they MUST be able to use these devices otherwise chaos and anarchy would follow, so they'd probably mount a vigorous lobbying campaign to get the signing keys. |
|
|
https://news.ycombinator.com/item?id=8607062
discusses police departments purchasing equipment that will work with phones that can't be forced to 2G (partly in anticipation of carriers switching 2G off).