John Mattsson <john.matts...@ericsson.com> wrote:
>> I was always very sad that AKA did not get more uptake as it
authenticates
>> the network to the phone, and therefore would have (as I understand
things)
>> defended against "Stingray" like equipment used without judicial review,
>> requiring interceptors to significantly involve telco in such things, and
>> limiting who they would actually "catch". ... I've heard other claims
too.
> Several independent things here, first there are 4 different form
> factors for removable UICCs (aka "SIM cards")
> 1FF ("Full-size") = ID-1
> 2FF ("Mini-SIM") = ID-000
> 3FF ("Micro-SIM") = Mini-UICC
> 4FF ("Nano-SIM")
Yes, I knew that the original AKA form factor was different, and that this
was a limitation on why we still had "SIM" cards, but then I thought that
when we went to mini, that the form factors "converged", and you confirm that:
> On the UICC, there are either a SIM application (2G), an USIM
> application (3G) or both. If you live in a country that have 4G and do
> not use a very old SIM-card, your SIM-card have USIM and can do AKA
> with network authentication. Authentication to a 4G/LTE network
> requires a USIM and always use AKA with network authentication.
Good to know, thanks for this explanation.
> - the other is active false base stations. Many operators around the
> world has already turned off their 2G/GSM networks. The only reason
> this attack still works is that your phone happily connects to false 2G
> network is offers the best signal. Neither iOS (Apple) nor Android
> (Google) allows you to even manually turn off 2G. They both allow you
> to turn off 4G for battery savings but not 2G for security reasons. Ask
> the company that made your phone ;)
Sad to know. Thanks for explaining this.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
