Never gave it much thought before, but there are no trusted certs/credentials embedded into devices, so all of this is BS, no? Every secure handshake must actually be anonymous and MITM-able.
-
-
-
That is, authentication isn't mutual. Phones/devices have IMEI and SIM to authenticate themselves to the network. Network towers never authenticate themselves to the devices though.
End of conversation
New conversation -
-
-
Yeah.... schemes like that can never actually be secured, which is why fake towers/IMSI catchers will always exist.
-
In order to do this securely and allow phones to roam off their SIM's home network, they'd need per-network keys and Kerberos-style cross-realm trusts, with towers retrieving an encrypted cred from the home network to present to the device.
- 1 more reply
New conversation -
-
-
I think I've got an idea by now...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.