Slashdot Mirror

← Back to Stories (view on slashdot.org)

A New Attack Allows Intercepting Or Blocking Of Every LTE Phone Call And Text (theregister.co.uk)

Posted by EditorDavid on from the three-way-calling dept.

All LTE networks and devices are vulnerable to a new attack demonstrated at the Ruxon security conference in Melbourne. mask.of.sanity shared this article from The Register: It exploits LTE fall-back mechanisms designed to ensure continuity of phone services in the event of emergency situations that trigger base station overloads... The attacks work through a series of messages sent between malicious base stations spun up by attackers and targeted phones. It results in attackers gaining a man-in-the-middle position from where they can listen to calls or read SMS, or force phones back to 2G GSM networks where only voice and basic data services are available...

[Researcher Wanqiao] Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity. "You can create a denial of service attack against cellphones by forcing phones into fake networks with no services," Zhang told the conference. "You can make malicious calls and SMS and...eavesdrop on all voice and data traffic."

80 comments

  1. Thanks, *hats by Etcetera · · Score: -1

    No industry reach-out and responsible disclosure after the time needed for them to contemplate and execute a change across a 100K+-node base station network?

    This is why we can't have nice things.

    --
    Hire a Linux system administrator, systems engineer,
    1. Re:Thanks, *hats by Anonymous Coward · · Score: 2

      No industry reach-out and responsible disclosure after the time needed for them to contemplate and execute a change across a 100K+-node base station network?

      This is why we can't have nice things.

      I disagree. If people would make their shit secure in the first place, it wouldn't be a problem.

      Maybe if we had more exposure of 0-day flaws and associated attacks, people would work a little harder to creating flaws to begin with.

    2. Re:Thanks, *hats by AHuxley · · Score: 4, Insightful

      It depends why any telco issue exists and is fixed or not fixed.
      Greek wiretapping case 2004–05
      https://en.wikipedia.org/wiki/...–05
      SISMI-Telecom scandal
      https://en.wikipedia.org/wiki/...
      or why "Fake Mobile Phone Towers Operating In The UK"
      http://news.sky.com/story/fake...

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:Thanks, *hats by Anonymous Coward · · Score: 1

      On the other hand, corporations don't give two shits about security until it hits them where it hurts, in the pocket book. Without disclosures like this, security is treated as an add-on insurance expense if it's considered at all.

    4. Re:Thanks, *hats by Anonymous Coward · · Score: 0

      software upgrades could be automated...

    5. Re: Thanks, *hats by snowsnoot · · Score: 1

      Subject should be 'thanks Ericsson (3GPP)' for a useless feature because the core network can't handle the call volume in natural disasters anyway

    6. Re:Thanks, *hats by darkain · · Score: 4, Insightful

      Ya'see, I'm getting sick and tired of hearing this goddamn argument over and over again. "Just make it secure in the first place", like technical security is just a magical flip of a switch. "Oh, Yeah, I downloaded and installed the SECURE library into my app, things are PERFECT now!"

      Security is an ever evolving moving target. What is deemed secure today may very well become insecure tomorrow. This is true of both software and non-software technical systems. This is true of both open and closed source software. This research that happened is EXACTLY what we need to ensure security, having people willing to disclose vulnerabilities to the general masses, because similar exploits may exist in other implementations. The alternative is selling exploits on the black market. Which would you honestly prefer?

    7. Re:Thanks, *hats by SumDog · · Score: 3, Insightful

      Umm...are you sure? I saw this girl talk in Las Vegas a few months ago at Defcon. This isn't new. This is a known exploit.

    8. Re:Thanks, *hats by Anonymous Coward · · Score: 0

      "What is deemed secure"? If it's not secure tomorrow, then it's not secure today. Alas, all software is insecure and should not be used where security is needed. Can we outlaw online banking and online stores now please?
      Minimum jail time 15 years for running such an establishment.

    9. Re:Thanks, *hats by Anonymous Coward · · Score: 0

      You think protocols like this are insecure by accident?

      That in a group of hundreds of the smartest engineers in the world, come together to design the latest app/framework/protocol, not a single one of them piped up "hey guys, what happens if this fallback mode we're adding is triggered by an adversary? how can we prevent or mitigate that to make sure our users aren't at risk?"

      Experience would surely lead you to the conclusion that 'flaws' like this are intentional.

    10. Re: Thanks, *hats by WarJolt · · Score: 2

      Some software can be proven secure. Look at sel4. It's just that software engineers take shortcuts. If you design an aircraft wing you have to prove that it can take the load with math and physics. When we write software we assume it's good enough because we "tested it thoroughly". I guess it's time to start treating software engineering like real engineerings. Hold them accountable and teach them how to prove things secure before they are allowed to use technology. I feel like most software engineering are simply stumbling around in the dark when it comes to security.

    11. Re:Thanks, *hats by Anonymous Coward · · Score: 0

      In the case of mobile networks, "make it secure in the first place" is valid criticism. These standards are made to be breakable. Just take a look at the cryptographic options, for example in 2G: There's a null-cipher in there, a cipher with laughable key length and a cipher that had not been tried and tested. About the only part with decent protection is that the cards can't be cloned (except by the network operator). The handsets have no way of authenticating the base stations. The phone system backend basically relies on the honor system. The list goes on and on. Maybe it's unrealistic to ask that it should be made secure in the first place. But they could at least try.

    12. Re:Thanks, *hats by Anonymous Coward · · Score: 0

      You are right on the principle of course, but in this case we should consider that LTE is not THAT old, and that basic security features in communication includes establishing identity of the communication party (in this case the tower) and raising hell when something is wrong. Our browsers have done it for ages, with varying levels of success, but mobile phones do not even try. And I am not even talking about lack of end-to-end encryption yet. At the time these risks and the potential solutions where well known, the GSM networks where already being exploited. Yet the choice was made to not include some basic protections, like end-to-end encryption, and user notification when the connection was fishy.

      It is quite simply hard not to conclude that end-user security is not that high on the priority lists of Telecom standards organizations, equipment manufacturers, telco's and governments.

    13. Re:Thanks, *hats by Anonymous Coward · · Score: 0

      No industry reach-out and responsible disclosure after the time needed for them to contemplate and execute a change across a 100K+-node base station network?

      This is why we can't have nice things.

      If it is known by white hats then it is known by black hats.

      Anyone who wants to exploit this already have the knowledge and is doing so.
      The only reason to stay quiet is to let someone save face.

      Also, experience tells us that companies prefers to not to jack shit before they absolutely have to. Things doesn't get fixed until the problem becomes public knowledge.

    14. Re:Thanks, *hats by Razed+By+TV · · Score: 0

      Which would you honestly prefer?

      And which would the government prefer?

    15. Re:Thanks, *hats by DarkOx · · Score: 2

      If only it were that easy. So much of security is a case of people abusing behavior of a complex system. Its difficult to image how some of these complex interactions might be exploited ahead of time.

      This is a case where for the most part the system is working as designed. A high amount of traffic is detected so the system pushes the devices to fall back on legacy resources so the system of call handling over all can continue to function. It just so happens the high traffic isn't a bunch of devices all wanting voice and data at one but a basically a DOS attack. There isn't much you can do about DOS attacks on over the air media. If someone wants to jam a signal they can. This is basically that but they happen to be doing some protocol participation as well.

      Availability is part of security, should the system just fall over under high load instead? Would that be 'more secure' in your estimation or less?

      Honestly what should probably happen is the handset should ask.. "LTE fallback requested, voice and data privacy not assured, do you wish to proceed?" Now you are back to a human problem where they have to make a judgement call. They also have to be savvy about the situation, and ask themselves is this likely happening because of some congestion event or is this an attempt to MITM me?

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    16. Re:Thanks, *hats by thegarbz · · Score: 1

      I disagree. If people would make their shit secure in the first place, it wouldn't be a problem.

      A typical LTE connection will have multiple levels of security including private encrypted identification tokens, security on SIM cards, Air interface protection, and security in the backhaul. This is protected by no less than 7 different cryptographic keys in the process.

      But yes the standard was designed without any security in mind. What were these "experts" thinking and why didn't they consult A.Coward here who has the answer to everything.

    17. Re:Thanks, *hats by thegarbz · · Score: 2

      It's worse than this. LTE downgrade attacks have been known about for many years. The lack of mitigation against such attacks is also the reasons stingrays work so well. If devices could authenticate the basestation and prevent downgrades to weak encryption schemes like was suggested in ... I think I heard about this personally 3 years ago the first time... then neither stingrays nor this current attack would be an issue.

    18. Re: Thanks, *hats by Anonymous Coward · · Score: 0

      That's a good point, but in this case i think you need to consider that these fallback modes have always been exploited and therefore putting one in is almost always a bad idea, and at least has to be done with great care. This was not done with great care.

      Actually it might have been. We know that the NSA would run around and make suggestions to weaken standards, or to complicate them so that vulnerabilities would creep in. We know they had a lot to do with how IPSec has a mode with NO encryption at all for instance. Same kind of attack, btw. Make the client do something downgraded and useless and of course don't bother telling the user about it when it happens. You know, like GSM phones are supposed to by specification warn end users when their calls are unencrypted because the base station set it that way and yet somehow no carriers' phones anywhere actually do this. I wonder why that is.

      In other words, I don't believe this is a new attack. It may be newly discovered by someone not associated with the evils that are law enforcement and intelligence these days, but it's likely not new and even more likely has been exploited for years by people who designed it or 'suggested' for it to be insecure on purpose.

    19. Re: Thanks, *hats by Anonymous Coward · · Score: 0

      He mans the interceptor attacks the police have been using for years now? Who knew?

      Seriously though... how much did the research cost to discover what mainstream news has been saying repeatedly?

    20. Re: Thanks, *hats by MightyYar · · Score: 2

      Well, for a lot of uses, slap-dash is "good enough". I don't really need my $30/month prepay service that I use to get phone calls from my wife telling me to pick up laundry detergent to be bulletproof - it just needs to work well enough that I get by another month without getting too pissed off. If they went all space shuttle control software on my phone and the network, it probably would all drift outside of my price range. I suspect for high-security applications, there are already bolt-on solutions that let you securely communicate with your basement email server.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    21. Re:Thanks, *hats by Timothy2.0 · · Score: 1

      This mentality is the result of the never-ending push to get new products to market, not with the difficulty of securing a product/technology in the first place. Hardware and software are insecure not because of some *inherent* insecurity, but because consumers demand (nay, *expect*) new products that they can consume. That consumerist conditioning drives ever-greater insecurity since, as products develop with respect to processing power, storage, and sensor capabilities, the insecurities are pushed to the back-burner, and their resolution is given lower priority than rounded corners or a sharper screen.

      People get exactly what they ask for, and get to suffer the consequences for it.

    22. Re: Thanks, *hats by Anonymous Coward · · Score: 0

      "Proving" something assumes your proof is correct. Turtles all the way down.

    23. Re: Thanks, *hats by Anonymous Coward · · Score: 0

      I prefer black market sales.

      Of course, I am also rooting for the EMP too.

    24. Re: Thanks, *hats by Archangel+Michael · · Score: 1

      In this case, the solution is already available. When a new tower is spun up, to flag it as "unsafe" until a valid tower says otherwise.

      I have a good idea where all the towers are in my city, if a new one was spun up, I'd know about it fairly quickly. And there are projects that have very detailed information on existing towers. The problem with this kind of attack, is that it is very short lived because it would be easy to triangulate where the bad tower/Node actually is.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    25. Re:Thanks, *hats by iamgnat · · Score: 1

      Security is an ever evolving moving target. What is deemed secure today may very well become insecure tomorrow.

      While I agree with you on this point, you aren't looking far enough at the problem.

      The real problem is the number of these devices that never see updates/patches from the vendor. This plays out in two ways. The first being that the vendor never patches anything and the second is while they do, they don't make it simple for the average user to A) find out about the update and B) install it.

      The other problem we have is that security is not a selling point for the average user. They pay attention to the bling, so even if there was somewhere you could go to get honest and up to date security reviews on products before you buy them, most people wouldn't. While I am no fan of government regulations (due to how they instituted and implemented in highly politicized manners), this is something where the world could benefit.

      In the later regard I view it much like vehicle emissions. The majority of people just don't care and even many of the ones that do don't understand how wrong they are on the facts. As such it is valuable for governments to step in with clear and impartial (it's Monday, everyone needs a good laugh to start the week) requirements that manufactures must meet before their cars can be sold.

      Something similar should be in place for network connected devices to force companies to be better actors. Otherwise, as in every other industry to date, corners will be cut on consumer/environmental safety since such enhancements will generate little if any revenue. It should not be left to the person that can't figure out how to connect their cable router who is also the same person that will think an Internet connected TV or fridge with built-in cameras are a good idea...

    26. Re: Thanks, *hats by MightyYar · · Score: 1

      Come to think of it, I would notice a new tower as well because of my "Llama" app that uses the towers to trigger actions.

      But so long as the CIA/NSA/KGB/Verizon or whatever nefarious agency is willing to forward my conversation about milk to the proper wife, I'm good.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    27. Re: Thanks, *hats by Anonymous Coward · · Score: 0

      Then why are people setting up man in the middle attacks with ease?

    28. Re: Thanks, *hats by Junta · · Score: 1

      You cannot *prove* security. Security is not a set of absolute laws, it is a subjective call. There are of course some *limited* facets that are more concrete (buffer overruns are never good, for example), but security is a big thing that encompasses a lot and in fact two different approaches can both rationally call each other insecure and themselves secure, depending on perspective.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    29. Re: Thanks, *hats by Junta · · Score: 1

      I think the point is despite *trying* to design it 'secure it in the first place', there were failures. It's easy to criticize in hindsight, and claim that if they had just secured it *right* in the first place, this wouldn't be a problem, but it is disingenuous to say they didn't even try.

      This is the crux of the problem for security. Even if you *try* to do it right, there is every likelihood that you will mess up. Even if you pull in a 'trusted security company' to audit your design, they'll frequently do an inadequate job because they lack expertise in what you are doing to credibly know if it is secure. They'll look for things that vaguely resemble other generic things and sometimes yell loudly about some non-issue that makes no sense in context, and at the same time completely miss glaring security issues.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    30. Re:Thanks, *hats by unixisc · · Score: 1

      No industry reach-out and responsible disclosure after the time needed for them to contemplate and execute a change across a 100K+-node base station network?

      This is why we can't have nice things.

      Yeah, let's see if we can get back to analog phones, and back to the era when it would cost gobs of cash to call different area codes, let alone different countries

    31. Re: Thanks, *hats by Anonymous Coward · · Score: 0

      Putting a lock on a door indicates it was designed with security in mind, but does not mean it is secure.

  2. Brought to you by by Anonymous Coward · · Score: -1

    China!

    TRUMP will fix them GOOD!

  3. We need END-to-END security. Now. by Anonymous Coward · · Score: 1

    We need END-to-END security. Now.

    1. Re:We need END-to-END security. Now. by Anonymous Coward · · Score: 0

      We need END-to-END security. Now.

      Really? Then get ready to pay for it because good security isn't cheap.

    2. Re: We need END-to-END security. Now. by Anonymous Coward · · Score: 0

      Really? Then get ready to pay for it because good security isn't cheap.

      Paid shill or total dumbass. We already pay for it. What we get are over complicated designs with intentional exploitable flaws. How about we get what we pay through the nose for already?

    3. Re:We need END-to-END security. Now. by squiggleslash · · Score: 1

      We have the means, we even have the standards (IPSec and DNSSEC, for starters) it's just 99% of people in the field have no idea how to use them, DNS providers have been slow to address the latter, and operating systems have been reluctant to turn them on by default.

      --
      You are not alone. This is not normal. None of this is normal.
    4. Re:We need END-to-END security. Now. by Junta · · Score: 1

      One, doing IPSec and DNSSEC does not unambiguously mean 'ok, things are secure now'. In principle, they can be helpful.

      IPSec is a big mess that in practice is redundant with using TLS.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    5. Re:We need END-to-END security. Now. by unixisc · · Score: 1

      Why is it a big mess? It just means another encapsulation layer that gets decapsulated at the destination point

    6. Re:We need END-to-END security. Now. by Junta · · Score: 1

      The key infrastructure as such is not suited for meaningfully secure communication. Opportunistic encryption is trivially overcome by a man in the middle.

      --
      XML is like violence. If it doesn't solve the problem, use more.
  4. I don't believe you by Anonymous Coward · · Score: -1

    Prove it, wankers.

  5. I'm seeing a trend here... by Anonymous Coward · · Score: 1

    So often it seems that falling back to an older, less secure system or protocol is a method to circumvent newer, safer technologies (POODLE springs to mind as an example)...

    Shouldn't there be an accepted practice of NOT being backwards compatible with a system that's known to be insecure? Cuz like, what's the point otherwise? At the very least perhaps new systems like TLS or systems that rely on older hash functions could have a scheduled phase-out of backwards compatibility built-right into the spec.

    (okay I'm talking out of my ass here.. someone please school me on how this is already being done.)

  6. Technically unfeasible by chromaexcursion · · Score: 2

    Just because it's possible, doesn't mean it can be done.
    This attack breaks multiple laws, and regulations.
    As noted in another post. The equipment to do this is expensive.
    It's not a targeted attack. There's no way to pin an individual, they might just get lucky and get through on the real cell.

    Just alarmist ranting, for now.

    1. Re: Technically unfeasible by Anonymous Coward · · Score: 1

      Just alarmist ranting, for now.

      All of which was said about Stingray devices in an attempt to mollify people. How did that work out?

    2. Re:Technically unfeasible by omnichad · · Score: 1

      Just because it's possible, doesn't mean it can be done.

      The Stingray devices already exist. Now here's a better blueprint to help amateurs build their own.

      People were apparently fine with this security flaw when only a few proprietary hardware vendors were known to be exploiting it. Now, hopefully it can be taken seriously.

  7. Idiots by Anonymous Coward · · Score: 0

    You just broke 2FA.

  8. ...force phones back to 2G GSM networks by Anonymous Coward · · Score: 3, Funny

    So T-Mobile customers shouldn't notice any interruption in service.

    1. Re:...force phones back to 2G GSM networks by schitso · · Score: 1

      +1 Depressing Because It's True

  9. Is this news? by Anonymous Coward · · Score: 1

    I'm pretty sure I saw this exact same presentation at DEFCON a few months ago.

    1. Re:Is this news? by Trax3001BBS · · Score: 1

      I'm pretty sure I saw this exact same presentation at DEFCON a few months ago.

      It's not like they hacked in to it, it was a gimme.

      FTA "The 3GPP telco body that oversees LTE standards has known about the security shortcomings since at least 2006 when it issued a document describing Zhang’s forced handover attack, and accepts it as a risk. "

  10. Just me or... by Anonymous Coward · · Score: 0

    This sounds like a national security issue that any country should look into. Can be used to disseminate false information prior to an invasion?

  11. Open Whisper Systems by Anonymous Coward · · Score: 2, Informative

    This is why using Signal is critically important.

  12. Saw it at Defcon by Anonymous Coward · · Score: 1

    This is not new - it was at Defcon in august.

  13. On the surface by Dracos · · Score: 2

    Isn't this pretty much what a Stingray does? Or does Stingray use weaknesses deliberately built into the networks?

    1. Re:On the surface by SumDog · · Score: 1

      We have no idea. There's very little data at all on how the Stingray actually works. That's one of the big issues with it.

    2. Re:On the surface by chromaexcursion · · Score: 0

      Not really. The stingray, using law enforcement protocol, takes over for the cell.
      Turning on a stingray requires active cooperation with the cell provider. So, there is no back door there.

    3. Re:On the surface by ArylAkamov · · Score: 2

      Turning on a stingray requires active cooperation with the cell provider. So, there is no back door there.

      ?

      https://evilsocket.net/2016/03...

      http://hackaday.com/2016/04/08...

    4. Re:On the surface by bferrell · · Score: 1

      What he said!

      At one time (design time of LTE network protocols) conceiving of a "rogue" base station was unthinkable... Tens of thousands just to start. Now, SDR allows almost any kind of radio transmitter for next to nothing and the unthinkable become thinkable.

      As the good Dr Oppenheimer had to say "Now I am become Death, the destroyer of worlds.".

      Thanks "disruptive" technologists... Another instance of "just because you can doesn't mean you should"

    5. Re:On the surface by Anonymous Coward · · Score: 1

      Stingray uses the simple fact that at least in GSM and 3G networks, the handset needs to authenticate itself to the network (to make sure that everything is properly paid for), but there is absolutely no authentication mechanism for the network, i.e. the cellphone cannot verify that it's actually talking to the real network. In addition to that, at least with GSM, the network can request that data is trasmitted in clear text without even the weak encryption, e.g. for countries where encryption is/was illegal.

    6. Re:On the surface by thegarbz · · Score: 1

      Not even remotely true. A stringray device simply emulates a base station and overpowers it. It does not require any cooperation with any cell provider.

      That said it is a different form of attack.

    7. Re:On the surface by Anonymous Coward · · Score: 0

      Stingray uses 'legit' security certificates to do it's job (Its just classic MITM. Nothing funny at all. Maybe some bending of standards to make things run smoothly but nothing you haven't' seen in any (in)security appliance.) - Legit in that various TLA's have the authority to demand root security certs from various vendors that are in charge of wireless infrastructure.

      The inbuilt weakness in LTE is the inbuilt weakness in any trust authority - If you can't trust the authority you have no security.

      Given the closed nature of wireless carrier equipment and wireless device "basebands" (aka closed system machines that run the wireless modem) you should assume that your wireless communications are insecure at layers 1, 2, and 3 anyway. Security is implemented in higher layers for a reason.

  14. Good Luck! by Anonymous Coward · · Score: 0, Funny

    As a slashdotter the only person I'd ever have to call or text is mom, and I can just yell upstairs for that!

    1. Re:Good Luck! by Anonymous Coward · · Score: 0

      As a slashdotter the only person I'd ever have to call or text is mom, and I can just yell upstairs for that!

      MOM? MORE HOT POCKETS!

  15. Stringrays by I+kan+Spl · · Score: 1

    I'd guess this is how the stingray cell phone snooping devices have been working all along.

    Now, at least we understand the technical means by how they work.

    --
    My UID is prime and so is this number: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0.
    1. Re:Stringrays by chromaexcursion · · Score: 1

      nope. not how stingray works.

  16. Business Setup Consultants in Dubai, United Arab E by Anonymous Coward · · Score: -1

    Business Setup Consultants in Dubai, United Arab Emirates
    Leading business setup consultants in Dubai, On Demand Buz offers various business setup assistance at Dubai, United Arab Emirates. Learn how to setup your business at Dubai, UAE with On Demand Buz / Start Business UAE.
    On Demand Buz is a pioneer business consultant brand from Dubai with strong expertise in various trade license and business setup related services at the emirate of Dubai in UAE.
    Link: http://startbusinessuae.com/business-setup-consultants-dubai/

  17. Re:Business Setup Consultants in Dubai, United Ara by sgtsquid · · Score: 1

    How about a DDOS against these pigfuckers!

  18. LTE takes after GSM on the insecurity tree by RubberDogBone · · Score: 1

    GSM was full of holes and worthless and now its direct descendant LTE has similar holes. WHAT A SURPRISE.

    And of course the industry rubbed their hands about the GSM issues and they will do so again about LTE. Everyone has spent too much money on this shit to go back now and fix it.

    Apple had some major issues with their early iPhone security because they were of course GSM-only for a long time and any competitor who wanted to listen in on test calls or record everything only needed to setup a GSM eavesdropping station, would would fit in a briefcase and could be run from a car in the parking lot, and they'd have the whole thing. I have no doubt that happened. And now, it will with LTE too.

    The presentation was by a woman, too. The world has changed, basement dwellers.

    --
    Sig for hire.
    1. Re: LTE takes after GSM on the insecurity tree by Anonymous Coward · · Score: 0

      Somebody's gender has what exactly to do with the ability to find flaws in tech?

  19. Shit summary by clonehappy · · Score: 1

    This isn't something that can eavesdrop on LTE calls, it just forces the phone off of LTE back onto older more insecure air interfaces. But it does make sense now why no phone I've ever owned allows me to force LTE-only mode (without resorting to rooting, jailbreaking, or other hacking), they need to make sure the TLAs can backdoor us onto their stingrays at any given moment.

    1. Re:Shit summary by Anonymous Coward · · Score: 0

      Only problem with enabling LTE only mode, especially on some 3rd party roms like cyanogenmod on my Note4 does not support VoLTE. Without VoLTE you cannot make and receive voice calls over LTE only. LTE on tmobile only provides a data session, VoLTE tunnels the voice call over data like a VoIP session. Without VoLTE support you are stuck still using GSM/3G/UMTS for voice calls.

    2. Re:Shit summary by clonehappy · · Score: 1

      I'm not talking about 3rd party ROMs like Cyanogenmod. That's why I said it can't be done "without rooting, etc.". Sure I can run a 3rd party ROM but then I lose VoLTE, that's the point.

      The last 3 Andoids I've used are VoLTE capable and enabled running stock ROMs, and my last 2 iPhones (6 and 7) are as well (both capable and enabled). Let me select the mode I wish to use and be done with it. All I get as a benefit from allowing legacy air interfaces to be an option is decreased battery life as the phone monitors a network I have no interest in using (and if I do need/want it, I'll select it manually).

    3. Re:Shit summary by Trax3001BBS · · Score: 1

      I'm not talking about 3rd party ROMs like Cyanogenmod. That's why I said it can't be done "without rooting, etc.". Sure I can run a 3rd party ROM but then I lose VoLTE, that's the point.

      The last 3 Andoids I've used are VoLTE capable and enabled running stock ROMs, and my last 2 iPhones (6 and 7) are as well (both capable and enabled). Let me select the mode I wish to use and be done with it. All I get as a benefit from allowing legacy air interfaces to be an option is decreased battery life as the phone monitors a network I have no interest in using (and if I do need/want it, I'll select it manually).

      The only reason I want a rooted phone is to add a hosts file, ADB will allow this without the phone being rooted, and any other file (application) you want installed.

      A note I keep handy, this is in reference to cell phones: I do believe in Linux systems, the real hosts file is in root/data/data/
      >The system/etc/ hosts file is empty, aka a decoy of some sorts....? -XDA-Developers.com

  20. making phone networks secure by Anonymous Coward · · Score: 0

    Ya'see, I'm getting sick and tired of hearing this goddamn argument over and over again. "Just make it secure in the first place", like technical security is just a magical flip of a switch. "Oh, Yeah, I downloaded and installed the SECURE library into my app, things are PERFECT now!"

    Actually, when it comes mobile phone networks, it is (or was) a case of flipping a magical switch. Cell phone standards were deliberately crippled, security-wise:

    A5/2 is a stream cipher used to provide voice privacy in the GSM cellular telephone protocol. It was used for export instead of the relatively stronger (but still weak) A5/1.

    * https://en.wikipedia.org/wiki/A5/2

    Later they went with A5/3 (aka KASUMI) instead of the more secure MISTY1, or even AES (which was already available by then):

    * https://en.wikipedia.org/wiki/MISTY1

    And as many problems as SSL/TLS has had, if the cell industry had used it instead of the mess that they're currently using, things wouldn't be as bad as they are now. And the mobile phone operators have a lot easier in some regards: with TLS you have to have the garbage that is CAs to build trust, while with SIM cards you have a pre-existing cert/key distribution system You'd think they'd be able to leverage that to build a robust network.

    So while there are many places where security is hard, the cell phone industry seems to have screwed the pooch when it comes to keeping over-the-air signals safe from attackers. I've dealt with SS7, and can understand the back-end stuff being convoluted, but there isn't as much of an excuse for the radio component of their network.

  21. Backup communications by Anonymous Coward · · Score: 0

    Yet another illustration that those who absolutely need to keep their communications intact need to have amateur radio for backup when the purposes are non-commercial.

    1. For local communication, use VHF/UHF, possibly in conjunction with repeaters.

    2. For longer distances, use the appropriate HF bands or, in some cases VHF/UHF satellite communications.

    The advantage of both is that the link depends only on equipment at each end. It doesn't depend on a complex and vulnerable infrastructure.

  22. Easy Fix? by Anonymous Coward · · Score: 0

    Couldn't this be solved by most networks updating their phones with a big ol' whitelist?

  23. DNSSEC is 1024-bit by tepples · · Score: 1

    DNSSEC is underused because its root certificate is only 1024-bit RSA. At least that's why DANE support in Chrome is turned off.

  24. Words mean things by radarskiy · · Score: 1

    "Just because it's possible, doesn't mean it can be done."

    Actually, that is exactly what "possible" means.

  25. What arrogance. by Anonymous Coward · · Score: 0

    What arrogance.

  26. uh ok by Anonymous Coward · · Score: 0

    has the NSA and FBI not had this technology for years?