They can't listen to your calls without cracking the keys shared between the phone company and your phone...though I do remember reading a while back that "someone" managed to steal the list from sim card manufacturers on more than one occasion.
That is not true. Stingray's are cell towers and phones trust them. The device just downgrades to A5/2 (export grade) encryption, or broadcasts that it does not support encryption at all.
Seems like a huge oversight to not let SIM cards disable certain types of encryption (that it knows the home network will never use). IIRC this is how downgrade attacks are prevented in EMV - the chip card will reject known-broken auth methods.
The FCC takes a dim view on 911 call failures. All phones must support disabling GSM encryption as a fail safe. Never disabling encryption would be “fail secure” (like door locks that remain locked during a power outage).
Emergency calls already have a bunch of exceptions that don't apply to regular traffic (e.g. you can use any network, heck you don't even need a SIM card) so allowing only those to be unencrypted shouldn't be too much of a stretch
> though I do remember reading a while back that "someone" managed to steal the list from sim card manufacturers on more than one occasion.
To avoid getting folks too worried about it being a widespread issue, this occurred for specifically targeted MENA-based cellular carriers, as I recall.
