Hacker News new | past | comments | ask | show | jobs | submit login
Apple and Google Are Introducing New Ways to Defeat Stringrays – Is It Enough? (eff.org)
43 points by arkadiyt on Sept 17, 2023 | hide | past | favorite | 9 comments



Apple iOS 17 option on only in lockdown mode for insecure 2G towers.

.. documents show the “Stingray II” device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

https://theintercept.com/2016/09/12/long-secret-stingray-man...


>Apple iOS 17 option on only in lockdown mode for insecure 2G towers.

Extreme facepalm. So many good options are held behind an all-or-nothing setting.


So, for iOS stingrays are blocked when the phone is in lockdown mode.

Off topic, but I am re-evaluating using some web services that don’t work as well in Lockdown mode. I ask myself, what are these sites doing that running in Lockdown mode interferes with normal use?


JIT JavaScript compilation is the big one for the web, without it some sites will have performance issues.


I use an M1 iPad, so even without JIT, I don’t really notice the speed drop. What is very noticeable is missing assets in a web page. Looking at Reddit with and without Lockdown will illustrate this clearly.


"So far Samsung has not taken any steps to include the 2G toggle from vanilla Android, nor has it indicated that it plans to any time soon."

I'm blown away by the lack of validation on this from EFF. My Galaxy Z Fold4 has this setting exactly where it's referenced in EFF's earlier blog on the subject.


Stringray? I clicked because I hadn't heard of that before :)


StingRay is a brand name. The generic term is IMSI catcher. Basically a portable fake cell tower law enforcement can carry around that will capture the identities of every phone in the vicinity. They can also pretend to be 2G-only towers to trick phones to use an insecure protocol so more data can be captured.

Since it tracks everyone in the area, there's major privacy concerns about how they're used, and police have been caught repeatedly lying about their use. To the point that if the defense in a case discovered police had used a Stingray to identify their client and challenged it, the police would drop the case rather than letting anything about the Stingray enter the public record. https://arstechnica.com/tech-policy/2015/04/fbi-would-rather...


I think they were referring to the typo. StRingray. :-)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: