Secure Phones, Telco, Spies, Baseband, SDR (re: Tower Fix Wont Curb Surveillance)

[grarpamp]

> "WIRED: One Small Fix Would Curb Stingray Surveillance.
>
> One Small Fix Would Curb Stingray Surveillance
> '''The telecom and tech industries could overcome these challenges if they
> decided to prioritize a fix. That's a big if. Nasser points to a solution
> that would function a lot like HTTPS web encryption, allowing phones to
> quickly check cell tower "certificates" to prove their legitimacy before
> establishing a secure connection. Last year, Hussain and colleagues from
> Purdue and the University of Iowa developed and proposed such an
> authentication scheme for the bootstrapping process in 5G."
> "As long as phones will connect to anything advertising itself as a
> tower, it’s kind of free-for-all," Nasser says. "This problem is
> big low-hanging fruit, and there are many ways things could get better
> I think."

Authenticating to the tower doesn't get users one single
bit closer to the trustable p2p e2e crypto required for
actual security.
Even if the entire ISO IETF IEEE EFF CCC stood and
said "this new tower encryption is solid"...

How soon people forget...
The corrupt telcos gave everyone's ass away to govcorp,
without even a corrupt fisa calea or criminal/civil warrant,
many took a nice fee schedule for all that too.
And the nsa and every other country just taps and dumps the
unencrypted telco nodes / backhauls... into their own utah's.
And telco employees get paid and moled out for hookers and blow.
And 5G (4/3/2 too) is such fucked up spec and implementation
they'll be press release self partying about their fake fixing of all
the other intentional ecosystem firmware and signaling backdoors
and bugs for the next 50 years. Not to mention telcos just
swiss cheese privacy policy and NDA commercial contract your
ass away like every other bigcorp RingFaceBoogleLexaDMV...


Bypass that...
Get a PSK, or voice confirmed TOFU, or use the software
out there to do the key exchange over SMS... with all your
call contacts. Plug that into phone app that sits on the audio
bus or uses cell data IP, and ratchets out per session keys.
With 4G and 5G making cell data reasonably cheap,
and a somewhat more secure phone below, or better tethered
to wifi hotspot or just plain wifi, things begin to become potentially
usable for some everyday non critical use in 'smaller/cheaper/mobile
than laptop' form factor. Thousands of people already do this.

> A few years ago, I read that a disused, old cell phone (with no active
> subscription) would activate in the presence of one of these Stingray
> devices.

Stingray is MITM.
GSM a5 encryption long since hacked.
A recent hack documented phone exploitability over baseband SMS.

Baseband is untrustable adversary CPU, if the phones block
design leaves baseband powered up to battery even if asleep,
and if such baseband has access to the phones hardware
control bus (main cpu power bus, etc)... turning on an "off"
phone is certainly possible. You'd have to see if there's any
news exploits of that being done.
Or just probe around your phone pinouts and see what
blocks are eating all the microamps when it's "off".

Librem and Pinephone supposedly do some data bus
isolation (serial) of baseband from the main CPU/RAM,
instead of lame IOMMU or direct shared access,
but you'd have to check about their power bus.
Librem is a bit more chunky so it would be easier to verify.


Unlike librem, pinephone switches are still internal,
so you have to disassemble it, or wire in external
extensions, to use them in real life.


> But if the power consumption of such a phone could be
> monitored continuously, that might implement a cheap, easy "Stingray
> detector".

Every tower base has an id, there are phone apps that read and
track the power by id and notify on anomaly. Obviously such
id's are spoofable and cooperateable.

You can do a lot more with SDR, OpenBTS, be your own stingray.
Beyond that is characterizing, discriminating, locating RF itself,
much more time and $$$.