Content
@
0 reply
0 recast
0 reaction
Dean Pierce 👨💻🌎🌍
@deanpierce.eth
Protip: to avoid your phone being hijacked by rogue towers, you can go to the dialer on Android and type: *#*#4636#*#* Then go into "phone information" and hit the dropdown to say "NR Only". This means only connect to anything via 5G. If you live in a more remote area you can enable LTE if you must, but NR Only is ideal. Everything else is danger.
4 replies
5 recasts
13 reactions
phil
@phil
Can you link to more information about the vulnerability?
1 reply
0 recast
3 reactions
Dean Pierce 👨💻🌎🌍
@deanpierce.eth
The main thing that reminded me to do this was the Veritasium video where they mention 5G handles a lot of the stuff that SS7 does. This setting will definitely not stop the SS7 attacks shown in the video, but it will stop 2G/3G/4G attacks, which can listen and decrypt phone calls in some situations. The bad actor basically sets up a fake cell phone tower and gets anyone nearby to connect with it. Modern protocols are generally pretty secure, so the first step is usually a "downgrade attack" where the rogue tower forces the targets to use a shittier protocol to extract more data. Setting your phone to only connect to 5G prevents this. These are now generally referred to as "Stingray" attacks because that was the name of an old device that did this that got sold to a bunch of police departments, though there are much newer and better devices now. Often used to figure out who is at a protest, or monitor someone's movement at close range. https://warpcast.com/deanpierce.eth/0xad8a4a6b
1 reply
0 recast
4 reactions
Dean Pierce 👨💻🌎🌍
@deanpierce.eth
About a decade ago I gave a talk where I showed how to build something like a Stingray for under $20. It was pretty shitty, but it worked 😁 the target needed to allow for a 2G downgrade (very rare today) and could only handle one client, but it could decrypt phone calls. More expensive tools are needed to go after 3G, but it's a thing. Last I checked LTE could leak some metadata, but nothing too scary, but 5G has most of it fixed up. You can still downgrade basically any phone out of the box down to 3G, so that's what I think most of the tools rely on these days. Setting your phone to force 5G will block any of those shenanigans though. https://en.wikipedia.org/wiki/Stingray_phone_tracker
0 reply
0 recast
1 reaction
