› Forums › Security › News (Security) › One Small Fix Would Curb Stingray Surveillance
Tagged: Ecosystem_G10, Security_S12, Standards_G11
- This topic is empty.
-
AuthorPosts
-
-
March 10, 2020 at 5:45 pm #40395
#News(Security) [ via IoTGroup ]
Stingrays derive their power by pretending to be cell towers, tricking nearby devices into connecting to them instead of the real thing.
“The point of my talk is to try and explain the root cause behind all these types of attacks, which is basically the lack of authentication when phones are first trying to find a tower to connect to,” Nasser says.
“If something looks like a cell tower, they will connect; that’s just a consequence of how cell network technology was designed decades ago.
Cell phones get service by connecting to a nearby cell tower; as you move, your phone hands off to other towers as needed.
This process of establishing a connection with a tower, often called “bootstrapping,” is easy when you’re walking; your phone has plenty of time to realize it needs to find a new tower and connect.
Think of the towers as lighthouses, broadcasting their existence at set time intervals and frequencies for any data-enabled device in range to pick up.
They help to quickly establish a connection between a base station and a device before the two know much about each other or have authenticated themselves in any significant way.
Without confirming that a cell tower is genuine, devices could wind up connecting to any rogue base station that’s set up to broadcast system information messages.
Newer wireless standards like 4G and 5G have defenses built in that make it harder for attackers to get useful information when they trick devices.
But these protections can’t totally solve the rogue base station problem, because smartphones still rely on legacy cell networks for the “bootstrapping” initial connection phase, as well as to initiate and end calls.
Plus, as long as telecoms support older, less secure data networks like GSM and 3G, snoops can still perform stingray–surveillance/”>downgrading attacks to push target devices onto older, vulnerable networks.
Read More..
AutoTextExtraction by Working BoT using SmartNews 1.02976805238 Build 26 Aug 2019
-
-
AuthorPosts
- You must be logged in to reply to this topic.