问HN:我可以使用GrapheneOS或FLX1 Linux手机来防止手机塔黑客攻击吗?
最近关于手机网络的讨论非常有趣。<p><i>在纽约发现了一批能够干扰手机网络的设备</i><p>https://news.ycombinator.com/item?id=45345514<p><i>ICE用于追踪人们的假手机信号塔</i><p>https://www.forbes.com/sites/the-wiretap/2025/09/09/how-ice-...<p>与此同时,关于Linux手机的讨论也很有意思,比如GrapheneOS(去谷歌化的安卓)和FLX1s(纯Linux手机):<p>https://news.ycombinator.com/item?id=45312326<p>我的问题是:这些替代方案是否能对抗这些新型攻击?如果你使用的是像T-Mobile这样的普通网络提供商的手机,有什么方法可以防止手机尝试连接到假网络?<p>如果我控制整个手机网络栈,就像使用FLX1s那样,那么我是否可以实现类似SSH初始连接签名的机制:<p><pre><code> 无法确认主机 '100.64.0.46 (100.64.0.46)' 的真实性。
ED25519 密钥指纹为 SHA256:yE4jh7gROroduLqbIFcInlUXrpDy8JIpJPc+XvtIpWs。
此密钥没有其他名称。
您确定要继续连接吗(是/否/[指纹])?
</code></pre>
一旦我接受了这个sshd端点,我知道如果sshd发生变化并且我遇到中间人攻击,我的ssh客户端会保护我。<p>我们能否对手机信号塔做同样的事情,只有在手动批准并存储该塔的签名以供未来连接时,才连接到它?<p>在我到达新城市时,接受一个新的手机信号塔可能会有点麻烦,但我可以想象同步一个经过信任的白名单手机信号塔(哈哈,当我想到这一点时,“信任”的整个概念真是可笑)。不过,至少我会更清楚自己何时被监视。而且,我可以说“今天不行,ICE!”或者“tmobile,我不知道,请给我我的HN更新,我甚至不在乎你知道我意识到我的政府在追踪我,尽管我在支付服务费!”我敢打赌,托管在GitHub上的白名单更新速度会比T-Mobile安装新的手机信号塔快,这样隐私爱好者就可以增强自己的安全性。
查看原文
Lots of interesting discussions about cell phone networks lately.<p><i>Cache of devices capable of crashing cell network is found in NYC</i><p>https://news.ycombinator.com/item?id=45345514<p><i>Fake cell phone towers ICE is using to track people</i><p>https://www.forbes.com/sites/the-wiretap/2025/09/09/how-ice-...<p>And, at the same time, interesting conversations about linux phones, like GrapheneOS (de-googled android) and FLX1s (pure Linux phone):<p>https://news.ycombinator.com/item?id=45312326<p>My question is: are any of these alternatives helpful against these kinds of novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?<p>If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature:<p><pre><code> The authenticity of host '100.64.0.46 (100.64.0.46)' can't be established.
ED25519 key fingerprint is SHA256:yE4jh7gROroduLqbIFcInlUXrpDy8JIpJPc+XvtIpWs.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
</code></pre>
Once I accept that sshd endpoint, I know my ssh client will protect me if the sshd changes and I'm experiencing a MITM.<p>Could we do the same thing with a cell tower and not jump to it unless it was approved manually and a signature of that tower was stored for future connections?<p>It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety.