I flashed a $10 orbic to take to local protests.
I don’t understand why cell phones don’t authenticate the towers they connect to. Is this really just a “standards lag behind modern security” thing, or is it on purpose to allow these Stingray devices to be used?
I assume it’s the same as the Internet (or more specifically HTTP): It wasn’t designed with security in mind.
Unlike HTTP, for some reason it wasn’t included in a new specification, though. My guess is that’s because of the more centralized nature of cellular networks. The barrier for entry is a lot higher as well so there are few but big players who have little incentive to improve over the bare minimum.
IIRC encryption was initially proposed to be part of 5G but got shot down in the process.
Even if they did, I don’t see government having trouble getting a proper authentication key.
I assume on purpose
Those circumstances include immediate threats to national security and situations where a person is in danger of death or serious injury.
Well I see a problem there. It doesn’t specify the cause of the danger or the reason the person is in danger in the first place.
EFF missed a fun opportunity to call the Rayhunter “DeCSS”.
