How is this possible? Are phones willing to connect to any cell and blindly trust that text messages from there are genuine and really coming from the numbers they claim to be coming from? Isn't there some cryptographic verification?
It doesn't matter what the network is doing; the phone needs to disable 2g. There's various ways to get the phone to downgrade to 2g otherwise, eg https://montsecure.com/files/2021_downgrade.pdf
And if you have a modern enough SIM+phone combo, it won’t even display the 2g network as an available network, nor 3G on my device.
I wonder if this mostly hit international SIMs, since they wouldn’t be running the same level of SIM code to prefer various network locks like a local SIM.
Helps you stay under the radar and gov services over SMS is a lot more advanced outside of Canada if you want to do some fraud.
The original standards weren't expecting anyone but carriers to send messages and ramping up security has been a slow process, so downgrade attacks probably work nicely.
Guessing the spammer doesn't want to overload towers or be foxed within the same 3 so they're driving. Maybe the hats(?) shut off on rotation... or eSIM?
This was hugely overblown in the media... While the device operates like a stingray, they were using it to spam and phish. The whole claim of "we've never seen this type of device before in Canada" is a lie, because the government and law enforcement both use them. I guess it's okay if they do it, but nobody else can...
Yes I think they mean they hadn’t seen it used before outside of sanctioned organizations. Though one could argue some induce with they org likely used it outside of official capacity though not likely with knowledge or approval by superiors.
It’s not exactly a back door. It’s a fake radio cell, mimicking your network provider and acting like a man in the middle. In that sense, it’s like a stingray. The differences are
1. The Stingray eavesdrops, but avoids interfering with user traffic
2. The stingray is operated by law enforcement, not by fraudsters looking to steal your money
Isn’t it less of a government backdoor and more of a result of generally old and insecure protocols still being in use for telecom?
Like, the phones happily connect to these fake towers because the signal is strongest from that one and there is no authentication to verify who the tower belongs to, nor encryption of SMSes?
"Law enforcement shrugs"? The whole focus of the article is about how the secret service confiscated those devices and charged the SIM farm operators with crimes. Which part of that is shrugging?
> NEW YORK (AP) — The U.S. Secret Service has found and is quietly dismantling a massive network of "SIM farms" across the New York area just as world leaders gather for meetings at the United Nations.
Rub a couple brain cells together and you might see that the comment you’re replying to has a different context.
> This wasn’t targeting a single individual or business. It had the ability to reach thousands of devices at once.
This statement reads as AI-assisted — kinda interesting to see, because I am not sure it even is? This type of formal speech language is basically unintelligible from slop now.
How is this possible? Are phones willing to connect to any cell and blindly trust that text messages from there are genuine and really coming from the numbers they claim to be coming from? Isn't there some cryptographic verification?
2g networks didn't have the phone verify the network, so yes they can do this.
At least as of today, most phones have an option to turn off 2g but that isn't a default.
Plausible. Only Rogers still has working 2G.
It doesn't matter what the network is doing; the phone needs to disable 2g. There's various ways to get the phone to downgrade to 2g otherwise, eg https://montsecure.com/files/2021_downgrade.pdf
Android has it as a toggle: https://source.android.com/docs/security/features/cellular-s...
iPhone disables it for phones in lockdown mode.
And if you have a modern enough SIM+phone combo, it won’t even display the 2g network as an available network, nor 3G on my device.
I wonder if this mostly hit international SIMs, since they wouldn’t be running the same level of SIM code to prefer various network locks like a local SIM.
Helps you stay under the radar and gov services over SMS is a lot more advanced outside of Canada if you want to do some fraud.
The original standards weren't expecting anyone but carriers to send messages and ramping up security has been a slow process, so downgrade attacks probably work nicely.
Guessing the spammer doesn't want to overload towers or be foxed within the same 3 so they're driving. Maybe the hats(?) shut off on rotation... or eSIM?
This was hugely overblown in the media... While the device operates like a stingray, they were using it to spam and phish. The whole claim of "we've never seen this type of device before in Canada" is a lie, because the government and law enforcement both use them. I guess it's okay if they do it, but nobody else can...
Yes I think they mean they hadn’t seen it used before outside of sanctioned organizations. Though one could argue some induce with they org likely used it outside of official capacity though not likely with knowledge or approval by superiors.
Wouldn't it be great if public officials would say what they in fact mean the first time?
Torontonians are hardwired to be incapable of speaking like this.
A government backdoor was found and abused by criminals? No one could have predicted this! :)
It’s not exactly a back door. It’s a fake radio cell, mimicking your network provider and acting like a man in the middle. In that sense, it’s like a stingray. The differences are
1. The Stingray eavesdrops, but avoids interfering with user traffic
2. The stingray is operated by law enforcement, not by fraudsters looking to steal your money
Isn’t it less of a government backdoor and more of a result of generally old and insecure protocols still being in use for telecom?
Like, the phones happily connect to these fake towers because the signal is strongest from that one and there is no authentication to verify who the tower belongs to, nor encryption of SMSes?
Charges? Cool. In the US we find huge SIM farms in major cities[1], law enforcement shrugs, and everyone forgets about it.
[1] https://www.pbs.org/newshour/nation/how-sim-farms-like-the-o...
"Law enforcement shrugs"? The whole focus of the article is about how the secret service confiscated those devices and charged the SIM farm operators with crimes. Which part of that is shrugging?
The article is about Canada.
> NEW YORK (AP) — The U.S. Secret Service has found and is quietly dismantling a massive network of "SIM farms" across the New York area just as world leaders gather for meetings at the United Nations.
Rub a couple brain cells together and you might see that the comment you’re replying to has a different context.
Not really, the FCC regularly drops >$300k fines on people not creative enough to figure out a revenue model that doesn't irritate everybody. =3
Why would someone use one of these instead of good old fashioned SMS / iMessage / email spam?
There's zero spam filtering interfering this way, and you can target your messages very precisely.
And zero record of it ever happening as far as the carrier's concerned.
Quote from article:
> This wasn’t targeting a single individual or business. It had the ability to reach thousands of devices at once.
This statement reads as AI-assisted — kinda interesting to see, because I am not sure it even is? This type of formal speech language is basically unintelligible from slop now.