Reply
Thread Tools
Posts: 86 | Thanked: 28 times | Joined on Jan 2010 @ That beer and prezels country in Europe -_-
#1
Hi,

is there any chance of getting cellular network info regarding encryption out of the phone? I've read some threads about using dbus to get cell-id, country code, etc, and this is working, is there a similar procedure?

Afaik should the phone display a lock somewhere if encryption is enabled, but most providers seem to disable this function in the sim-card itself.


Thanks in advance,
Renkon
 

The Following User Says Thank You to Renkon For This Useful Post:
Posts: 36 | Thanked: 28 times | Joined on Nov 2009 @ Hungary
#2
AFAIK the standard encryption used by GSM is A5. I've read an article at darkreading.com about hacking A5 with a ~250$ radio device on the fly, so you're not secure with A5. There has to be an app to monitor GSM data (probably the new version of the old field test menu present in old Nokias), but most likely it won't be available for public. However, if you do need to check such things, i'd go for activating R&D mode and looking around what can be achieved, but you'll be on your own on that road.
 

The Following User Says Thank You to Z0l For This Useful Post:
epninety's Avatar
Posts: 269 | Thanked: 1,096 times | Joined on Sep 2009 @ Hampshire, UK
#3
The normal behaviour is for the phone to present an indicator of some sort if encryption is turned OFF, but as you say, this default can be turned off in the SIM programming. AFAIK this is only normally done in countries where encryption isn't used.

Dave
 

The Following User Says Thank You to epninety For This Useful Post:
epninety's Avatar
Posts: 269 | Thanked: 1,096 times | Joined on Sep 2009 @ Hampshire, UK
#4
I just connected my N900 to a MS test system and placed a call to it (which should be unencrypted). I didn't see any new indicators on the screen. Unfortunately I don't have any other mobiles here to try a comparison. I know the 'insecure' indicator on my Siemens mobiles, I will try to bring one of those into the office tomorrow.
 

The Following User Says Thank You to epninety For This Useful Post:
Posts: 86 | Thanked: 28 times | Joined on Jan 2010 @ That beer and prezels country in Europe -_-
#5
Here in Germany encryption (A5/1) is enabled by default, however, as stated at the 26C3 (a computer security conference), it is possible to build a system to eavesdrop on some one for very low costs and get SMS and calls (eg. from your bank) recorded.

This involves simulating a rogue cell that tells your phone to connect to AND disable encryption (that'd be A5/0).
German network providers usually disable the "you're unprotected" icon. God knows why...

Since we cannot do anything against passive decryption of the network traffic, there should be some countermeasures against active attacks like:

- your home cell sending a signal thats up to 50% stronger than usual (that's possible with what I've read, because the cell-id is unique and signal strength can be read via dbus easily)

- your phone establishing an unencrypted connection to the network.

epninety: Thanks for your testing efforts. I'm looking forward to that.
 

The Following User Says Thank You to Renkon For This Useful Post:
Posts: 251 | Thanked: 70 times | Joined on Nov 2009
#6
Actually you can do passive decryption only if some preconditions are met: it requires significant amount of data (a minute or so of reliably received voice frames) and *a lot* of disk space (petabyte[s]). And you cannot decrypt SMS this way.
But if encryption is a5/2 it is still called "encryption" though actually it is just a joke ;-)
 

The Following User Says Thank You to arkanoid For This Useful Post:
Posts: 86 | Thanked: 28 times | Joined on Jan 2010 @ That beer and prezels country in Europe -_-
#7
@arkanoid: The rainbow tables used for decryption are currently distributed via P2P and yes, it requires petabytes to store them, but this is done via cheap usb sticks and cascading usb-hubs...

It is more likely to encounter an active attack than a passive one, for these reasons. It's just simpler to do. And someone would still be able to catch SMS through that, because they're the network.

PS: A5/3 is already on it's way to be broken or being exploited because it shares the same keys as an A5/1 connection. They called that weakest-link approach or something like that.

Last edited by Renkon; 2010-01-04 at 21:19.
 

The Following User Says Thank You to Renkon For This Useful Post:
Posts: 251 | Thanked: 70 times | Joined on Nov 2009
#8
You are right. But active attack could be detected, unlike passive one. That's the point why encryption and cell status might be useful ;-)

It might be useful even to provide interventing warning like "the call cannot be secured, do you want to continue the connection"?

Last edited by arkanoid; 2010-01-04 at 21:21.
 

The Following User Says Thank You to arkanoid For This Useful Post:
Posts: 86 | Thanked: 28 times | Joined on Jan 2010 @ That beer and prezels country in Europe -_-
#9
Something like that. Or a widget for the desktop.
But to archieve this, we need a sort of indicator for unencrypted connections. As for now there seems to be no consumer phone that would have a similar ability
 

The Following User Says Thank You to Renkon For This Useful Post:
Posts: 251 | Thanked: 70 times | Joined on Nov 2009
#10
BTW i hope n900 to be the first smartphone to support SRTP without the need of buying several-hundred-bucks questionable software (if you are willing to spend several hundreds for voice encryption, stating that aloud *is* asking for trouble, the point of "encryption for masses" is that it should not be something very special in the fact you are using encryption ;-)
 

The Following User Says Thank You to arkanoid For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 10:58.