Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Matthews Lab
Search
Search
Appearance
Log in
Personal tools
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
P2p mobile carriers
(section)
Page
Discussion
British English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= You’ll never catch me, I’m the gingerbread man! = '''Alright, so they may have messed up the whole “crypto” thing, and my phone is now part of the botnet, but what’s the big deal about security, anyhow? My phone still w̲o̲r̲k̲s̲ for making calls, doesn’t it?''' Well… not really. Have you ever looked at a city and marvelled at how ugly it looks? That’s kind of what happened to the phone system. It’s layers, upon layers, upon layers of filth. Old infrastructure that has been strewn in place, and left to rot there… exactly why no one can say for sure. Very little information has survived the GSMA’s standardisation process, but what follows has been pieced together from historical records. The records don’t tell us much, but from what I’ve gathered they speak of a time when networks were smaller, less sophisticated, and easier to maintain. Back then there were only a handful of operators, and it was generally okay to trust the messages routed between them. Times were different back then, simpler… and the people more naive. They had yet to grow up in a world over-run by ransomware, spam, surveillance, and other threats… and so it was that when a young whipper-snapped called up one sunny day to ask for SS7 access no one even battered an eye lid. ’Nd just like that, a person could stroll in and query the location of any god-damn phone this side of the Mississippi [any-time-interrogation]. '''Anyone can just register for these things and track people?''' No, I’m saying that when you’re ready Neo, you won’t have to. There are already websites that openly give out this info. My point is that the phone system is systematically flawed. Sure, you can lock down SS7 access- but there are other ways onto the network, and once you’re inside you can pretty much do what you like. The base station centre can be impersonated. The mobile switching centre can be impersonated [msc-impersonation]. Your cell phone can be impersonated [sim-cloning]. Even the base station can be impersonated [stingray]. The core network can’t be trusted. It’s far better to think of a phone as a remote listening and tracking device that’s always on because the phone has those capabilities baked-in [typhoon-box]. It could be listening to you right now and you wouldn’t know it. It’s a bleak situation and one that’s hard to fix. You would think that a user could at least control their own devices, but that’s not really possible with present phones due to closed-source dependencies. Among many problems: '''the SIM specification is itself a backdoor''' that directly supports remote file manipulation [remote-adpu][remote-uicc], and that persists after a reformat. That’s not a 0-day, its literally a standardised feature. <span id="towards-a-better-phone-system"></span>
Summary:
Please note that all contributions to Matthews Lab may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Matthews Lab:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
