Comment 2PB Re: Higher level of user control reqd


Meet the Stingray


Higher level of user control reqd (Score: 2, Insightful)

by on 2014-07-28 06:24 (#2NZ)

Just another example why why users need root access to their device by default. Also a good case for inbuilt firewall and permissions denied by default.

Re: Higher level of user control reqd (Score: 3, Interesting)

by on 2014-07-28 20:29 (#2PB)

Last I looked (and I might be wrong, IANACellTowerEngineer), the software wouldn't matter. This is about the "nearest tower" being replaced with a virtually identical tower for a MITM attack. They're not only legal (for now), they're a hardware commodity. How do you think people get cell service inside a big metal office building? They put the hardware up at the location. It's even available as a rentable device - having a big event in the middle of nowhere and want cell access? Get a truck to come by and put up a mobile cell tower. The LEO version just happens to have a "oh, and also record everything that's going through this tower while you're transmitting" function, plus some software that lets them sort out the massive pile of unrelated data they've just sucked out of the air.

No, what we need is device-level end-to-end in-call encryption. Quite a few projects are working on this or have already implemented it; this is a known vulnerability that corporations and TLAs already attempt to address. (After all, if they can "sting" normal citizens, they need to make sure some foreign spy isn't doing it to them.) Encrypted phone calls are certainly possible, though expensive when I last looked into it, and were common years ago. Of course, that doesn't save you from the location triangulation problem - but then, better not to use cellphones at all if you're worried about being physically found.

Is this just now coming to people's attention somehow? Or have I missed something new about this story? This is a nice writeup, though, kudos for that. I guess it's good that the issue is getting more attention no matter what - this sort of thing needs to end.


