alt Hacker Newsshould'nt you always assume your communications are being broadcast into the air unencrypted unless you're connected with ssl/tls? even if encrypted to the tower the carrier can still intercept all your stuff.
Replies
leptons • today at 2:32 AM
Unless your device is fully air-gapped, and you are absolutely certain of that, then you should assume whatever you do on the device is being monitored, by someone, somewhere, for any reason at all.
True, but multiple security layers help both through redundancy and because they protect different things.
Cell encryption is not end-to-end, so even with cell signal encryption I'm susceptible to snooping by:
- the phone company
- the government if they serve the cell phone company with a warrant or other legal proceding
- malicious downstream actors
I'll use HTTPS for browsing to mitigate the damage of course, but even so without cell signal encryption, I'm susceptible to all of the above, plus any physically nearby actor can:
- see my text messages and possibly inject fake messages
- hear my phone calls
- see which IP addresses I'm communicating with (though not the contents of that communications if I'm encrypting with HTTPS)
- If app store security is inadequate or has flaws, they could force-feed me a malicious app disgused as an "update".
- I don't control the communications used by individual apps, so they can see any data passed in the clear, and trigger and exploit vulnerabilities in those apps via MITM.
So cell signal encryption helps a lot, though certainly it's not sufficient by itself.