Citizenlab has produced a report explaining how surveillance actors can exploit vulnerabilities in phone networks to send malicious signaling messages to target phones to forcibly reveal their position back to the actor. GrapheneOS already has a FAQ on cellular tracking but it regards tracking by the own ISP, not third parties. I'm wondering whether GrapheneOS could include toggles to block this kind of messages.
Titan_M2 While I don't know how, they're saying GrapheneOS already protects us from third party threats through the measures they've taken against the threat of bad ISPs.
DeletedUser29 I don't think it does address this threat otherwise it would be in the features page. I also think that protection couldn't be enabled by default due to possibility of breakage and thus would be a toggle.
Having skimmed through your article it sounds to me like the problem is that all networks are insecure by design and it is up to the lawmakers, carriers and other operators to improve their security. GrapheneOS already assumes all networks are bad and have implemented all effective measures against that it can, including, as per @Hulk's bear-simile, the issues in the article.
And as for targeted malicious signaling messages, doesn't the last paragraph cover that specifically?
Receiving a silent SMS is not a good indicator of being targeted by your cell carrier, police or government because anyone on the cell network can send them including yourself. Cellular triangulation will happen regardless of whether or not SMS texts are being sent or received by the phone. Even if an SMS did serve a useful purpose for tracking, a silent SMS would be little different than receiving unsolicited spam. In fact, sending spam would be stealthier since it wouldn't trigger alerts for silent SMS but rather would be ignored with the rest of the spam. Regardless, sending texts or other data is not required or particularly useful to track devices connected to a network for an adversary with the appropriate access.
Airplane mode is the only way to avoid the cellular network tracking your device and works correctly on the devices we support.
GrapheneOS already assumes all networks are bad and have implemented all effective measures against that it can
Can you specifically explain what measures has GrapheneOS taken? Obviously GrapheneOS encrypts and authenticate every connection to their server but this threat is not about confidentiality of content.
doesn't the last paragraph cover that specifically?
No, it's different, dive into the details. Here's an excerpt:
In cases of active attacks, a domestic or foreign surveillance actor uses software to issue signaling messages which are directed at the target user’s mobile phone identity (commonly the IMSI) by manipulating the network signaling data to trigger a response from the target user’s home network. Such surveillance measures can be used to facilitate other communications interception, location disclosure, or service interruption.
What are “signaling messages”?
Nope, I don't have the faintest idea. That is completely beyond my purview and I'll stop participating here since I evidently have nothing to contribute and would only waste our time. I thought there was a communication problem I could help clear up, but since you're looking for an actual technical answer -- unlike me who operate predominantly on trust for the GrapheneOS team -- hopefully someone on the team has time to answer you properly.
I wish you a good weekend mate.
Its up to lawmakers and regulatory bodies to force mobile carriers to secure their networks; to enable "signaling firewalls" as the article points out.
Not connecting to mobile networks by enabling airplane mode, relying on public Wi-Fi and using encrypted communications is the best option available to avoid being tracked.
