Encrygma: Why Your Smartphone is already under surveillance?
Updated: Jul 5
LEAVE NO TRACE
RISKS ASSOCIATED WITH GSM NETWORK
The risks to privacy when using a mobile phone on the GSM network consist of the following:
Intercepting your calls
Identifying your location (both present & historical)
Identifying your credentials & social circles (name, address, call history from records held by network providers)
You would think the name Encrypted SIM card means the main defense provided by the SIM cards is simply by encrypting your calls however the reality is the SIM cards work by utilizing a series of strategies since the attack vectors are numerous & varied in approach. If we implemented a single solution the cards would offer very little real value in protecting you.
We breakdown each risk below & highlight how our technology mitigates or removes these risks. Do not be fooled into thinking there is a silver bullet for protecting yourself on the GSM network. If your SIM card doesn't provide these features you need to ask why.
INTERCEPTING YOUR CALLS
Mobile phones connect to the phone network by connecting to the mobile cell tower emitting the strongest signal. This acts as your gateway for communications & the mobile cell tower actually has a significant amount of control over your call. For example, when a call is made, it is the cell tower that instructs your phone to encrypt the call. It even tells the phone which encryption standard to use & worryingly your phone will agree to these instructions without any security checks (this is a fundamental design failure within the entire mobile phone infrastructure)
Authorities can eavesdrop quite easily on mobile phone calls by using a device called an IMSI Catcher. This device pretends to be a mobile phone cell tower & your phone will connect to it simply because it spoofs the handset into thinking it is the strongest signal. Once the phone has connected to the IMSI Catcher, the device can instruct your phone to use no encryption thus rendering your call completely open for listening into. It is a classic man in the middle attack.
We deploy a number of strategies to defend against this; chiefly:
The SIM card is programmed to avoid connecting to the strongest cell tower; meaning it will not connect to an IMSI Catcher - this completely mitigates the risk associated with interception & encryption removal.
The majority of IMSI Catchers cannot intercept incoming calls - a key feature of our SIM cards is that when you dial a number, the SIM card connects to a virtual switchboard in Russia which then disconnects the call & then calls you back. Whilst this is transparent to you (the process happens in a split second & end users have no awareness of this process) it is another mitigating strategy.
Finally, your call can be intercepted without the use of an IMSI Catcher. In these scenarios, the call encryption is enough to prevent the call from being deciphered.
However, to ensure you can communicate to anyone using encryption, we have to utilize technology native to all phones, which is A5/1 encryption. In certain circumstances, this encryption standard can be broken & deciphered but not in real-time. We mitigate this risk by disconnecting calls after 7 minutes.
So, hopefully, you can see there is much more going on than encrypting a call to protect your privacy - we actually employ a number of tactics specifically designed to de-risk, mitigate or defeat any attack.
Furthermore, due to the call back feature it is actually impossible to prove a call ever took place (once you factor in number substitution & inability to identify location).
IDENTIFYING YOUR LOCATION (BOTH PRESENT & HISTORICAL)
Another privacy threat is being able to identify your location from cell tower data. With a standard SIM card, a number of markers are provided tying the phone to you & your location. Again we use a series of strategies to render this impossible & tactics used include:
Your SIM card doesn't broadcast an IMSI number (this is your phone number)
Your IMEI number is not broadcast
We connect to a random cell tower, not the strongest signal, meaning you can't triangulate the position of the phone
There is no billing information to cross-reference
Our servers also encrypt any geolocation data residing in the call.
So besides protecting your call contents, we also protect your location, an important factor for many investigations.
IDENTIFYING YOUR CREDENTIALS, PHONE USAGE & SOCIAL CIRCLES (NAME, ADDRESS, CALL HISTORY FROM RECORDS HELD BY NETWORK PROVIDERS)
Obviously, the lack of records means no paper trail can be traced back to you from any calls however we provide a much more significant level of anonymity. Authorities can establish every device a SIM has been used in by merit of the IMSI number broadcast whilst an IMEI can be used to identify every SIM which has been used in a phone. Since our SIMs present, neither number these risks are mitigated.
Since all calls originate from a virtual switchboard, it is impossible to trace a call back to you & the recipient's call logs to show a random number thanks to number substitution. Finally, to further muddy the waters, we employ voice modulation to prevent voice identification.
7 views0 comments