warn user about unencrypted GSM/UMTS-Connection

asked 2014-01-17 00:43:24 +0300

Cmdr_Zod gravatar image

updated 2015-09-07 06:36:13 +0300

Jfish gravatar image

GSM has seen a lot of security breaches in the past (A5/1 is no longer considered secure), and independent research has shown that there are a lot of problems in the GSM standard. I know that the Jolla can't fix all of them, but it would be nice to warn the user if the connection is not encrypted at all (typical sign for the usage of an IMSI-Catcher).

It would also be nice to to see what cipher is in use at the moment (This should be an option to turn on, not everybody is interested in that information).

The time passed. Whether there is such an option, or will it?

edit retag flag offensive close delete


Mobile-ID with SIM toolkit is'nt here for override this issue and secure transaction/secure SIM for mobile payment of services market mobile by prepaid/postpaid phonebill ?

redge73 ( 2014-01-17 01:03:16 +0300 )edit

I don't know the details of Mobile-ID, and I never had to deal with mobile payment. Mobile-ID may help to authenticate the phone/SIMcard over an insecure, unencrypted connection, but it doesn't help with unencrypted voice calls. This question is covering the encryption of data and voice connections.

Cmdr_Zod ( 2014-01-17 01:30:31 +0300 )edit

The only way to ensure secure voice communications is to use encrypted SIP services on both ends over IP and mask the route using TOR. Any corporate provided encryption like GSM could have backdoors in it. Richard

richardski ( 2014-01-17 10:11:50 +0300 )edit

Of course, but warning the user when there is no encryption at all is better than nothing.

Encrypted SIP over TOR over EDGE/UMTS is probably unusable because of the high latency.

Cmdr_Zod ( 2014-01-17 19:47:29 +0300 )edit


There is a solution for low latency, higly encrypted calls between two Jolla phones: http://shop.xxlsec.com/products/scb-terminal

LVPVS out.

LVPVS ( 2015-09-07 09:34:04 +0300 )edit