There's a hidden Android setting that spots fake cell towers

 (howtogeek.com)

74 points | by rmason 3 hours ago

11 comments

  • zugi 1 hour ago
    Many years ago browsers started alerting users to HTTP (vs HTTPS) connections and HTTPS sites using invalid or untrusted certificates.

    How is it possible that in 2026 we're not notified by default when we connect to a cell tower with no certificate so our communications is being broadcast into the air completely unencrypted?

    [-]
    • shimman 1 hour ago
      You're asking why a government, that is already known for massive surveillance, wants devices that nearly 100% of the population owns to be completely unencrypted?
    • globalnode 37 minutes ago
      should'nt you always assume your communications are being broadcast into the air unencrypted unless you're connected with ssl/tls? even if encrypted to the tower the carrier can still intercept all your stuff.
    • Muromec 1 hour ago
      The moment this is rolled out is the moment government will start figuring out how to insert itself into the chain of trust so it will not matter.
      [-]
      • Avamander 44 minutes ago
        Why bother locking the door if it can be kicked down? /s

        The harder and obvious it is, the better.

  • catlifeonmars 41 minutes ago
    > the attacker can harvest device information and force your phone onto an older, unencrypted protocol.

    This is why you should always toggle the setting that disables 2g/3g fallback.

    With 4G, for example, your device will refuse to connect fully unless the network can pass the cryptographic challenge that proves it shares the key material included in your SIM card (I know, I know, symmetric keys are not ideal). The best an attacker can hope to do in 4G+ is harvest your subscriber ID (IMSI) or deny you service while you are in range.

  • beezle 3 minutes ago
    Wouldn't setting your phone to NR/LTE only in the ##4636## service menu prevent this as well (though without a pop up)?
  • MollyRealized 1 hour ago
    As far as I've been able to determine, the main feature this article speaks to is not even on the Pixel 9 - it is only a feature on the Pixel 10.
    [-]
    • dataflow 7 minutes ago
      I believe it's available on Pixel 9 Pro, at least. You might need a recent update, not sure.
  • buran77 2 hours ago
    Is something similar available in iOS? Apple's full control over the hardware and software should make it easier than in the Android ecosystem.

    > software can only do so much. For these security features to work, your phone's modem has to be able to communicate with the Android OS in a very specific way

    > Because of this hardware requirement, the full suite of these network security tools is currently exclusive to the Pixel 10 series

    [-]
    • OptionOfT 1 hour ago
      iOS allows disabling 2G connections, but only in lock-down mode.
    • veverkap 1 hour ago
      This would be an amazing feature.
  • cadamsdotcom 29 minutes ago
    Great! Then you can report them to the police.. oh.
  • dataflow 58 minutes ago
    Thing is, what're you gonna do about it when you see it?

    Edit: whatever the answer is, it needs to work when this pops up frequently, because it will.

    [-]
    • thesuitonym 38 minutes ago
      Know that you're compromised. Don't say or do anything incriminating. If possible, leave.
    • 3eb7988a1663 46 minutes ago
      Interesting question for sure. Given the implied budgets for domestic surveillance, are there any metropolitan areas which do not have fake towers?
  • OptionOfT 1 hour ago
    Isn't it the case that disabling 2G on its own is enough to block these issues?

    Like the notifications are nice, but they're not a Allow / Deny popup. When you get the popup your data could've been intercepted.

    [-]
  • pwndByDeath 2 hours ago
    I set up a rayhunter, not so worried about myself, but more an early warning if something was to change in the area
    [-]
  • bobse 1 hour ago
    [dead]