Temporary Disabling all SMS functions (pre-set flags)

[E3V3A]

One way to disable Silent-SMS and Class-2 SMS that are used for phone location tracking and Number verification, is to disable all SMS functions by temporarily changing (or deleting) the SMS Service Center number. This could be done automatically for a certain warning level or set in the AIMSICD settings. Once danger is over, it can be reinstated or overridden by the user. (Also see discussion in #69.)

Approach: We should be able to do this in Java with API, but it can also be done with AT commands, ServiceMode or debug interface.

Tests: We need to test that this is indeed blocking all types of SMS ingoing or outgoing.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[andr3jx]

Hi I changed SMSC to an invalid number and did some tests. Changing SMSC doesn't prevent the phone from receiving SMS or sending delivery confirmation. I suggest to close this issue. The only thing that changes is that the phone fails to send SMS.

[E3V3A]

Thanks for testing. But the issue remain open, because there are other ways to prevent receiving SMS, possibly even from API. Further investigation is required. (I'll change OP accordingly, later.)

[andr3jx]

There is a way to block incoming SMS using SMS barring feature. But I can't test it because the barring password is not 0000 on my SIM.

- source

How to find call barring settings:

• Press Phone.
• Press the Menu key.
• Press Call settings.
• Press Additional settings.
• Press Call barring.

EDIT: A problem with this approach might be that SMS which were blocked don't get delivered when you switch off barring. But there might be a way to whitelist numbers from which you want receive SMS.

[E3V3A]

Great! Let's just remember when this feature should be used.. It's needed to temporarily prevent:

1. DoS due to SMS flooding of silent (or other) SMSs.
2. The reception of multiple silent SMS used for close proximity tracking.

In such an extreme condition, we really don't care if we don't receive any "Whaaaazzzzup?" SMS.

Also, it's possible that the Call Barring (CB?) is not provided by, due to:

1. SIM card type
2. Network operator services
3. wrong code, possibly you need PIN2, for accessing, just like for FDN s.

[andr3jx]

Yes, but if I know that the phone is tracked, I would rather switch flight mode on. Only if there's SMS DoS and you want to make a call this feature might be good.

[E3V3A]

I agree, which is why we will have the possibility to change thresholds (for various actions) in the detection item/table/matrix. I.e. from the discussion about the detection of silent SMS, it may not be enough to actually confirm that an IMSI-catcher is in use, so we may set a silent-SMS reception limit to 2-3, where the app first disables SMS reception and if further detection variables finally determine that an IMSI-catcher is in use, we either shut down RF completely, or apply other counter measures.

[SecUpwN]

I fully agree with @E3V3A on this point.

[E3V3A]

One method to block further incoming SMS messages is to set the message counter to its maximum value: 0x7FFF FFFF = 2,147,483,647.

@andr3jx Can you test this on your AT available device? (First make sure you can write back a number smaller than the current.)

[andr3jx]

@E3V3A Can you provide more information where exactly this message counter is?

[SecUpwN]

Hey guys! I have just received a very friendly message of @adrian-bl in German. Translation of it:

The SMSC cannot be re-programmed as a normal application. Looking at the AOSP code, the SMSC of rild is configured via opt/telephony/src/java/com/android/internal/telephony/RIL.java:

@Override
public void setSmscAddress(String address, Message result) {
RILRequest rr = RILRequest.obtain(RIL_REQUEST_SET_SMSC_ADDRESS, result);

rr.mParcel.writeString(address);

if (RILJ_LOGD) riljLog(rr.serialString() + "> " + requestToString(rr.mRequest)
+ " : " + address);

send(rr);
}

The settings app is calling this function through the Phone Class in RadioInfo.java:

phone.setSmscAddress(smsc.getText().toString(),
mHandler.obtainMessage(EVENT_UPDATE_SMSC_DONE));

But without the system signature, we cannot connect to Phone Class, which means that this won't be possible to set via the Framework. If we want to change the SMSC, he advises us to connect to rild and send a RIL_REQUEST_SET_SMSC_ADDRESS package. Caution: This only prevents that the Android Framework can deliver things, but he is not quite sure if the Carrier will not receive an ACK from the radio firmware before that. I hope my translation makes sense, would be lovely to see this guy here.

[E3V3A]

That make perfect sense, and we can certainly send the RIL_REQUEST_SET_SMSC_ADDRESS QMI packet. We can probably also use reflection or system application injection, since we're root. I'll have to talk to the guys and figure out the format of that packet. Also, we we dropped the message counter investigation. I haven't thought much more about that lately...

[E3V3A]

There is a property we might be able to use:

    /**
     * Set to false to disable SMS receiving, default is
     * the value of config_sms_capable
     */
    static final String PROPERTY_SMS_RECEIVE = "telephony.sms.receive";

[SecUpwN]

Re-opening this Issue since we need to have another look with someone like @smarek.

[SecUpwN]

Just tossing in this interesting repo which might be useful for solving this Issue: SMS SMSC Android App.

[andr3jx]

We need to rewrite the sender's SMSC which is not supported by android. It doesn't help changing our SMSC. See also this post and this post.