I don’t understand why cell phones don’t authenticate the towers they connect to. Is this really just a “standards lag behind modern security” thing, or is it on purpose to allow these Stingray devices to be used?
IMEI/IMSI are collected (and immediately linked, hence deanonymized even if SIM was inserted only once) by cell tower operators. Just not bring your device, period.
Yeah, I agree with that personally, but realistically, “your phone was near a place” is not the same as “you were involved”. If they hijack a phone onto a Stingray, they can get way more info than just IMEI.
The use of Stingray by US law enforcement has been challenged on grounds that the law enforcement agencies have no spectrum license. Those challenges seem not to have found success.
On the other hand, prisons in the US have been stopped from operating cell phone jammers on prison grounds, on the same complaint of no spectrum license.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
I don’t understand why cell phones don’t authenticate the towers they connect to. Is this really just a “standards lag behind modern security” thing, or is it on purpose to allow these Stingray devices to be used?
IMEI/IMSI are collected (and immediately linked, hence deanonymized even if SIM was inserted only once) by cell tower operators. Just not bring your device, period.
Yeah, I agree with that personally, but realistically, “your phone was near a place” is not the same as “you were involved”. If they hijack a phone onto a Stingray, they can get way more info than just IMEI.
Think long term movement patterns, correlations with others such, anomaly detection.
I believe it’s because they assume it’s not necessary because it was until now
… so I imagine there was no authentication because there was no practical threat beside few “fun” examples in CCC or DEF Con.
The use of Stingray by US law enforcement has been challenged on grounds that the law enforcement agencies have no spectrum license. Those challenges seem not to have found success.
On the other hand, prisons in the US have been stopped from operating cell phone jammers on prison grounds, on the same complaint of no spectrum license.
Even if they did, I don’t see government having trouble getting a proper authentication key.
I assume on purpose