Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Can I use grapheneos or flx1 Linux phone to prevent cell tower hacking?
1 point by xrd 7 months ago | hide | past | favorite | 5 comments
Lots of interesting discussions about cell phone networks lately.

Cache of devices capable of crashing cell network is found in NYC

https://news.ycombinator.com/item?id=45345514

Fake cell phone towers ICE is using to track people

https://www.forbes.com/sites/the-wiretap/2025/09/09/how-ice-...

And, at the same time, interesting conversations about linux phones, like GrapheneOS (de-googled android) and FLX1s (pure Linux phone):

https://news.ycombinator.com/item?id=45312326

My question is: are any of these alternatives helpful against these kinds of novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?

If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature:

  The authenticity of host '100.64.0.46 (100.64.0.46)' can't be established.
  ED25519 key fingerprint is SHA256:yE4jh7gROroduLqbIFcInlUXrpDy8JIpJPc+XvtIpWs.
  This key is not known by any other names.
  Are you sure you want to continue connecting (yes/no/[fingerprint])?
Once I accept that sshd endpoint, I know my ssh client will protect me if the sshd changes and I'm experiencing a MITM.

Could we do the same thing with a cell tower and not jump to it unless it was approved manually and a signature of that tower was stored for future connections?

It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety.



You aren't allowed to control the software running on the baseband or SIM card, even with GrapheneOS on Pixel, or FLX1. With the PinePhone you can control the ARM processor within the baseband, but you can't control the Hexagon processor.

https://github.com/the-modem-distro/pinephone_modem_sdk/


Fascinating comment. I clicked that link and don't see anything in that readme regarding baseband. I'm very interested to understand more about that term. I was not aware that a SIM is actually executing code.

I had to come back and edit this comment. What about an eSIM? No physical SIM at all, so this would have baseband in software, right? Can these open source phones provide better control that way?


Here modem == baseband. The SIM is separate to the baseband. SIM cards run their own OS that can run software from carriers, look at osmocom.org research for more. An eSIM is still a physical device, just soldered onto the motherboard, but still separate to the baseband. The baseband is always software running on hardware, its just not yours to control, and very complex to reimplement even if you had control. Apple only just managed to replace Qualcomm basebands with their own version recently, and they had to make their own baseband processors to be able to do that.


Great stuff, thanks so much.


And, right on time, this article about baseband and the "Horribly scary SIM farm"

https://cybersect.substack.com/p/that-secret-service-sim-far...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: