www.jmeds.
eu
Enabling the Ciphering Indicator on Android
Felician ALECU, Paul POCATILU
Department of Economic Informatics and Cybernetics
The Bucharest University of Economic Studies, Romania
ROMANIA
felician.alecu@ie.ase.ro, ppaul@ase.ro
Abstract: This paper exemplifies the use of AT commands to retrieve (and eventually override) the ciphering
indicator status on Android by directly communicating with the phone modem. Curiously, his indicator is disabled
by default both at operating system level and SIM card settings. By turning it on, the mobile handset will inform
the user each time the communication becomes unencrypted, so a proper decision could be made just in time.
Key-Words: GSM encryption, IMSI catcher, A5, Ciphering Indicator, SIM, AT Commands.
1. Introduction Identity) catcher is described the
architecture and the components of fake
One of the most globally used cellular service that intercepts all incoming and
networks are based on GSM standard. outgoing generated traffic.
Generally speaking, the GSM The section Spoofing a GSM Network
communication is encrypted, but there are presents the mechanisms used to
networks that do not support encryption intercept the communication in a GSM
and it will be relative easier for a third network.
party to intercept the traffic. As GSM The section, Turning off the GSM
specification states that the users has to Encryption, focuses on current
be aware of such kind of communication. implementation of ciphering indicators on
Also, even the communication is mobile devices.
encrypted, researchers and practitioners The last section, Obtaining the SIM
manage to break the ciphers. Ciphering Indicator status on Android,
This is why the security of mobile and presents a practical method to access the
wireless traffic is a very important issue SIM cards parameters using AT
that affects billions of users worldwide. commands on Android phones, connected
This complex topic is approached in as modems.
numerous papers such as [6], [7] and The paper ends with conclusions and
[8]. The researches focus on certain future work.
aspects of mobile and wireless
communication security. 2. GSM Service
In this respect, the paper aims to present
the most relevant researches related to GSM was launched as a service in 1991
this field. but its development started in 1982 with
The paper is structured as follows. the intention of replacing the incompatible
Section GSM Service presents a short cellular systems from Europe. Today it is
description of GSM architectural spread all around the globe, being the
components. most used standard for cellular devices
GMS Security section aims to presents the worldwide. Compared with CDMA, GSM
security issues related to GSM networks, networks counts over 60% of the market
including encryption algorithms for data worldwide, with significant differences in
and voice. America and Europe.
In IMSI (International Mobile Subscriber
52
Journal of Mobile, Embedded and Distributed Systems, vol. VI, no. 2, 2014
ISSN 2067 – 4074
Figure 1. The Simplified GSM Architecture
The GSM architecture (Figure 1) consists cases;
of the following devices: A5/1 – original encryption algorithm
Mobile phones – in order to function used in Europe;
properly, each GSM device is using a A5/2 – a weaker version created for
Subscriber Identity Module (SIM) that export (and used in USA);
is removable, so it can be used on A5/3 – stronger version used by 3G
several devices (but not in parallel, of networks.
course). Duplicate SIM cards are not A5/1 is the most used encryption
allowed to operate into any GSM algorithm today because it is preferred
network. Also, a phone cannot be used over the 2G networks while most of the
for voice or data transfers without phones are still containing 2G only options
having a SIM card installed; to be used to preserve the battery life
Base stations – are usually connecting while the mobile device is not performing
the users of mobile phones with the any data traffic.
fixed networks by an air interface. Even if the A5/1 algorithm specifications
In [7] is presented a more detailed were initially secret, it was disclosed in
architecture of GSM networks. 1999 by the use of reverse engineering.
The SIM card stores the user IMSI Successful attacks over the A5/1 were
(International Mobile Subscriber Identity) reported in the past years [13], so a good
that is sent to the base station when the option for self-protection is to avoid using
phone wants to connect to the GSM 2G networks at all since the 3G is
network. Actually, this identifier can be providing a much better protection for the
captured by a fake base station that can voice, text and data transfers [12]. But,
intermediate the entire traffic between the setting such an option seems to be not an
mobile device and the real provider base easy task. For Android, for example, the
stations. Fortunately, this traffic is 2G connections only option is listed right
encrypted by using specific algorithms under the settings while the feature of
(see below). allowing only 3G or upper links is deeply
hidden under a special set of options
3. GSM Security (called testing menu) that cannot be
accessed very easy.
Due to the use of an air interface, the So, to disallow 2G connections on an
GSM communications are considered as Android phone, the user has to [4]:
being less secure than wired networks, so dial a special code, *#*#4636#*#*
the traffic is encrypted by using dedicated that is opening Android testing menu
algorithms. In order to be able to go to the phone information
encrypt/decrypt data on the fly, any locate the set preferred network type
mobile phone has a built in A5 encryption option and set it to WCDMA only. Each
algorithm implemented directly at time the phone is restarted, the option
hardware level. will go back to default. Also, in areas
There are several versions of the A5 where no 3G is available, the phone
algorithm, as follows [14]: will be simply out of connection, so
A5/0 – no encryption at all, for the user has to access again the
example there are countries where special menu to modify the settings.
encrypting the phone calls is illegal, so This seems quite complicated while the
the A5/0 is a good option in these opposite option, choosing a less secure
53
www.jmeds.eu
connection, is directly accessible from the
settings menu and checking it is very 4. IMSI (International Mobile
tempting simply because it says it saves
the battery life (Figure 2).
Subscriber Identity) catcher
Since a mobile device should authenticate
to the network while the network should
not do the same, it seems pretty clear
Figure 2. 2G/3G selection any device can pretend it represents a
mobile tower acting as a base station
But, as we will see next, such an option intercepting the mobile devices in a totally
could be dictated (overwritten) by the unnoticeable way, so the user of a mobile
base station connecting to. And, if this phone connected to the fake mobile tower
base station is a fake one, the entire has no chance to detect such a situation.
traffic could be intercepted very easy.
Figure 3. IMSI Catcher – a false base station considered as being trusted
The fake tower is placing itself between intercepted waiting for the phone to
the mobile device and the real base authenticate itself. The only issue for such
stations, so the entire incoming and an approach is to simulate the original
outgoing traffic will flow through it (Figure network, actually the user will presume
3). something is wrong if the GSM network
In Romania, the IMSI catchers are used reported on the device screen is suddenly
by the police from 2013 by accessing an changing. So the false tower should
OLAF Hercules2 European funded project identify itself as being a real service
[11] and intelligence agencies to track provider tower which is not very
and intercept mobile communications. complicated since the GSM mobile
IMSI catchers were first introduced by networks are identified by the MCC
Rohde & Schwarz, an electronics company (Mobile Country Code)/MNC (Mobile
having the headquarters in Munich, Network Code) tuples freely available on
Germany. The patent was issued in 1993 the Internet [5]. Table 1 presents the
and invalidated in 2012 because it was MCC/MNC tuples currently available in
considered as being evident. Romania. Since the mobile phones are
trying to connect to the tower providing
5. Spoofing a GSM Network the best signal, the IMSI catcher will
always be preferred and the device will
Usually the mobile catcher is placed wrongly presume the network trying to
nearby the location of the phone to be connect to, is a trusted one.
Table 1. Romanian MCC/MNC tuples
54
Journal of Mobile, Embedded and Distributed Systems, vol. VI, no. 2, 2014
ISSN 2067 – 4074
MCC MNC Brand Operator Status
226 01 Vodafone Vodafone Romania Operational
226 02 Romtelecom Romtelecom Operational
226 03 Cosmote Cosmote Romania Operational
226 04 Cosmote/Zapp Cosmote Romania Not operational
226 05 Digi.Mobil RCS&RDS Operational
226 06 Cosmote/Zapp Cosmote Romania Operational
226 10 Orange Orange Romania Operational
Now all the traffic (voice, messages, data, Ciphering itself is unaffected by this
etc.) is flowing through the false tower feature, and the user can choose how to
but in an encrypted way, so there is not proceed.”
possible to determine the real meaning of Mobile phones are supposed to include a
the bits without spending some ciphering indicator, as exemplified in [9].
supplementary work. Unfortunately, only a few mobile phones
are giving such indications to the users.
6. Turning off the GSM For Android, such an issue is opened from
2009 [1] and it is still unresolved, being
Encryption labeled as an enhancement. Also, for
Windows Phone devices this is a feature
After a successfully connection to a GSM
request as seen in [10].
tower, since the phone always assumes
According to the GSM11.11 (Specifications
the network is trusted, the base station is
of the SIM-ME Interface) [18], the SIM
actually dictating the settings to the
content is stored in a special file
mobile device, thus the encryption could
hierarchy, as presented in Figure 4.
simply be turned off by telling the phone
Each file (called EF – Elementary File) is
to disable the GSM encryption. Basically,
identified by a number. For the one we
the false base station can instruct the
are interested in (AD), the number is
mobile device to use A5/0 as encryption
0x6FAD. Currently, the EFAD file has only
algorithm meaning no encryption at all
3 bytes defined, as the following [18]:
will take place during the voice and data
1st – operation mode, like normal,
transfer between the mobile handset and
specific activities, maintenance
the base station (real or fake).
(offline), etc.
In such cases, according to the GSM
00 – normal operation;
specifications, the phone normally should
80 – type approval operations;
warn about using an unencrypted
01 – normal operation + specific
connection but the GSM providers
facilities;
consider such a warning as being
81 – type approval operations +
confusing for the users, so the ciphering
specific facilities;
indication is usually disabled directly from
02 – maintenance (off line);
the SIM card settings.
04 – cell test operation;
So it turns easier to force the phone to
2nd – additional information, like
use an unencrypted connection rather
manufacturer specific data;
than spending some processing
3rd – additional information, including
capabilities to decrypt the A5 algorithm.
the Ciphering Indicator on the bit
Finally it seems there is no need to crack
number one (the right side one).
the code since the encryption can be just
The Ciphering Indicator feature is enabled
turned off without the user being noticed
when bit1 of byte1 is set to 1 (meaning
about.
special facilities are on) and the bit1 of
According to the GSM standard ([2]), “[…]
byte3 is also on (the ciphering indicator is
whenever a connection is in place, which
on).
is, or becomes unenciphered, an
indication shall be given to the user.
55
www.jmeds.eu
Master File
(3F00)
Telecom DF
GSM DF (7F20)
(7F10)
EF Fixed dialling EF SIM Service
numbers (6F3B) Table (6F38)
EF Administrative
EF SMS (6F3C)
(6FAD)
... ...
Figure 4. Excerpt of the SIM file structure
7. Obtaining the SIM Ciphering Unfortunately, these conditions are not
met by the vast majority of mobile
Indicator status on Android phones of our days because the most
popular operating systems are not
Speaking about the Ciphering Indicator implementing the GSM requirement
that must be revealed on the phone’s related to the ciphering indicator and the
display each time the connection is not network operators all over the world are
encrypted, we can easily notice this turning off the feature by the SIM card
feature was not implemented at all for default settings.
most of the mobile oriented operating This is why we can easily assume most of
systems like Android or Windows Phone. the unencrypted GSM calls and data
But, even if such a feature may exists, it transfers are taking place without
can be bypassed by the SIM card settings informing the phone user about the total
because the service provider may decide lack of encryption. Related to the
to disable the warning by setting the vulnerable context of GSM phone/data
corresponding SIM card bits to OFF. By transfer by wireless communication, the
default, the vast majority of the service encryption is crucial, so the user must be
providers are issuing SIM cards having really informed as soon as the data
this feature already turned off, so it encryption is missing for any reason
doesn’t matter if the operating system is (technical or legal limitations).
able to show the warning because the For a few phones in the world (depending
ciphering indicator will simply not appear on the handset and/or the mobile
due to the fact it is disabled at the SIM provider), the ciphering indicator status
card level. (enabled or disabled) can be found out by
So, to be able to display the ciphering dialing a dedicated USSD code –
warning, a phone must meet *#32489#.
simultaneously the following two If the above USSD code is not working,
conditions: the only chance to get the ciphering
the feature must be supported by the indicator status is to query the SIM card
phone’s operating system; content. Even if it sounds really simple,
the indicator must not be disabled by due to the fact the ciphering indicator is
the network operator via the SIM card located in a SIM area with restricted
settings. access (EFAD – Elementary File
56
Journal of Mobile, Embedded and Distributed Systems, vol. VI, no. 2, 2014
ISSN 2067 – 4074
Administrative Data), the operating information (contacts) on the SIM card
system will simply deny any requests memory”. [15].
coming from applications trying to access Unfortunately, there is no API to be used
the Administrative Data section. For to access the Administrative Data
example, Android clearly states that “Low restricted SIM card area.
level access to the SIM card is not Following, we can imagine we can write a
available to third-party apps. The OS dedicated application able to send AT
handles all communications with the SIM commands [16] to the phone modem that
card including access to personal has unlimited access to the SIM card
content.
Figure 5. Device Manager Window with Android Adapter Modem installed
Android restricts the possibility of any be not a very easy task that can only be
application to directly discuss via AT achieved by using a direct connection to
commands with the phone modem: the phone modem that is able to access
“Applications also cannot access AT any SIM card data.
commands, as these are managed When a phone is connected to a Windows
exclusively by the Radio Interface Layer PC, the phone’s modem appears under
(RIL). The RIL provides no high level APIs Device Manager, as pictured in Figure 5.
for these commands.” [15]. To check the modem is working properly,
Without the existence of any API for SIM the Query Modem button of the Properties
card data access (directly or via AT window can be used, as illustrated in
commands), checking and eventually Figure 6.
enabling the ciphering indicator seems to
57
www.jmeds.eu
Figure 6. Android Adapter Modem Properties window
Since the Android Adapter Modem is
connected on COM14, we can use a
terminal application (like the standard
HyperTerminal) to directly send AT
commands to the phone’s modem using
that port as seen in Figure 7.
Figure 8. AT CRSM command results
Since the bit1 of 3rd byte is 1, we may
presume the ciphering indicator is on, but
soon after we notice the special facilities
bit is off too (bit1 of 1st byte) so, in
conclusion, for the VODAFONE RO SIM
card we used, the ciphering indicator is
disabled by the network operator default
settings.
Fortunately this is not a problem because
Figure 7. Connection to modem we can use again the AT commands to
override the default settings. We would
like to enable the bit1 of byte1 (special
The corresponding AT command used to
get the Administrative Data SIM content facilities), like the following:
byte1 – 0 0 0 0 0 0 0 1
is AT+CRSM (restricted SIM access) with
byte2 – 1 1 1 1 1 1 1 1
the following parameters: operation type byte3 – 1 1 1 1 1 1 1 1
(176 means binary read), file to be
The corresponding AT command is
accessed (0x6FAD = 28589), bytes to be
illustrated in Figure 9. Please notice the
read (3) [19].
user must have administrative rights to
The result is 00FFFF, as can be seen in
be allowed to alter the SIM content from a
Figure 8, which means:
restricted area.
byte1 – 0 0 0 0 0 0 0 0
byte2 – 1 1 1 1 1 1 1 1
byte3 – 1 1 1 1 1 1 1 1
58
Journal of Mobile, Embedded and Distributed Systems, vol. VI, no. 2, 2014
ISSN 2067 – 4074
References
[1] Android Ciphering Issue, available at:
https://code.google.com/p/android/issues/de
tail?id=5353
[2] The GSM Standard, available at:
http://www.sans.org/reading-
room/whitepapers/telephone/gsm-standard-
an-overview-security-317
[3] K. Paget, Practical Cellphone Spying,
available at:
Figure 9. AT+CRSM command used to override http://www.tombom.co.uk/blog/?p=262
settings [4] Forcing 3G only on Android, available at:
http://siliconstation.com/how-to-force-
Now, since we know how to enable the android-only-3g/
ciphering indicator at the SIM card level, [5] Mobile Country Code, available at:
http://en.wikipedia.org/wiki/Mobile_country_
the next step could be to push Google
code).
(and Microsoft, etc.) to fix the issue in the
[6] U. Meyer, S. Wetze, On the Impact of GSM
next operating system versions. Encryption and Man-In-The-Middle Attacks
on the Security Of Interoperating
8. Conclusions and future work GSM/UMTS Networks, 15th IEEE
International Symposium on Personal,
Turning off the GSM encryption is very possible Indoor and Mobile Radio Communications,
today. In the most cases, such a situation 2004. PIMRC 2004. (Volume: 4), pp. 2876 –
appears without the user being informed about, 2883
simply because such a message is considered [7] C. Toma, Future Developments in Non-
as being too confusing. Repudiation in GSM WAP Applications,
Even if the risks of directly using the AT Journal of Mobile, Embedded and
commands are quite high because wrong Distributed Systems, vol. 1, no. 1, pp. 20-31,
inputs may wipe or brick the phone or the jun. 2009, available at:
SIM card, enabling the ciphering indicator http://www.jmeds.eu/index.php/jmeds/article
has the remarkable advantage of /view/Future-Developments-in-Non-
informing the user each time the Repudiation-in-GSM-WAP-Applications
communication becomes unencrypted, so [8] I. Bosoanca, A. Vargatu, An Overview of
Vertical Handoff Decision Algorithms in
he can take the proper decision about
NGWNs and a new Scheme for Providing
It is not necessary the phone to be rooted
Optimized Performance in Heterogeneous
to be able to use the AT commands to Wireless Networks, Informatica Economică,
directly communicate with the phone vol. 15, no. 1/2011, pp 5-21
modem in order to enable the ciphering [9] I. Androulidakis, D. Pylarinos, G. Kandus,
indicator. Of course a rooted handset Ciphering Indicator approaches and user
allows the direct execution of the AT awareness, Maejo International Journal of
commands from a dedicated application Science and Technology, 2012, 6(03), pp.
running on the phone, so there is no need 514-527
for the PC connection and terminal [10] Ciphering Indicator – Feature Suggestions
application to discuss with the modem. for Windows Phone, available at:
Future work includes deeper researches and the http://windowsphone.uservoice.com/forums/
use and development of dedicated tools in order 101801-feature-
to validate the results. suggestions/suggestions/5825108-
ciphering-indicator
Acknowledgment [11] Centrul de presă Politia Romana –
Comunicat, available at:
Parts of this research have been published
http://www.politiaromana.ro/relatii_publice/d
in the Proceedings of the 7th International
etalii.aspx?id=16556
Conference on Security for Information [12] Security consequences following the
Technology and Communications, SECITC GSM encryption algorithm crack - What is
2014 [17]. the real-world risk from the cracking of the
GSM encryption algorithm?, available at:
59
www.jmeds.eu
http://searchsecurity.techtarget.com/answer/ International Conference on Security for
Security-consequences-following-the-GSM- Information Technology and
encryption-algorithm-crack Communications (SECITC'14), Bucharest,
[13] GSM encryption code 'cracked', available Romania, June 12-13, 2014, Bucharest
at: http://www.zdnet.com/gsm-encryption- University of Economic Studies Press, 2014,
code-cracked-2062060205/ pp. 157-163
[14] Questions about the Interception of GSM [18] Digital cellular telecommunications system
Calls, available at: (Phase 2+); Specification of the Subscriber
http://www.cryptophone.de/en/support/faq/q Identity Module - Mobile Equipment (SIM-
uestions-about-the-interception-of-gsm- ME) Interface, (3GPP TS 11.11 version
calls/ 8.14.0 Release 1999, ETSI TS 100 977
[15] Android Security Overview - SIM Card V8.14.0 (2007-06), available at:
Access, available at: http://www.etsi.org/deliver/etsi_ts/100900_1
http://source.android.com/devices/tech/secu 00999/100977/08.14.00_60/ts_100977v081
rity/#sim-card-access 400p.pdf
[16] Hayes Command Set – GSM, available at: [19] How to talk to the Modem with AT
http://en.wikipedia.org/wiki/Hayes_comman commands, available at http://forum.xda-
d_set developers.com/galaxy-s2/help/how-to-talk-
[17] F. Alecu, P.Pocatilu, S. Capisizu, to-modem-commands-t1471241
Interception of GSM Calls by Turning off the
GSM Encryption, Proceedings of the 7th
60