• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    19
    ·
    1 year ago

    Never going to be enough, use a VPN, and only use end to end encryption for calls…

    Or use a VOIP service like google voice for the calls, at least force your monitors to get a warrant to google, make them do some leg work

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        5
        ·
        1 year ago

        I’m confused. How would this not defeat a stingray? They would know your phone is there. But they wouldn’t see who you’re talking to, they wouldn’t hear your phone call, they wouldn’t see your encrypted messages. They wouldn’t see the traffic on your phone. What’s left?

        • 4am@lemm.ee
          link
          fedilink
          English
          arrow-up
          10
          ·
          1 year ago

          Your IMEI, your carrier IP, your packet timing, any DNS your phone leaks, the IP of your VPN endpoint, your transmitter chipset, your likely OS kernel, any unreleased zero-days known to them (and maybe an exploit for them), and also a way to ack TCP packets it never intends to forward in order to sever your connection while letting your device keep taking for as long as possible, which might buy them a little extra time before you realize they’ve captured your session and cut you off.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            7
            ·
            1 year ago

            Everything you said is true, but that is a reduced surface area versus the scenario where you’re sending your traffic naked over the wire. Including your voice traffic. Using a VPN while attached to a stingray is strictly a smaller risk surface.