Comment Re:Police legal authority (Score 1) 165
I know, the stingray is essentially a hacking tool. That makes you think though, why on earth is there a large wireless network carrying sensitive data without TLS (transport layer security), or encryption between the modem on the phone, and the carrier? Either the contents are not sensitive, or the carriers / cell phone manufactures are complicit or worse.. incompetent.
GSM dates to 1987. When it was created, the previous mobile telephony standard was analogue - you could listen in on calls just with a regular radio. There was a very small amount of digital signalling to the network, but the field of commercial crypto hardly existed back then and subscriber cloning/piracy was rampant. GSM introduced call encryption and authentication of the handset using (for the time) strong cryptographic techniques. It was very advanced. But it didn't involve authentication of the cell tower to the handset, partly for cost and complexity reasons and partly because a GSM base station involved enormous piles of very expensive, complex equipment that had to be sited and configured by trained engineers. The idea of a local police department owning a portable, unlicensed tower emulator was unthinkable, as the technology to do it didn't exist, and besides
When 3G was standardised, this flaw in the protocol was fixed. UMTS+ all require the tower to prove to the handset that it's actually owned by the network. Little is publicly known about how exactly Stingray devices work but it seems likely that it involves jamming 3G frequencies in the area to force handsets to fall back to GSM, which allows tower emulation.
The latest rumours are that the company that makes Stingrays has somehow found a way to build a version that works on 3G+ networks too called "Hailstorm", but it's dramatically more expensive and as mobile networks phase out GSM in the coming years police departments are having to pay large sums of money to upgrade. The whole thing is covered in enormous secrecy of course so it's unknown how Hailstorm devices are able to beat the tower authentication protocol. Presumably the device is either exploiting baseband bugs, or is using stolen/hacked/court-order extracted network keys, or it was built in cooperation with the mobile networks, or there are cryptographic weaknesses in the protocols themselves.