There are literally no known commercial scale deployments of '5G' technology out there - its largely on paper with many technical and practical details to be worked out - and the deployments discussed even when they do go hot, will be small, literally, these are microcells, something effectively the size of a oversized wifi hotspot. What has been deployed, is effectively LTE-Advanced, with extra channel bonding and MIMO. Beyond that, the 5G standard isn't even finalized yet.
We're still solidly in the '4G' era, and we (in the US) don't even have 100% saturation for LTE coverage, much less LTE-Advanced.
It can be useful to have different labels for the "generations" when they're incompatible. Analog (1G) is incompatible with traditional GSM (2G), which is incompatible with UMTS (3G), which is incompatible with LTE (4G). So if your new network only has 4G but your old phone only has 2G and 3G, you know it won't work and you have to buy a new phone.
CDMA for example was designed to evolve from AMPS (so was D-AMPS or TDMA, which was another 2g technology), so you could put CDMA and Analog carriers in the same site infrastructure. The 'nG' label is virtually meaningless is most discussions. It also leaves out discussion of PHS, and others, which were clearly 2g technologies.
As a person who works in the industry: There are pretty much no actual 5G systems in use. There are carriers in the US building microcell sized, DAS type LTE-Advanced things on utility poles and similar.
4G is defined in an ITU paper basically. And telcos started to use it for networks that were pretty far from 4G. Then ITU simply said, that okay, sure, use that, because they don't care.
HN should seek out and submit high quality precisely communicated pages about the concrete instance of "news" that the fluffpages post. But instead all we get is the complaining.
It's usually a cat-and-mouse game, with some commercial deployments solidifying some portions of the standards, while themselves accommodating other portions of the standards from other networks as the technology matures in the upcoming years.
I don't know what kind of phone you have, but I have seen 2G. H, E, LTE and LTE+ in the top bar of my phone quite often.
The perfect is the enemy of the good and cops do use stingrays for a reason. But targeted government surveillance is only one privacy threat, and carriers have no compunctions about bulk selling your location to the mass surveillance industry.
Heck, simply removing the IMEI so that users don't have to buy a new burner phone (/mifi) along with every burner SIM would be a vast improvement!
Really I'm just pointing out the larger context, as it's important to keep in mind. Shoring this up will make the keystone cops have to go get a warrant, but won't help versus the NSA, parallel construction, or GoogleNexis. It probably won't even make private investigators have to eat lunch in their cars again.
If you can't trust your network entry point on mobile, you're really just screwed in many un-patchable ways. Mobile-to-mobile mesh networking could help, but I can't imagine that being widespread unless it's done in a layer outside user control or visibility, taking you back to square one.
See Norway's fumble for a principal example.
 - https://www.thelocal.no/20150309/norway-police-broke-law-wit...
Roaming is a bit special, but this still holds. You then trust both operators, not just your home operator.
There are issues with stingrays - but these happen due to protocol edge-cases before authentication is established. [Edit: this paper uses side channels to collect information, but that's what a sniffer can do]
Every base station is authenticated.
In most countries, all connections are encrypted.
What exactly are you trying to say? Worrying customers can easily enforce 4G. Networks should drop 2G and 3G, but still, things are getting better.
In 4G there are location and identity leaks, and denial of service (which is why smartphones and carriers should drop 2G and 3G).
Or is this a "technology is all bad" kind of comment?
With roaming, your provider could cross sign other providers - and for long range/international roaming you could maybe allow forwarding of encrypted requests for authentication over an untrusted channel.
That would probably be enough for some level of (location) tracking - but there'd be no need to allow any regular traffic over such links. In theory. In practice, that'd probably be too expensive, and you'd get better service and security relying on wlan and something like signal....
That is, older attacks allow you to collect all IMSI's in the area. Instead, this attack allows you to track a given phone-number, and retrieve the IMSI that belongs to a given phone number.
Edit: it seems like an Email address or twitter handle also works. What is needed is some way to trigger a message on the phone. That still requires knowing some identity up-front though.
Marginal. No barrier at all for targeted attacks (phishing, stalking, intelligence etc.).
Such post-hoc tracking is not possible with this method.
Similarly, if all you know is "I don't trust the bearded guy who just disembarked the plane" it could be hard to get to an identity that will trigger his phone. With a traditional 'What IMSI's are in the area' capture, you just need to follow them long enough that one IMSI stands out as always being available. This attack doesn't enable that either.
Do you have a link for this? It's difficult to Google
The officer requested use of a “digital analyzer” to locate the new burner phones at “any time of the day or night … without geographical limitation in the State of Illinois.” The request was approved.
I recall similar things happened in New York
Perhaps 'a very large use case' was too strong a phrasing though.
This makes the brute-force attack quite a bit harder, as you need to be in contact with the target phone for the duration of the attack (you don't need to do the attack in one go though).