No matter which attacker we want protection against, the points to secure are client and server, not the middle-boxes.
This is one of the well known reasons HTTP/2 is implemented by browser vendors only on a secure channel.
Here we are talking about implementing security in hardware (bad idea: hard to upgrade as security requirements and practices chage) at a very low level (at data link layer). If this is to skip security at higher levels of the stack, you have to trust all hardware vendors and operators worldwide. If we don't, we can as well communicate on an insecure channel: that's what modern TLS provides.
Of course to get all users to use only secure channels is a lot of work, it's just that there is no easier alternative that provides this same result.
Granted, the author might have something else in mind: he might want communication to be safe only against some parties, but not others.
Sure, if you're defining 'modern' as something other than what's actually used by the vast majority 2FA users. Even for people who use U2F or TOTP as their primary Gmail 2FA, what percentage do you think have actually correctly deleted their phone numbers from both their primary account and any recovery accounts? I have no idea, but I'm guessing less than 1%.
Apple didn't want to open iMessage to the world. EU/USA should enforce a common, secure method for sending text messages to mobiles.
No way do we want any regulation here! I will accept balkanization of messaging apps for the lack of government interference here. If a government messaging standard is introduced, it will absolutely be designed to consider lawful intercepts like US CALEA. It would be a key escrow system upon inception.
EDIT: downvoters, join the debate. Do you feel differently? If so, why?
There is a new standard to replace SMS in flight called RCS. Arguably, this makes the world better -- SMS sucks, RCS brings a lot of the iMessage features to standard carrier messaging. But therein lines the problem: it's carrier-controlled, and carriers want lawful intercept. So, the standard does not call for end-to-end encryption and it is not implemented.
I still think this is a better state of the world than SMS, but it's pretty depressing that it's 2019 and e2e encryption isn't the default. I understand why it isn't when there's government interests in play, but it's still depressing.
Then that is obviously not what the parent is asking for. The government could decide to enforce an insecure messaging standard at any time. What does that have to do with the people demanding them to enforce a secure one? Are you suggesting that if we demand a secure messaging standard, it will give them the idea of turning around and enforcing an insecure one instead, as though they haven't had that idea already?
Also, its simply false that the market has not produced good solutions and if there was a 'unified message solution' then people would cry 'monopoly' and demand government regulation as well.
The fact is that the standard tool for most people use for messaging in Europe is an incredibly secure protocol.
Has it really failed though?
iMessages supports CALEA (but is still end to end encrypted, as well as FaceTime), all US messaging products must support it (even Twilio supports it  ). You are unable to subvert nation state legal jurisdictions within fundamental telcom infrastructure. Signal can get away with it, Apple, Google, and cellular carriers cannot.
Can't have your cake (universal messaging) and eat it (end to end encryption with zero trust requirement) too. So can't we push from something better than SMS, using regulation if required? It must not be perfect, but simply extensible in the future (similar to SS7). In jurisdictions that are favorable to it, you support E2E encryption. In those that are not, you downgrade loudly. Compromises must occasionally be made.
So, the SMS solution is what these quasi-regulated entities gave you. Whereas iMessage, RCS, Signal, etc is what private industry gave you.
Happened exactly like that when Germany introduced their "official version" of e-mail, called "De-Mail".
When the Chaos Computer Club pointed out how their whole system is insecure, due to, amongst other issues, a lack of end-to-end encryption. The German government simply decided to declare the whole thing as "secure" trough legal definitions .
Which means that in practice the system is not secure, but the law considers it secure because it fulfills the arbitrary, political, definitions for "secure transmission", which also includes the capabilities for lawful interception.
That, and I’m fairly certain any government mandated standard would just be one more service to support.
So when the regulators come to you and explain why they need a back door in the messaging protocol you're working on, try downvoting them.
lol I appreciate you offering an excellent counter-example to your own point within the sentence.
So, it’s incredibly disingenuous to reduce all alternatives to capitalism to murder when american capitalism is objectively morally broke.
Second, to answer a question that you didn't ask, what you're feeling is called cognitive dissonance. When you feel certain that someone is wrong about something but you can't articulate how or why, you may be tempted to use words like "stupid" that deflate your own point more effectively than they rebut the other person's. It's as if two conflicting motivations are at war in your own mind, consuming intellectual resources needed to form a cogent response. I'm right, he's wrong, but... no, I'm right, he's wrong.
If you work towards learning to recognize cognitive dissonance when it arises, you can fight it consciously, and help yourself (and perhaps whoever you're arguing with) to get closer to the truth of the matter.
(Yes, this is off-topic, and I'm already bending the rules by replying to you at all, so I'm done with the thread.)
As far as messaging apps, iMessage benefits me greatly. The premise that apps don’t benefit the user is flawed: if they didn’t benefit the user, nobody would use it — except government, we have no choice on using government or not. If the government meets 99 people’s needs, but doesn’t meet my needs, I’m stuck. I can’t switch to an alternative. If an app meets 99 people’s needs but not mine, I can switch to an alternative or build my own. Nothing is stopping you and your friends from building the most amazing messaging app ever. From someone who grew up remember Lada and Yugo, my faith in collectivism in product development is admittedly thin. Very few products from Soviet era factories were any good, I have no expectation that a government built Messaging service would be any better.
This is exactly the problem with this site: no good tools made anyone rich.
There’s a reason I am having this discussion on HN: People should separate the building of valuable things from the pursuit of riches. Those two are inherently contradictory, and we have nothing but closed mediocre technology making someone rich who barely worked at all.
I believe cooperatives, collectives, and trade unions should be discussed more here. Nothing about Yelp is hard to build, and yet it’s a piece of crap, but the only piece of crap we have. Capitalism is a future of absolute mediocrity, where your needs are considered proportional to your wealth.
I didn't write or receive any SMS for like 5 years now (except some confirmation codes) since encrypted messengers became so common and accessible.
I think it's obvious that SMS is outdated either way and I too think that encryption should be P2P on the "application layer" for many reasons. Encrypting the actual physical transport would add extra cost in terms of latency and hardware and could become a maintenance disaster over time if I'm not mistaking.
Fortunately as data plans get cheaper we have plenty of alternatives for encrypted messaging on smartphones.
Now consider a world where SMS is end-to-end encrypted. Nobody can intercept your 2FA codes, no matter how insecure the transport is.
Which I believe was parent's point. Attestation and authentication of network infrastructure (in a way that would preclude Stingray attacks) is equally important as anything you layer on top.
Otherwise, without some sort of global PKI you can consult out of band, you're just rolling the dice that the cellular station you're connecting to isn't rogue and performing a man in the middle attack.
Some sort of global PKI like what iMessage uses under the covers?
My point was that app-layer security magic doesn't mean much if your first network step is "connect to closest, highest power base station and implicitly trust it."
There are wonderful things we can do on top of lower layer protocols, but the lower layers are pretty damn important too.
I don’t understand what you mean when you say that app-level security doesn’t mean much if your first network step is compromised. TLS will protect you there, as will any other decently implemented end-to-end encrypted protocol.
I was trying to note the risks to PKI-less / web of trust participants, and should have called that out explicitly.
Mostly because I'd much rather live in an encrypted world where WoT is the dominant mode, vs corporate-controlled PKI. And the biggest risks there seems like the step no one can get around in ordinary use.
If all the user needs to verify is the infrastructure, then something like https's certificates could work, but it could be simpler because it would be managed entirely by one organization. So more concretely, your sim card could contain some root CAs that it trusts.
But it would only protect against passive attacks by your provider. It wouldn't protect against active attacks by your provider. Your provider could issue itself a new cert for you and your correspondent and then intercept the messages. It's certainly an improvement over what we have now though.
The insecurity of SMS needs to have way more awareness and vendors need to feel it in their pockets for this to improve. There are better alternatives like TOTP.
These are services you as a cell phone user don't interact with directly, but still very important as they provide authentication of the user and (ideally and hopefully) authentication of the network, access or indication of your location, and other neccesary services needed to seamless move between cell towers.
> Here we are talking about implementing security in hardware (bad idea: hard to upgrade as security requirements and practices chage) at a very low level (at data link layer). If this is to skip security at higher levels of the stack, you have to trust all hardware vendors and operators worldwide. If we don't, we can as well communicate on an insecure channel: that's what modern TLS provides.
So you're turning off WPA on your wireless router, I take it?
TLS is not a panacea, and there are many attack vectors for devices and applications throughout the entire network path. Defense in depth suggests security be applied wherever there is a vector.
And, of course, every few years the current wireless protection systems are defeated, rendering the whole thing useless until you upgrade your hardware (because nobody wants to spend money to provide a software fix for something you've already bought).
The network itself needs to be secured just as well -- thinking especially of SS7 and BGP and the likes here.
All this is to say, the kind of security most people think about when they discuss 5G and SS7 security --- universally trustworthy cryptographic secure channels --- is not a good fit.
I tend to think the same thing about BGP (vis a vis global signing schemes like RPKI), but I recognize that I'm an oddball in that regard.
That said, I tend to think that free and mutually dependent trade is a good solution here (basically the opposite of Trump's trade war). Going back to the ancients, the countries with the most trade are the least likely to engage in hostile acts. There's an old saying, "where goods cross borders, armies don't."
Sure. Why not? I do banking and I read my email on public, untrusted networks like airport and hotel wifi, Starbucks and the internet.
I see not problem with that.
Would you care to try doing your banking over my WEP-only secured 802.11b network?
This is exactly my point.
Also there's hijacking account recovery and 2 factor codes via SMS.
Secuirty at the client and server layer doesn't help you if you can't get connected at all.
> Mr. Wheeler is a former chairman of the Federal Communications Commission.
But we all know why none of that happened. The wireless network protocols are designed with the "help" of the world's top intelligence agencies (and no, that's not so we can benefit from the additional security).
With mobile standards, the technology is fundamentally such a joke that people come up with wonky technical reasons to avoid talking about the political problems. We probably offer better security for sporting event feeds than we do for critical communications infrastructure.
Whether that's actually something anyone would do is different, but technologically, https allows for not trusting anyone but yourself and the organization your speaking to.
Smartphones existed since the early 2000's, well before the first 4G deployment in 2009. From the Smartphone wikipedia entry:
"The first iPhone also faced criticism for not supporting the latest 3G wireless network standards, but was praised for its hardware and software design, and its June 2007 release was met with heavy demand"
OP author doesn't seem to know their history...
This is on O2 (UK). Maybe I need a new network.
Here in New Zealand the telcos have, for some time, been reducing their 3G capacity to the bare minimum and using freed up spectrum for 4G.
Before: 10–60 MHz allocated to 3G (across 850/900/2100 bands) and 20 MHz allocated to 4G (1800 band only).
Now: 5–10 MHz allocated to 3G (either one of 850 or 900 bands only) and 20–60+ MHz allocated to 4G (across any number of 700/900/1800/2100/2300/2600 bands).
4G has improved here not only due to capacity being refarmed from 2G/3G (e.g. 2degrees NZ dropped 2G to provide 4G capacity at 900MHz, and Vodafone NZ has swapped their 3G 2100 MHz out for 4G 2100 MHz) but also 4G supports a wider range of frequencies including 700MHz which has improved rural signal strength.
I understand generally what is happening other countries is not too much different to what's happening here. I know UK and Australia have seen similar strategies being implemented.
UK Note: O2 UK shares their network with Vodafone UK, so you might like to have a look at EE UK/Three UK who also operates a shared network. In the UK most sites are operated by either one or the other (sometimes both groups cooperate and all networks are served from the same site).
Shame on the NYT for publishing unsubstantiated position papers written by a political operator ("By Tom Wheeler, Mr. Wheeler is a former chairman of the Federal Communications Commission.") under a misleading headline.
At one time he was head of the main cable industry trade group, back when cable was trying to be David to the TV network's over-the-air Goliath. This was when cable was just about video, because cable internet had not yet been invented.
Later, he was head of the main cellular and wireless trade group, when they were the newcomers for both voice and data, against the big wired telecommunications companies.
These past positions had a lot of people worried when he was appointed FCC chairman, over concern that he would favor industry. What most observers failed to notice was both of those positions were at times when their respective industries were the upstarts, going against established monopolies or near monopolies, trying to bring competition and wider services to consumers. In other words, he represented those industries at a time when being pro-cable or pro-wireless, respectively, was being pro-consumer.
When he was at the FCC, several decades after his association with the cable industry, and about a decade after his association with the wireless industry, when the interests of those industries and consumers had diverged, he tended to go with the consumer side. The cable and wireless companies were definitely not fans of Wheeler's FCC actions, fighting in court against almost everything he did.
In the 20 or so years between the job representing the cable industry and the job representing the wireless industry, he was a founder or major executive in several companies, including at least one that failed due to lack of net neutrality. Some of these companies have been telecommunications related, but some had nothing to do with that (e.g., one is in aerospace components, and one or more have been in banking).
He's also a former director of PBS and was chairman and president of the National Archives Foundation. He's combined his interest in American history and telecommunication in a well reviewed book about the Civil War called "Mr. Lincoln's T-Mails: How Abraham Lincoln Used the Telegraph to Win the Civil War" .
Dismissing him as merely a "political operator" seems rather shallow.
The carrier should not be able to know much about you, except some vague metadata (an histogram of the amount of data you exchanged with some IPs.)
The network needs security, as does the applications running on it. These are different security layers, and cannot be provided together.
With an insecure network, even if your applications are secure, then bad actors (government, company, whoever) have a much easier time attacking your phone directly. Perfectly secure applications and an insecure network leaves your phone open to attack from nearby radios. If we assume your applications are all perfectly secure, and your phone software and hardware are also all perfectly secure, then that leaves abuse of the network as a tool to affect denial of service, spying on presence meta-data, and not limited to the carrier.
But of course there are no perfectly secure applications, nor any perfectly secure phones. So keep in mind that the weak network greatly expands the attack surface from which bad actors can mess with your phone.
This isn't a problem solved with layer-7 security.
But then you lose the whole network of SMS/phone numbers. You can probably get all your friends & family to contact you using whatsapp/fb messenger (or if you try really hard, signal), but good luck convincing your bank. Your phone calls with your bank/broker probably contains more sensitive information than your phone call with your friends/family.
And your approximate location at all times due to their triangulation capabilities.
Not much you can do about that one though.
Edited to add: Also, as long as phone calls and SMS are around and used we should strive to work to make them more secure.
802.1X - authentication
All infrastructure in a country is beholden to that country's government, and that will never change. Any attempt to put encryption into a widely used physical layer will fail, because no committee will agree on an effective implementation that actually works (governments WILL subvert any committee). Governments will insist upon backdoors or sniffers, and hardware has the disadvantage of being in one physical place, easily targeted by a government.
The physical layer is compromised, and always will be.
The iPhone was released in June 2007, more than 3 years before the first LTE phone was released in November 2010. The iPhone wasn't the first smartphone, but it did kick off the smartphone boom. And it did it without even 3G; the original iPhone only supported 2G (despite widespread, but not universal, rollout of 3G in the USA).
Note that the author is Tom Wheeler - former chairman of the FCC. It does seem to be a 100% political piece rather than anything to do with the tech.
I remember using my trusty BlackBerry back with 2G. The first iPhone launched with just 2G. If you want to talk about the general rise of the smartphone, then it would be about 3G.
Wired connections are more secure, or perceived to be so because the assumption is that sniffing the medium is more difficult, which is generally true because someone would have to physically make a connection (unauthorized) to your cable and the assumption is that it would be detected (perhaps).
It's just a lot easier to sniff your channel over the air.
5G can be implemented on any piece of spectrum, sub-1Ghz, mid-Ghz or so called mm-wave. One thing about mm-wave that makes it "more cable like" is the highly directional nature. 5G that is being deployed on mm-wave bands (e.g. 28Ghz) have extremely small beam widths due to the use of Phased Array antennas. This makes it much more difficult to "sting-ray". or at least is more easily detected.
Having said all this... everyone should always keep in mind that whatever wireless network you are on, GSM, CDMA, HSPA, LTE, Wifi, 5G whatever, you cannot count on the phy layer for protection.
Mobile networks provide Internet access with all the risks associated to the Internet. But the radio access is reasonably secure, if we compare with public WiFi. It's encrypted, authenticated and the operators are more trustworthy than the random person that puts up an Access-Point with years-old firmware. (the operators have something to loose here)
No matter who is going to lead 5G technology, The service provider will have full control as they already have. They will be still able to do everything that they are doing already.
So we will have our domestic controls and it is secure it that sense.
Perhaps, What we might not have is having our backdoors to have the same powers in all other countries around the world.
i think i'd prefer more innovation in terms of security and privacy rather than more bandwidth that nobody really knows what to do with...
The new Congress should use its oversight power
to explore just why the administration has failed to do
to protect against that risk, ...
I understand that US based media and forums like HN are little behind on mobile tech, but how it is that this thing persists even 2019.
For starters, There is bandwidth not owned by carriers. You can have your own 5G hubs. Companies can have their own 5G networks in factories. Unlike Wi-Fi, you can have more control of latency and reliability. So for example factory with 5G networking between robots etc. is possibility.
Connection density, energy efficiency, area data rate, very low latency, virtual networks etc. allow completely different applications.
Say, you have peak utilization of graphics card for gaming around 5%, if you can have the card in the edge servers and play the game by streaming it from nearby servers, it's more efficient use of HW and enables mobile games that phone hardware does not support. South Korea or some Chinese cities might be the first to lead mobile gaming to this direction.
ps. Nvidia has already demoed GPU in base station over 5G with 60Hz 16ms lag and promises 3ms in the near future.
There have been wireless access platforms with much more control over latency and robustness for well over a decade.
Bandwidth not owned by carriers is also not new. LTE-U is a recent example.
This all sounds similar to the hype that comes with every other new generation of last-mile access technology.
Without getting special permission from a carrier? The ability to set up your own wireless equipment that can supply normal phones is an important use case.
> Bandwidth not owned by carriers is also not new. LTE-U is a recent example.
Wikipedia says LTE-U died. And as far as I can tell LTE-LAA only speeds up existing LTE connections; it can't work standalone. There's MulteFire? It's only half-developed though.
> Would be interested if any actual examples of real life non-carrier 4G networks could be provided.
For one, you can just look for companies deploying Redline, Nokia, etc eNodeBs that aren't traditional telcos...
LTE equipment for 5.8Ghz spectrum / LTE-U has been on the market for some time and in use by private industry and boutique service providers. E.g. https://www.doubleradius.com/Manufacturers/Kits/baicells-sta...
In 4G, instead of LTE-U you are getting LTE-LAA (License Assisted Access). You are basically getting the permission from carrier or from some alliance that buys licenses depending on the country, city or region.
5G will support: LTE-U/LAA as well as stand-alone NR-U (stand-alone operation in unlicensed spectrum).
Faster means that your download takes up less spectrum. Allowing more users to have a good experience at the same time.
Point being, there will always be uses for higher bandwidth and lower latency even if you don't need it yourself.
They're synonyms in English in some contexts, (e.g. 'I feel safe/secure here') just not this one.