Cell-site simulators (CSS)—also known as IMSI Catchers and Stingrays—are a tool that law enforcement and governments use to track the location of phones, intercept or disrupt communications, spy on foreign governments, or even install malware. Cell-site simulators are also used by criminals to send...
Removed by mod
Removed by mod
Removed by mod
Your IMEI, your carrier IP, your packet timing, any DNS your phone leaks, the IP of your VPN endpoint, your transmitter chipset, your likely OS kernel, any unreleased zero-days known to them (and maybe an exploit for them), and also a way to ack TCP packets it never intends to forward in order to sever your connection while letting your device keep taking for as long as possible, which might buy them a little extra time before you realize they’ve captured your session and cut you off.
Removed by mod
deleted by creator
They don’t care about the data. They want the metadata. That’s the whole point of these things
Even that isn’t enough. The wireless modules of normal phones have direct access to system memory and, by law, have proprietary firmware. Some exploits have been found over the years. This needs to be isolated to avoid backdoors/bugs.
Not saying you’re wrong, but I’d love to read the sources to your claims.
Example: https://grapheneos.org/faq#baseband-isolation
Baseband modems were not isolated from kernel memory in stock Android, GrapheneOS had to do it themselves using the IOMMU. We do not know for sure due to the proprietary/closed-source nature of baseband modem drivers, but we have no reason to assume any OEM (Samsung, Xiaomi etc) implemented proper isolation of baseband modem and system memory.
That’d be a huge oversight on their part. Thanks for the clarification.
Removed by mod