

why cell phones don’t authenticate the towers they connect to.
I believe it’s because they assume it’s not necessary because it was until now
- prohibitively expensive, but now a “tower” is less than 2k EUR e.g. https://www.crowdsupply.com/ukama/ukama
- prohibitively complex, see above, namely you don’t need to be a TelCo engineer to get it going
- probably illegal, namely you needed (and I bet still need in most places) wireless band allocation before you could deploy anything
… so I imagine there was no authentication because there was no practical threat beside few “fun” examples in CCC or DEF Con.
Thanks, for reference https://mullvad.net/en/vpn/daita but as it’s an arm race I wouldn’t assume it’s the perfect solution.