Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I've always wondered this. When encryption algorithms are broken, we phase them out for new ones. When cell tower protocols have weak encryption we don't seem to do anything about it. I hear that edge and 2g protocols are completely unsafe but there's not even an option in my phone to disable them. What gives?


>"When cell tower protocols have weak encryption we don't seem to do anything about it."

SS7 is not a "cell tower protocol", its an entire protocol stack that allows a Telco central office switch to talk to any other central office switch on any other Telco anywhere in the world, for both copper and cellular subscribers. It run's the entirety of global phone. Class 5 Telco switches are often old Many of these switches have been in service since mid 1970s. Do an image search for "Nortel DMS 500" and you will get an idea of how old and stodgy a lot of this gear is. And it all needs to interoperate seamlessly as governments, emergency services etc all rely on it. In fact with they add IP capability to SS7 - SIGTRAN, they basically forklifted it as is, warts and all. Presumably to err on the side of caution.

A handset only implements a small subset of the SS7 protocol stack the Mobile Application Part(MAP.)


> When cell tower protocols have weak encryption we don't seem to do anything about it

Consumers are more likely to switch because of coverage than security.


> Consumers are more likely to switch because of coverage than security.

This is, perhaps, because they aren't informed that their communications aren't secure and that coverage is extended despite being insecure.


You can disable edge and 2g on most modern phones.


Plenty of old phones as well. I remember my ancient Sony Ericsson dumbphones had the option (and good too as I was on a 3G-only carrier)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: