"WIRED: One Small Fix Would Curb Stingray Surveillance.

One Small Fix Would Curb Stingray Surveillance '''The telecom and tech industries could overcome these challenges if they decided to prioritize a fix. That's a big if. Nasser points to a solution that would function a lot like HTTPS web encryption, allowing phones to quickly check cell tower "certificates" to prove their legitimacy before establishing a secure connection. Last year, Hussain and colleagues from Purdue and the University of Iowa developed and proposed such an authentication scheme for the bootstrapping process in 5G." "As long as phones will connect to anything advertising itself as a tower, it’s kind of free-for-all," Nasser says. "This problem is big low-hanging fruit, and there are many ways things could get better I think."

Authenticating to the tower doesn't get users one single bit closer to the trustable p2p e2e crypto required for actual security. Even if the entire ISO IETF IEEE EFF CCC stood and said "this new tower encryption is solid"... How soon people forget... The corrupt telcos gave everyone's ass away to govcorp, without even a corrupt fisa calea or criminal/civil warrant, many took a nice fee schedule for all that too. And the nsa and every other country just taps and dumps the unencrypted telco nodes / backhauls... into their own utah's. And telco employees get paid and moled out for hookers and blow. And 5G (4/3/2 too) is such fucked up spec and implementation they'll be press release self partying about their fake fixing of all the other intentional ecosystem firmware and signaling backdoors and bugs for the next 50 years. Not to mention telcos just swiss cheese privacy policy and NDA commercial contract your ass away like every other bigcorp RingFaceBoogleLexaDMV... Bypass that... Get a PSK, or voice confirmed TOFU, or use the software out there to do the key exchange over SMS... with all your call contacts. Plug that into phone app that sits on the audio bus or uses cell data IP, and ratchets out per session keys. With 4G and 5G making cell data reasonably cheap, and a somewhat more secure phone below, or better tethered to wifi hotspot or just plain wifi, things begin to become potentially usable for some everyday non critical use in 'smaller/cheaper/mobile than laptop' form factor. Thousands of people already do this.

A few years ago, I read that a disused, old cell phone (with no active subscription) would activate in the presence of one of these Stingray devices.

Stingray is MITM. GSM a5 encryption long since hacked. A recent hack documented phone exploitability over baseband SMS. Baseband is untrustable adversary CPU, if the phones block design leaves baseband powered up to battery even if asleep, and if such baseband has access to the phones hardware control bus (main cpu power bus, etc)... turning on an "off" phone is certainly possible. You'd have to see if there's any news exploits of that being done. Or just probe around your phone pinouts and see what blocks are eating all the microamps when it's "off". Librem and Pinephone supposedly do some data bus isolation (serial) of baseband from the main CPU/RAM, instead of lame IOMMU or direct shared access, but you'd have to check about their power bus. Librem is a bit more chunky so it would be easier to verify. Unlike librem, pinephone switches are still internal, so you have to disassemble it, or wire in external extensions, to use them in real life.

But if the power consumption of such a phone could be monitored continuously, that might implement a cheap, easy "Stingray detector".

Every tower base has an id, there are phone apps that read and track the power by id and notify on anomaly. Obviously such id's are spoofable and cooperateable. You can do a lot more with SDR, OpenBTS, be your own stingray. Beyond that is characterizing, discriminating, locating RF itself, much more time and $$$.