You pay for the coverage and the infrastructure they built.
> you're saying most people can just point some metal out of their window and the neighborhood would be happy
Technically? Yes, you can do it in a few hours, or as a weekend project if you’ve never done it before. Just grab a full-duplex SDR; you don’t need to go for expensive ones like the USRP. Get a BladeRF or LimeSDR, download the software, and set up the station.
The problem lies with the regulations. Depending on where you live, you might face hefty charges for violating spectrum rules, and they are actively looking for such violations by the way. One of the proofs of concept we did with the regulators here in Canada involves using a drone to detect these violations. It’s just a matter of time before they find you.
Is there a reason cellular tower base stations don’t have this spectrum surveillance capability? With such broad coverage, it would be straightforward to triangulate and report coarse location of unlicensed broadcasting.
I suppose they totally have that capacity, because cellular networks depend on fair play of thousands of devices sharing access to a part of the spectrum in a given area. Constant stats gathering has to be vital for detection of hardware faults and coverage problems in very complex city networks. Stations can even ask mobile devices to work as remote probes, and report immediate signal levels for each station they can receive. Operators have all the incentives to snitch on anything suspicious or broken to both the regulatory body, and the security services (who probably reply “oh, it's ours” most of the time).
Prior leaks or reports… can’t recall which… said the service providers could trace people with pinpoint accuracy. Way better than GPS. The cops were using it. I think it was in a law enforcement portal with some telecoms, too.
The other trick was how more things are designed to stay on even when they look off. An older one with older phones would make it answer silently so you didn’t know if they were listening.
There’s so many risks with telecoms that high-assurance security (a) said keep cell phones away from anything security-critical and (b) used Red-Black separation where whatever connects to untrusted line never had any plaintext, just encrypted. Seperation kernels, like INTEGRITY-178B and seL4, were invented to hopefully do that with software.
Even without a SIM card with the location off and the phone in airplane mode, the service providers have pinpoint accuracy. This is because all phones can communicate with 911 even without a SIM. It is always active logging your location.
For law enforcement they have multiple levels of collecting location data. Of course, your location is sent to Google or Apple etc as you move around. Even your searches for destinations in stuff like Google Maps, even incognito in Google Maps, reports your search, live, to law enforcement if they request it. Often with sketchy legal justifications to the third party.
If a target is moving around a city, they can be followed live on the array of cameras everywhere, accessible remotely. Many with facial recognition. Others in populated areas collecting all kinds of information. Wifi broadcasts, bluetooth devices, any RFID, all collected, stored and combined. This is how they are able to use a form of geo fencing requests to find out who was in an area at a specific time, potentially interacting with the target.
Networks of interactions at a global scale get revealed this way.
It just goes on and on too. Go to a rural area and maybe everyone has front door cameras. LE can access them remotely.
In fact, your entire ISP connection can be man in the middle decrypted and parts overwritten in transit, if given access at the ISP level.
While working in iCloud typing notes or watching YouTube videos, they can control your live sessions, watch you compose a document... Choose which videos you are recommended. Choose the advertisements you see.
The possibilities for them really are endless and all of this happens in many cases. It is a surveillence state.
this can have it's perks, even if it has scary avenues for abuse. My phone but-dialled my countries version of 911 once, and police showed up at my door. I had recently moved, so there was no reason for them to know my location, as I had not updated my address anywhere, but they did know. It was a dense set of units, and they knew which door to knock on. I assumed it was this triangulation tech that allowed for it to work, so it rest a little easier knowing if I call and cannot really communicate, I can expect some sort of response fairly promptly.
Seperation kernels don't help, because all the radio and Qualcomm spyware is in the baseband chip already, which is completely sealed off. Only avaliable from the CPU through a serial line.
They help to eliminate lots of vulnerable code from the TCB. If that’s what attackers are hitting, then it will definitely help. If hitting the other stuff, it won’t help. How valuable it is depends on how often each is targeted.
Kernel up used to be the most, targeted layers. I’ve been out of the field a few years. I don’t know how many black hats use 0-days on basebands in practice.
You would have to buy some spectrum, just like the existing wireless carriers. And spectrum is a limited resource, so you'd have to buy some that someone else wants to sell.
The phone part is no different. It's easy to run your own FreeSWITCH or Asterisk server at home and connect a cellphone using Wireguard. It costs ~0.5$ US per month to get nearly unlimited everything. Calls and SMS work just fine. The problem is always mobility. You need either Wifi or some of those odd reseller brand ultra cheap pre-paid plans (like "1$ for the first 200mb" plans). Then you need to make sure only the voice/sms is allowed to use the data and you get a 2$ nationwide working cellphone. You can also share someone else plan by having them leaving their Phone wifi hotspot on.
As for reliability, well, that's your problem now, good luck!
> point some metal out of their window and the neighborhood would be happy?
