We have moved to a new Sailfish OS Forum. Please start new discussions there.

Request: OTA SMS Notifier/Approver [answered]

asked 2014-01-10 00:17:27 +0300

CraigA gravatar image

I think it would be a very good idea for Sailfish users to be able to take back control over messages sent by our SIM cards. Awhile back mobile phones used to request user's permission for the SIM card to send an SMS; something in the form of "The SIM card wishes to send an SMS, would you like to authorize this?" This power seems to have vanished.

OTA SMS messages are generally not viewable to users and we normally do not know when this communication is sent or received due to how nearly all phone OS's handle the binary texts in which OTA SMS's are sent. Karsten Nohl of SRLabs gave a very interesting presentation at Black Hat 2013 regarding his team's research into SIM security, and how it is possible to clone SIM cards, track users locations, etc. all through a process that is initiated via a crafted OTA SMS. While (hopefully) many providers have analyzed SRLabs' findings and done their due diligence, it would nevertheless be an asset for users who wish to be aware of the information flowing to and from their phone.

Link to Karsten Nohl's presentation: https://www.youtube.com/watch?v=wBzb-Zx4rsI

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by CraigA
close date 2014-01-10 12:12:39.966067


2 Answers

Sort by » oldest newest most voted

answered 2014-01-10 09:13:00 +0300

marttipiirainen gravatar image

Thanks for a very interesting question, Craig. I have been following Karsten Nohl's work for a while, you can find a full slideset (not from BlackHat 2013 but from OHM 2013) at [1].

I think you are mixing two related but slightly different topics:

  • SR Labs have found a security issue in SIM card implementations, which is based on specially crafted messages sent from the network to the SIM card and the phone. This is a vulnerability in the SIM card (not the phone), and can and should be mitigated by the network operators (by configuring the network to disallow the fallback to weak crypto in some error cases, or simply by issuing newer SIM cards). Operators here in Finland have made some public statements ([2], in Finnish) last summer.

  • Your proposal is about messages sent from the SIM card and the phone to the network. It is true that some old phones had an option to confirm/reject these messages - but only under some circumstances! The Card Application Toolkit specification by ETSI [3], section 6.4.10 'SEND SHORT MESSAGE', specifies some cases where "the terminal should not give any information to the user on the fact that the terminal is sending a short message". Any sort of "evil" SIM application obviously would chose the parameters so that nothing should show up in the phone's UI.

Your proposal would not have an effect on the "SIM Rooting" found by SR Labs. And in order to have any real impact on security or the user "taking control", it would need to go further than any old phones (that I know of), and would need to go further than the ETSI specification allows.

[1] https://srlabs.de/blog/wp-content/uploads/2013/08/130803.SRLabs-SIM_card_exploitation-OHM.pdf

[2] http://www.mtv.fi/uutiset/it/artikkeli/dna-lla-ja-elisalla-ei-haavoittuvia-sim-kortteja---soneralla-voi-olla-/1797918

[3] http://www.etsi.org/deliver/etsi_ts/102200_102299/102223/08.08.00_60/ts_102223v080800p.pdf

edit flag offensive delete publish link more



Thank you for the detailed, cited answer and for taking the time to correct my misconceptions.

CraigA ( 2014-01-10 12:12:28 +0300 )edit

answered 2014-01-24 13:56:48 +0300

marsch gravatar image

It would still be interesting to have an API to run the ETSI specified cases in a non-default mode. After all, silent SMS also used for out-of-spec reasons to violate user privacy. I see a parallel with MAC addresses, which weren't supposed to be configurable, though this is commonplace nowadays.

edit flag offensive delete publish link more

Question tools



Asked: 2014-01-10 00:17:27 +0300

Seen: 447 times

Last updated: Jan 10 '14