I'd really love if people would stop calling everything mobile standard some number followed by a G.
There are literally no known commercial scale deployments of '5G' technology out there - its largely on paper with many technical and practical details to be worked out - and the deployments discussed even when they do go hot, will be small, literally, these are microcells, something effectively the size of a oversized wifi hotspot. What has been deployed, is effectively LTE-Advanced, with extra channel bonding and MIMO. Beyond that, the 5G standard isn't even finalized yet.
We're still solidly in the '4G' era, and we (in the US) don't even have 100% saturation for LTE coverage, much less LTE-Advanced.
> I'd really love if people would stop calling everything mobile standard some number followed by a G.
It can be useful to have different labels for the "generations" when they're incompatible. Analog (1G) is incompatible with traditional GSM (2G), which is incompatible with UMTS (3G), which is incompatible with LTE (4G). So if your new network only has 4G but your old phone only has 2G and 3G, you know it won't work and you have to buy a new phone.
There are pretty substantial differences between AMPS and NMT, GSM and CDMA, EV-DO and EDGE.
CDMA for example was designed to evolve from AMPS (so was D-AMPS or TDMA, which was another 2g technology), so you could put CDMA and Analog carriers in the same site infrastructure. The 'nG' label is virtually meaningless is most discussions. It also leaves out discussion of PHS, and others, which were clearly 2g technologies.
Something like 99.98% of people would have no idea what "3GPP rev14" is.
As a person who works in the industry: There are pretty much no actual 5G systems in use. There are carriers in the US building microcell sized, DAS type LTE-Advanced things on utility poles and similar.
As usual, it's technical jargon used for marketting purpose. That's why they don't use it responsably, and that's why geeks complain without realizing the goal is not to be right, but to make money.
But aren't 4G, 5G etc. not actually marketing terms that on a technical level only imply some broad capabilities (e.g. possible download rate > X MBit/s), while the actual standards providing those are not called 4G/5G?
> Confusion has been caused by some mobile carriers who have launched products advertised as 4G but which according to some sources are pre-4G versions, commonly referred to as '3.9G', which do not follow the ITU-R defined principles for 4G standards, but today can be called 4G according to ITU-R.
4G is defined in an ITU paper basically. And telcos started to use it for networks that were pretty far from 4G. Then ITU simply said, that okay, sure, use that, because they don't care.
Well, complaining is not the problem, the problem is that usually people here preach to the choir.
HN should seek out and submit high quality precisely communicated pages about the concrete instance of "news" that the fluffpages post. But instead all we get is the complaining.
While I agree that 5G standard is still not finalized, in Qatar Ericsson will start deploying 5G gNodeBs starting by end of Q2. Nokia is modernizing the core network to a fully virtualize one and intercompatibility is mostly solved in this network.
It's usually a cat-and-mouse game, with some commercial deployments solidifying some portions of the standards, while themselves accommodating other portions of the standards from other networks as the technology matures in the upcoming years.
It depends if you’re talking daily conversation or technical. For daily use, ?G is great. Imagine how confused layman people would be if the top left of their phone alternatingly showed GPRS, EDGE, UMTS, HSPA, LTE or LTE-A depending on their connection. What the hell do all these things mean? And which was better than which again?
1-4G communicates much clearer that ‘this is faster/less delay/more stable’.
> Imagine how confused layman people would be if the top left of their phone alternatingly showed GPRS, EDGE, UMTS, HSPA, LTE or LTE-A depending on their connection
I don't know what kind of phone you have, but I have seen 2G. H, E, LTE and LTE+ in the top bar of my phone quite often.
Most people consider the fact that your handset will readily talk to any base station that's on the air to be a feature. Try to imagine how things would work if you had to authenticate and authorize every station on the network. It's true that anyone who gets on the air and speaks the air protocol can screw with your phone. Those people are also violating multiple laws and regulations in the course of doing so.
It's not that simple. Both 3G and 4G have mutual authentication. You need to trick the handset into downgrading the protocol if you want it to talk to your own fake base station.
I mean you can do authentication without doing it per base station... the real reason we don’t have anything like this is because it’s a lot of work to make this work well worldwide and because a lot of governments are not interested in making spoofing base stations harder on themselves.
Shouldn't we just fix this one layer above? Just like the internet treat the network as hostile and use strong encryption to connect to your network provider. If someone uses a stingray you use their bandwidth but they see nothing because you're running encrypted VoLTE.
It's astart but from my understanding implementing strong encryption on the layer above does little to mitigate physical location tracking issues that arise from spoofed towers.
Nothing short of removing all devices identifiers (IMSI, IMEI, etc) and using an untraceable payment system for network access (eg blinded tokens) will mitigate the location tracking ability of the carriers.
The perfect is the enemy of the good and cops do use stingrays for a reason. But targeted government surveillance is only one privacy threat, and carriers have no compunctions about bulk selling your location to the mass surveillance industry.
Yes, and I did recognize I was talking about a different vulnerability by saying that the perfect is the enemy of the good. But if we're talking about protocol vulnerabilities, why skip over the deep flaw of having fixed identifiers in the first place?
Heck, simply removing the IMEI so that users don't have to buy a new burner phone (/mifi) along with every burner SIM would be a vast improvement!
Really I'm just pointing out the larger context, as it's important to keep in mind. Shoring this up will make the keystone cops have to go get a warrant, but won't help versus the NSA, parallel construction, or GoogleNexis. It probably won't even make private investigators have to eat lunch in their cars again.
Much of the data you'd want to protect is meta data (location and access times).
If you can't trust your network entry point on mobile, you're really just screwed in many un-patchable ways. Mobile-to-mobile mesh networking could help, but I can't imagine that being widespread unless it's done in a layer outside user control or visibility, taking you back to square one.
From 3G on, every base station is authenticated and virtually all traffic on the air is encrypted.
There are issues with stingrays - but these happen due to protocol edge-cases before authentication is established. [Edit: this paper uses side channels to collect information, but that's what a sniffer can do]
I'm saying it doesn't matter whether everything is authenticated and encrypted, it's all vulnerable. Even if 4G wasn't, you can just downgrade and then crack.
I consider it more to be a 'why oh why do these protocols continue to be designed and specified in such a way as to be known to be vulnerable to eavesdropping' kind of comment.
What? I mean your provider ships you a computer that's dedicated to authentication your device on the network (a sim card) - it shouldn't be infeasible to authenticate the nodes when you can bootstrap off an actual trusted device.
With roaming, your provider could cross sign other providers - and for long range/international roaming you could maybe allow forwarding of encrypted requests for authentication over an untrusted channel.
That would probably be enough for some level of (location) tracking - but there'd be no need to allow any regular traffic over such links. In theory. In practice, that'd probably be too expensive, and you'd get better service and security relying on wlan and something like signal....
OK but what you are suggesting is a fully authenticated air interface and a massive PKI deployment, which while not impossible for future protocols face obvious hurdles.
It seems like this method requires a known phone number. And can track people based on knowing the phone number in advanced. That is quite a high bar, and very different from the standard stingray attack.
That is, older attacks allow you to collect all IMSI's in the area. Instead, this attack allows you to track a given phone-number, and retrieve the IMSI that belongs to a given phone number.
Edit: it seems like an Email address or twitter handle also works. What is needed is some way to trigger a message on the phone. That still requires knowing some identity up-front though.
> Edit: it seems like an Email address or twitter handle also works. What is needed is some way to trigger a message on the phone. That still requires knowing some identity up-front though.
Marginal. No barrier at all for targeted attacks (phishing, stalking, intelligence etc.).
A very large use-case for stingrays by american police was to have them running nearly continuously. Then, when a crime occurred, they would go back and examine the captured data to see who was nearby during the crime.
Such post-hoc tracking is not possible with this method.
Similarly, if all you know is "I don't trust the bearded guy who just disembarked the plane" it could be hard to get to an identity that will trigger his phone. With a traditional 'What IMSI's are in the area' capture, you just need to follow them long enough that one IMSI stands out as always being available. This attack doesn't enable that either.
> A very large use-case for stingrays by american police was to have them running nearly continuously. Then, when a crime occurred, they would go back and examine the captured data to see who was nearby during the crime
Do you have a link for this? It's difficult to Google
The officer requested use of a “digital analyzer” to locate the new burner phones at “any time of the day or night … without geographical limitation in the State of Illinois.” The request was approved.
I recall similar things happened in New York
Perhaps 'a very large use case' was too strong a phrasing though.
The article mentions you need to brute-force 29 bits using an oracle. It doesn't mention this is an active oracle. That is, it requires interaction with the UE (target phone).
This makes the brute-force attack quite a bit harder, as you need to be in contact with the target phone for the duration of the attack (you don't need to do the attack in one go though).
Based on the paper, the title is clickbait; it does not talk about intercepting calls at all. It does mention that one of the attacks in the paper can enable "further attacks", but if call interception was one of them, I'd imagine that they'd say so explicitly.
The author of the paper, cited in the report, said, "Any person with a little knowledge of cellular paging protocols can carry out this attack... such as phone call interception, location tracking, or targeted phishing attacks."
There are literally no known commercial scale deployments of '5G' technology out there - its largely on paper with many technical and practical details to be worked out - and the deployments discussed even when they do go hot, will be small, literally, these are microcells, something effectively the size of a oversized wifi hotspot. What has been deployed, is effectively LTE-Advanced, with extra channel bonding and MIMO. Beyond that, the 5G standard isn't even finalized yet.
We're still solidly in the '4G' era, and we (in the US) don't even have 100% saturation for LTE coverage, much less LTE-Advanced.