warn user about unencrypted GSM/UMTS-Connection
asked 2014-01-17 00:43:24 +0200
GSM has seen a lot of security breaches in the past (A5/1 is no longer considered secure), and independent research has shown that there are a lot of problems in the GSM standard. I know that the Jolla can't fix all of them, but it would be nice to warn the user if the connection is not encrypted at all (typical sign for the usage of an IMSI-Catcher).
It would also be nice to to see what cipher is in use at the moment (This should be an option to turn on, not everybody is interested in that information).
The time passed. Whether there is such an option, or will it?
Mobile-ID with SIM toolkit is'nt here for override this issue and secure transaction/secure SIM for mobile payment of services market mobile by prepaid/postpaid phonebill ?
redge73 ( 2014-01-17 01:03:16 +0200 )editI don't know the details of Mobile-ID, and I never had to deal with mobile payment. Mobile-ID may help to authenticate the phone/SIMcard over an insecure, unencrypted connection, but it doesn't help with unencrypted voice calls. This question is covering the encryption of data and voice connections.
Cmdr_Zod ( 2014-01-17 01:30:31 +0200 )editThe only way to ensure secure voice communications is to use encrypted SIP services on both ends over IP and mask the route using TOR. Any corporate provided encryption like GSM could have backdoors in it. Richard
richardski ( 2014-01-17 10:11:50 +0200 )editOf course, but warning the user when there is no encryption at all is better than nothing.
Encrypted SIP over TOR over EDGE/UMTS is probably unusable because of the high latency.
Cmdr_Zod ( 2014-01-17 19:47:29 +0200 )editHei,
There is a solution for low latency, higly encrypted calls between two Jolla phones: http://shop.xxlsec.com/products/scb-terminal
LVPVS out.
LVPVS ( 2015-09-07 09:34:04 +0200 )edit