[Cryptography] Bizarre behavior of a non-smart mobile phone

Ray Dillinger bear at sonic.net
Wed May 17 15:56:18 EDT 2017

On 05/16/2017 11:58 PM, mok-kong shen wrote:

> BTW, in the meantime I think I have found a good literature that seems
> to indicate that the
> communications over the cellular networks are indeed very highly
> vulnerable to intrusions
> by hackers. 

Oh yeah, that's always been true and everybody knows it.  Phone security
bites rocks and every effort to fix it has always been gutted before it
actually hit the ground.   Don't put anything you want to keep private
on a phone.  I don't even keep a contact list on mine.

For a while a comically long stream of technical mistakes and
inadvertently stupid standards was a plausible theory, but now?  Nobody
believes that any more.  The stream of "mistakes and stupidity" now
stretches back for DECADES and it's pretty obvious by this time that
it's being done on purpose.  Mobile phone privacy is actively and
deliberately sabotaged, and always has been.

Any sufficiently advanced incompetence may be indistinguishable from
malice, but conversely any successfully covert malice is
indistinguishable from incompetence.

The question with your phone was never about whether somebody *COULD*
be getting into into it; monitoring any mobile phone is easy, and there
are well-known programs on darknet sites to install unwanted software on
most of them, either via wireless or through a fake tower. It was about
whether anyone would want to produce that specific behavior and how
they'd benefit from it.

To a lesser extent, it might be about whether your "dumb" phone actually
has an OS capable of running any software that isn't loaded into the
firmware at manufacture, but most of them do.  Or whether anyone can get
unwanted software onto it, but with most of them someone can.

Dozens of different kinds of people put up fake cell towers.
Intelligence services, police with warrants, advertisers, corporate
espionage, mobsters, foreign spies, malware distributors, spammers,
script kiddies, whatever: it's a free-for-all.

They're not usually physical towers that occupy traceable real-estate;
instead they are often in moving vehicles or similarly untraceable.
Some of them are just a guy with a laptop at a local cafe, or somebody
who runs it alongside the "free wireless service" in their business.
They monitor and sometimes modify the messages that go through. Some of
the ones that aren't criminal, advertisers, or foreign-espionage
acknowledge that they do this and some don't.  Of course none of the
advertisers, foreign spies, and crooks talk about doing it.

Nobody wants to make the practice illegal because they are either doing
it themselves, or they assume without any proof that most of the fake
towers they themselves aren't able to account for (typically all of them
that they don't actually run) are operated by police or intelligence
agencies who will stop them from making it illegal, instead of by crooks
exploiting it for illegal purposes.

And they're probably right that the police-and-intelligence people
will stop them from making it illegal - although even that might
possibly be reinforced by mobster influence within *those* agencies -
mobsters have a big vested interest in it too.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170517/5c2eab27/attachment.sig>

More information about the cryptography mailing list