Considering a stingray is no more than a software radio and laptop does this mean all cell communications are vulnerable to easy surveillance by almost anyone ?
Are Cell Phone calls encrypted, does this mean the police devices have the universal decryption keys ?
If the police devices have such decryption abilities then it is probably safe to assume they have leaked and various criminals possess this as well.
Thankfully those in power have the best interests of the citizenry at heart ;) /s
Back when I had an old 2G featurephone, I inherited the exact same model from a friend (Sprint/CDMA). I used QPST to clone my ESN onto that one, to have a handy backup device.
When both were on, calling my number would ring both (I only ever checked this with them in the same cell). Picking up both I would hear audio in both until one of them "won". The ESN can't be considered any kind of secret, so the observed behavior makes it clear that there is no meaningful encryption.
We've had two generations of mobile protocols since then, but with Qualcomm et al's attitude of "lock things down harder" rather than Kerckhoff's principle and open review, I doubt security has gotten any better.
If you want meaningful mobile privacy, the only way to achieve this is with separate application/baseband processors that communicate over an auditable bus (so not a broken-by-design Qualcomm integrated chipset), with encryption done on the trusted application processor. The easiest way to realize this is using a mifi+vpn+voip. Note that this still leaves your location fully tracked, but most every use of the cell network will do that.
It appears that 2G is the vulnerability the stingrays exploit.
"... exploits a vulnerability in the 2G protocol. Phones using 2G don’t authenticate cell towers, which means that a rogue tower can pass itself off as a legitimate cell tower. But because 3G and 4G networks have fixed this vulnerability, the stingray will jam these networks to force nearby phones to downgrade to the vulnerable 2G network to communicate." [article]
Alternatively, is it legal to jam 3G and 4G networks? I can't imagine the FCC takes kindly to that type of thing.. Sometimes the best solution to constrain government overreach is to turn the bureaucratic machinery loose on itself.
Is there any evidence of the public being put at risk by these government mandated exploits ?
Privacy and Civil Liberties seem less popular arguments to oppose the 'keep the public vulnerable' policy than public safety.
Speculative Fiction :
"It seems the evil-doers procured the Celebrity's schedule by eavesdropping their calls with a Stingray.
During the kidnapping they jammed the cell communications of the security team and trivially evaded pursuit by tracking the cells of the pursuit squad with the Stingray device.
You mean by spying on our citizens we have made everyone of us unsafe ?
Yes Madam President, our monopoly on the backdoors was only temporary.
"
It occurs to me that the police themselves use cell communications.
Are they similarly vulnerable to tracking / intercepts ?
If so then this is a staggeringly short sighted policy.
Essentially we have no idea what goes on inside that phone and inside the operators. It's all closed source hardware and software/firmware, and the companiea are pretty much unaccountable to us and could put all kinds of secrets in there. This is why Stallman was actually right all along. When you don't have open, public computer systems, you end up beholden to these huge entities.
For a long time, cell phones operated in a hub way. Just like early computer networking with hubs, the tower would broadcast the packets to all phones in range, and it was up to an individual phone to respond. There was a hack where a phone could be set to respond to all numbers, and thus hijack all communication on a tower. This attack has probably been mitigated somewhat in recent years.
Actually all phones have to work this way, because the radio communication is essentially a shared medium (spatial beamforming notwithstanding). Hopefully modern protocols are properly designed to use encryption and nonce identifiers such that the other phones only see opaque packets. But a reprogrammed baseband could easily disrupt communications for everyone on the same cell, and there's no way around that. This is a major source of the culture of locked down secrecy that ends up pervading the rest of the stack.
This floated through my Twitter stream yesterday (I think via @thegrugg) - as I was reading it I kept thinking "Really? Is there even a vaguely plausible explanation for that choice of leaving a command message unencrypted and unauthenticated that doesn't boil down to 'so the NSA or other LEO can exploit it'?"
We've been talking about these at least for the past two years, but I haven't seen any of the three major mobile platform vendors implement anything to protect against this sort of attacks. What exactly are they waiting for? This is only going to get worse. They can already break 4G connections as well with these weapons of mass surveillance.
It's worth noting that the major mobile company's largest single customer is almost certainly the federal government. And, many of them fear being Nacchio-ed if they don't toe the line.
Does "Nacchio-ed" mean "get caught having improperly sold tens of millions of dollars of stock of the giant telecom company he ran, in the whirlwind of prosecutions following the collapse of Enron and Worldcom"?
A lot of people are guilty of a lot of things and don't ever get investigated or prosecuted. I agree with you that people take things a little far, but I think it's hardly conspiratorial thinking to acknowledge that the DOJ selectively pursues cases based on other factors than the crime committed.
The idea that DOJ was targeting based on something other than the crimes committed isn't supported unless there are people guilty of the same crimes -- not just the same number of crimes -- that were not pursued.
In all seriousness, I suspect they want it this way.
As long as law enforcement is doing this "without their knowledge" then they may not have to provide a backdoor to their core systems. Then the carriers can make a bold stand, say all the right things whenever they need, and express outrage at the idea that they'd share data.
Used to be scanners were able to track cell phone conversations. They started rolling frequencies but it was trivial to find out what they were and filter for only those. The drama one could hear over cell phones was better than any daytime soap, especially in small towns.
They digitized it and made it harder but I am sure with a bit of work one could listen in.
Are Cell Phone calls encrypted, does this mean the police devices have the universal decryption keys ?
If the police devices have such decryption abilities then it is probably safe to assume they have leaked and various criminals possess this as well.
Thankfully those in power have the best interests of the citizenry at heart ;) /s