• plz1@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    6 hours ago

    I don’t understand why cell phones don’t authenticate the towers they connect to. Is this really just a “standards lag behind modern security” thing, or is it on purpose to allow these Stingray devices to be used?

    • einkorn@feddit.org
      link
      fedilink
      arrow-up
      7
      ·
      2 hours ago

      I assume it’s the same as the Internet (or more specifically HTTP): It wasn’t designed with security in mind.

      Unlike HTTP, for some reason it wasn’t included in a new specification, though. My guess is that’s because of the more centralized nature of cellular networks. The barrier for entry is a lot higher as well so there are few but big players who have little incentive to improve over the bare minimum.

      IIRC encryption was initially proposed to be part of 5G but got shot down in the process.

    • lauha@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      3 hours ago

      Even if they did, I don’t see government having trouble getting a proper authentication key.

  • Em Adespoton@lemmy.ca
    link
    fedilink
    arrow-up
    4
    ·
    6 hours ago

    Those circumstances include immediate threats to national security and situations where a person is in danger of death or serious injury.

    Well I see a problem there. It doesn’t specify the cause of the danger or the reason the person is in danger in the first place.