Replying to @RnDanger@infosec.exchange

@RnDanger Half the damn article is FUD conflating wifi with cellular, as well as "encrypted" meaning "safe", but somehow "encrypted wifi networks aren't always encrypted" or some other bullshit? I'd want to look into how the actual feature is implemented before I can say anything concrete about it.

As for IMEI sniffers, 2g is disabled on real towers. But unless you went out of your way to disable it on your phone, fake ones can still "downgrade" to it with the reduced security, allowing them to listen in on your calls and texts.

IIRC 5g's bootstrap process is similar to TLS, where the tower is authenticated via a certificate before the IMEI is sent, so it's much less vulnerable to this?

Replying to @becomethewaifu@tech.lgbt

@becomethewaifu
IMSI-Catcher, or something similar, to identify and track someone are still possible on 5G Networks.

See: casa.rub.de/forschung/publikat

@RnDanger

CASA - Cyber Security in the Age of Large-Scale Adversaries5G SUCI-catchers: still catching them all? In mobile networks, IMSI-Catchers identify and track users simply by requesting all users' permanent identities (IMSI) in range. The 5G standard at ...

Replying to @RnDanger@infosec.exchange

@RnDanger @CyberPunker extremely unlikely. From my knowledge you'd need to use a malicious tower that the user connects to, then send a zero-click SMS exploit or something, which would require breaking the network's security now that mutual authentication of the tower is a thing.

The study appears to be about asking existing towers whether or not a known identity is connected, which is definitely still a significant tracking risk, but it's a much smaller one than the previous attacks that could just hoover up everyone in an area. (it needs to be done in real time, and you need to already know the ID you want to track beforehand. So "gather the IDs of everyone in this area" can't be done with it)