alt Hacker NewsThere's a hidden Android setting that spots fake cell towers
Comments
> the attacker can harvest device information and force your phone onto an older, unencrypted protocol.
This is why you should always toggle the setting that disables 2g/3g fallback.
With 4G, for example, your device will refuse to connect fully unless the network can pass the cryptographic challenge that proves it shares the key material included in your SIM card (I know, I know, symmetric keys are not ideal). The best an attacker can hope to do in 4G+ is harvest your subscriber ID (IMSI) or deny you service while you are in range.
As far as I've been able to determine, the main feature this article speaks to is not even on the Pixel 9 - it is only a feature on the Pixel 10.
It’s wild that in 2026 we still aren’t notified about unencrypted connections by default. Learning that SUCI is optional and roaming makes certificate management so difficult was really eye-opening. Great read!
Thing is, what're you gonna do about it when you see it?
Edit: whatever the answer is, it needs to work when this pops up frequently, because it will.
Wouldn't setting your phone to NR/LTE only in the ##4636## service menu prevent this as well (though without a pop up)?
I set up a rayhunter, not so worried about myself, but more an early warning if something was to change in the area
Is something similar available in iOS? Apple's full control over the hardware and software should make it easier than in the Android ecosystem.
> software can only do so much. For these security features to work, your phone's modem has to be able to communicate with the Android OS in a very specific way
> Because of this hardware requirement, the full suite of these network security tools is currently exclusive to the Pixel 10 series
Isn't it the case that disabling 2G on its own is enough to block these issues?
Like the notifications are nice, but they're not a Allow / Deny popup. When you get the popup your data could've been intercepted.
Great! Then you can report them to the police.. oh.
In the US they disabled 2G. Other countries are doing the same.
Thankfully, my country is slow on that. I have some brick phones lying around for when I go in the field. The duration of the battery is like twice on 2g than on 3g on standby (Like two and half to five days; I haven't checked talking time). Granted, that might be phone specific, network specific, or something else specific, but when internet is not needed, I have more use for extra battery than extra security.
I know my government has 100% control over my telecomunications. It is a tradition in this country.
[dead]
Many years ago browsers started alerting users to HTTP (vs HTTPS) connections and HTTPS sites using invalid or untrusted certificates.
How is it possible that in 2026 we're not notified by default when we connect to a cell tower with no certificate so our communications is being broadcast into the air completely unencrypted?