upvote

points

by dreamlayers17 hours ago |
comments
upvoteby SwtCyber7 minutes ago|
next
[-]
SMS is old infrastructure and the sender identity in an SMS is not like a signed email domain or an end-to-end verified chat identity. A lot of trust sits in the carrier network and interconnects
reply
upvoteby mcpherrinm17 hours ago|
prev|
next
[-]
2g networks didn't have the phone verify the network, so yes they can do this.

At least as of today, most phones have an option to turn off 2g but that isn't a default.

reply
upvoteby OptionOfT14 hours ago|
parent|
next
[-]
The only way to truly disable 2g on an iPhone is to enable lock-down mode, which is a step too far for me.
reply
upvoteby xamuel13 hours ago|
parent|
next
[-]
Agree. I do a lot of travel and in 3rd-world countries it is quite common to get 2g spam, it's really unacceptable that Apple doesn't offer a way to turn off 2g short of lockdown mode.
reply
upvoteby lxgr3 hours ago|
parent|
[-]
Are you sure it's not sourced from the visited network? In that case, 3G or beyond wouldn't help you, as mutual authentication does not imply end-to-end authentication of all traffic between you and your home provider.
reply
upvoteby lostmsu3 hours ago|
parent|
prev|
next
[-]
At least Pixels have the setting to disable 2G, which is on by default.
reply
upvoteby akimbostrawman8 hours ago|
parent|
prev|
[-]
It's always amusing to me how apple tries to hide basic security features behind there super duper totally secure mode which nobody will enable because it destroys usability.

Meanwhile GrapheneOS in the default mode is as much or much more secure (and private duh) than there marketing mode with little to no usability decrease.

reply
upvoteby OGWhales24 minutes ago|
parent|
next
[-]
Yeah, they really go all or nothing with the lock down mode. There are a lot of things from it I’d like to enable but not everything.
reply
upvoteby mayhemducks1 hours ago|
parent|
prev|
[-]
I was curious about this so I looked around a bit. My interpretation is that GrapheneOS still has not cracked this nut. Neither has iPhone, unless you enable "Lockdown Mode"

https://github.com/GrapheneOS/os-issue-tracker/issues/3952 https://github.com/GrapheneOS/os-issue-tracker/issues/6076

reply
upvoteby opengrass17 hours ago|
parent|
prev|
[-]
Plausible. Only Rogers still has working 2G.
reply
upvoteby mcpherrinm16 hours ago|
parent|
next
[-]
It doesn't matter what the network is doing; the phone needs to disable 2g. There's various ways to get the phone to downgrade to 2g otherwise, eg https://montsecure.com/files/2021_downgrade.pdf

Android has it as a toggle: https://source.android.com/docs/security/features/cellular-s...

iPhone disables it for phones in lockdown mode.

reply
upvoteby Scoundreller16 hours ago|
parent|
prev|
next
[-]
And if you have a modern enough SIM+phone combo, it won’t even display the 2g network as an available network, nor 3G on my device.

I wonder if this mostly hit international SIMs, since they wouldn’t be running the same level of SIM code to prefer various network locks like a local SIM.

Helps you stay under the radar and gov services over SMS is a lot more advanced outside of Canada if you want to do some fraud.

reply
upvoteby gruez15 hours ago|
parent|
[-]
>And if you have a modern enough SIM+phone combo, it won’t even display the 2g network as an available network, nor 3G on my device.

Source? It might just be that your carrier retired its 2g/3g network, not that the phone/sim refuses 2g/3g connections. If some cell tower popped up claiming to 2g/3g, your phone still might happily connect.

reply
upvoteby Scoundreller12 hours ago|
parent|
[-]
source = Rogers SIM in me phone

my Telus/Bell SIM shows the 3G network tho

reply
upvoteby lxgr2 hours ago|
parent|
[-]
Unfortunately, I think there's no way for a SIM card to indicate to the phone that it would like it to please never connect to any 2G (or any non-mutually-authenticated) network.

Absent that, maybe this happens via a carrier profile (or equivalent mechanism)?

reply
upvoteby Scoundreller46 minutes ago|
parent|
[-]
Ah, so the attack might depend on whether your phone is set to allow roaming or not. Maybe.

But I only have an option for data roaming on/off, not roaming entirely.

reply
upvoteby lxgr37 minutes ago|
parent|
[-]
I don't think that matters, since the phone has no way of knowing from the SIM card alone whether it should still connect to 2G networks or not.

It sounds like a good idea to at least restrict 2G connections to non-roaming scenarios, but then you have the next practical problem: How does your baseband know that you're abroad?

Sure, all solvable at the application layer (the phone could use location heuristics to figure out where it is etc.), but not trivial and full of edge cases that could easily result in your phone mysteriously not connecting while abroad or, worse, not being able to make an emergency call or similar.

reply
upvoteby stephen_g10 hours ago|
parent|
prev|
next
[-]
That's incredible, here in Australia they not only shut down all 2G networks almost a decade ago, but they've already shut down 3G as well!

Although now looking at Wikipedia there are a lot more 2G networks sticking around than I realised, still hard for me to believe given what's happened here!

reply
upvoteby wil4215 hours ago|
parent|
[-]
You do realize it’s a fake 2g/3g network and most phones don’t care. They will happily connect to whatever they support.
reply
upvoteby lxgr4 hours ago|
parent|
[-]
Only if they’re not already connected to a better network, no?
reply
upvoteby llm_nerd14 hours ago|
parent|
prev|
[-]
Which is interesting in that they very publicly shut down the 3G network last year.
reply
upvoteby capitalhilbilly17 hours ago|
prev|
next
[-]
The original standards weren't expecting anyone but carriers to send messages and ramping up security has been a slow process, so downgrade attacks probably work nicely.
reply
upvoteby 8 hours ago|
prev|
next
[-]
deleted
reply
upvoteby opengrass17 hours ago|
prev|
next
[-]
Guessing the spammer doesn't want to overload towers or be foxed within the same 3 so they're driving. Maybe the hats(?) shut off on rotation... or eSIM?
reply
upvoteby kotaKat16 hours ago|
prev|
next
[-]
Well, based on what I'm gleaning from https://www.smsbroadcaster.com/ (yes, they sell these brazenly in the open), I suspect they're doing some SDR shenanigans to bring up fake cell networks and leverage Cell Broadcast instead of just SMS.

https://en.wikipedia.org/wiki/Cell_Broadcast

They are also interfering with connections and attempting downgrade attacks to do 2G SMS messages as well (and is likely where Canadian carriers were picking up the 'millions' of attacks against its network and failed authentication attempts).

Amusingly this was all also caught because of Telus reviewing those SMS messages that were reported as spam from people on iOS/Android and realizing that the messages weren't being terminated inside the cell network at all when they tried tracing them out and suspected that this was the case.

reply
upvoteby 11 hours ago|
prev|
next
[-]
deleted
reply
upvoteby 10 hours ago|
prev|
[-]
deleted
reply