HACKER Q&A
📣 xrd

Can I use grapheneos or flx1 Linux phone to prevent cell tower hacking?


Lots of interesting discussions about cell phone networks lately.

Cache of devices capable of crashing cell network is found in NYC

https://news.ycombinator.com/item?id=45345514

Fake cell phone towers ICE is using to track people

https://www.forbes.com/sites/the-wiretap/2025/09/09/how-ice-...

And, at the same time, interesting conversations about linux phones, like GrapheneOS (de-googled android) and FLX1s (pure Linux phone):

https://news.ycombinator.com/item?id=45312326

My question is: are any of these alternatives helpful against these kinds of novel attacks? If you are on a phone using a network vanilla provider like tmobile or otherwise, is there any way to prevent your phone from trying to connect to a fake network?

If I controlled the entire cell phone stack, like I would with FLX1s, then could I have something like the ssh initial connection signature:

  The authenticity of host '100.64.0.46 (100.64.0.46)' can't be established.
  ED25519 key fingerprint is SHA256:yE4jh7gROroduLqbIFcInlUXrpDy8JIpJPc+XvtIpWs.
  This key is not known by any other names.
  Are you sure you want to continue connecting (yes/no/[fingerprint])?
Once I accept that sshd endpoint, I know my ssh client will protect me if the sshd changes and I'm experiencing a MITM.

Could we do the same thing with a cell tower and not jump to it unless it was approved manually and a signature of that tower was stored for future connections?

It would be a bit of a pain to accept a new cell tower when I'm in a new city, but I could imagine syncing a whitelisted trusted set of cell phone towers (ha, when I think of that the whole idea of "trusted" is laughable). But, at least I would have more insight into when I am getting surveilled. And, I could say "not today ICE!" or "tmobile, idk, please give me my HN fix, I don't even care if you know I'm aware my government is tracking me as I pay the service fee!" I bet a whitelist hosted on github would be faster to update than tmobile installing new cell phone towers so privacy enthusiasts could enable their own safety.

  👤 bigyabai Accepted Answer ✓
> is there any way to prevent your phone from trying to connect to a fake network?

If you're looking at this as a software problem, I'd argue you're looking at it wrong. The feds can (and will) go to more extreme lengths than a Stingray attack to MITM your smartphone traffic, mitigating one class of abuse absolutely won't protect you from the rest.

Look at it this way - by connecting to any cellular network, you're putting a shitton of faith in the network operator. Most people who worry about this will purchase a smartphone with a modem killswitch, or eschew smart-devices altogether. It's not really feasible to use mobile data while blocking the other sigint consequences.