since defcon 18 there is a lot of buzz around the old problem of encryption during a call.

i was browsing though the GSM specs and in the doc "GSM 02.07" section B.1.26, it is specified that a mobile handset should be able to show an indication if the call is encrypted or if the encryption is disabled by the base station.

is it possible to obtain that information on the n900?

It will be interesting to know?

But encrypted or not your call can be listened by hackers/security agencies.

i think it is important, the openmoko freerunner has this feature. and it is in the GSM spec that every GSM phone should be able to display the indication.

you are absolutely right, the only effective countermeasure is to take out the battery.

You can't break encryption between the handset and the tower in real time - takes a while to brute force - if you're a 3 letter agency then I can think of more than a few reasons why this would be the better method, otherwise...

The microwave links between cell towers and the exchange are bog standard E1's and T1's mostly, though I have seen a few E2's, E4's and T2's in my travels.

For about $1000 USD you can build yourself a nice little system to listen in on phone calls and internet - add a couple extra $thousand (give or take) if you want a very basic spectrum analyzer - a few hundred thousand if you want something nice : )

These days there is a ton of software to help you out, plenty of manufacturers happy to sell you CEPT analyzers that plug right in your PCI port. Wireshark and similar utilities will bust open the packet switched stuff for you too.

There are only a very small handful of networks that don't do encryption - most phones will only pop up a message if the network is not encrypted. Probably only Nokia know what happens with the N900 in this regard.

The problem is that GSM does not provide integrity - hence this defcon example of building a fake basestation which the UE can camp on. I'm unaware of the gsm sect regarding display of ciphering status, I don't think there is a straight forward way of reading whether UE has ciphering active/is in confidential mode on the N900. The only possible way is to read FTDs but the celluar component would have to built with R+D mode on and thats definately not the case at the moment..

thats the point.

since we all know the A5/1 can be broken by brute force or in near realtime with a rainbow table.
there is another cipher in use, the A5/3. karsten nohl did a speech about that at the 26C3, take a look at the slides http://events.ccc.de/congress/2009/F...s/3654.en.html or even better, if you have 60 min spare time, watch the video and A5/1 and A5/3 share the same keys as starting vector for the cipher ...

I don't know if there is some programmatic method, but the N900 does not seem to provide any onscreen indication that an unciphered call is in progress. I tried both uk-voda and the generic firmware.

Indication can be turned off by the operator in the simcard settings, but it is enabled in the simcards I was using.