So the most likely scenario is that the carriers are cooperating... Are they cooperating only with the US, or are they cooperating with other nations as well? Seems safe to assume they're cooperating with any/all nations that have a significant market for their products (ie leverage).
That's fairly scary though -- I assume the keys / encryption stays the same across similar networks, regardless of nation (given that phones continue to work abroad)? Perhaps the keys / encryption does differ by carrier, I'm not sure, but I'd definitely be curious. As long as they stay undetected, sounds like there is very little stopping COUNTRY_X from deploying these in COUNTRY_Y for their own gain, not to mention 'lower level' criminals / mafia / etc...
And obviously there are plenty of people out there (reverse-engineers, employees/insiders, et al) that have access to the keys...
Any idea if the exceptions that the FCC makes are public information, or obtainable via FOIA or similar? I'm guessing the FCC has a rigid "exception request process" in place and, hopefully, they only provide [super] limited-scope exceptions (without warrants, eh)... I'd love to see what exceptions are actually being made and what limits, if any, they contain.
Anyways, this is definitely pretty far outside of my realm of knowledge but I find the tech incredibly intriguing and very interesting nonetheless (and I agree with commentshere regarding the FCC).
For GSM encryption, at least the commonly deployed variants, you do not need cooperation or stolen keys, you can just straight-up break it in a few minutes. (EDIT: might not be correct for up-to-date networks, see below)
And if you impersonate a cell tower instead of passively sniffing, you can just turn encryption off or downgrade to a weak one.
You seem to be right. There is a paper about fast attacks against A5/3, but according to the authors it doesn't necessarily apply to real attack scenarios.
So the most likely scenario is that the carriers are cooperating... Are they cooperating only with the US, or are they cooperating with other nations as well? Seems safe to assume they're cooperating with any/all nations that have a significant market for their products (ie leverage).
That's fairly scary though -- I assume the keys / encryption stays the same across similar networks, regardless of nation (given that phones continue to work abroad)? Perhaps the keys / encryption does differ by carrier, I'm not sure, but I'd definitely be curious. As long as they stay undetected, sounds like there is very little stopping COUNTRY_X from deploying these in COUNTRY_Y for their own gain, not to mention 'lower level' criminals / mafia / etc...
And obviously there are plenty of people out there (reverse-engineers, employees/insiders, et al) that have access to the keys...
Any idea if the exceptions that the FCC makes are public information, or obtainable via FOIA or similar? I'm guessing the FCC has a rigid "exception request process" in place and, hopefully, they only provide [super] limited-scope exceptions (without warrants, eh)... I'd love to see what exceptions are actually being made and what limits, if any, they contain.
Anyways, this is definitely pretty far outside of my realm of knowledge but I find the tech incredibly intriguing and very interesting nonetheless (and I agree with commentshere regarding the FCC).