‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, January 28, 2020 7:16 AM, jim bell <jdb10987@yahoo.com> wrote:
WIRED: One Small Fix Would Curb Stingray Surveillance. https://www.wired.com/story/stingray-surveillance-cell-tower-pre-authenticat...
''' The telecom and tech industries could overcome these challenges if they decided to prioritize a fix. That's a big if. Nasser points to a solution that would [function a lot like HTTPS web encryption](https://www.wired.com/2016/04/hacker-lexicon-what-is-https-encryption/), allowing phones to quickly check cell tower "certificates" to prove their legitimacy before establishing a secure connection. Last year, Hussain and colleagues from Purdue and the University of Iowa [developed and proposed](https://dl.acm.org/doi/10.1145/3317549.3323402) such an authentication scheme for the bootstrapping process in 5G. "As long as phones will connect to anything advertising itself as a tower, it’s kind of free-for-all," Nasser says. "This problem is big low-hanging fruit, and there are many ways things could get better I think." ''' never gonna happen :( would be nice, though... this is a warning for lawful access to encryption; once you've compromised a system "for official purpose" it's compromised forever. best regards,