Add cellular mode selection option (only 3G/4G/5G)

[GermanAizek]

Device: *
Channel: *
Build: *

Benefits of this functionality

According to the GSM algorithm, the cellular phone typically selects the station with the strongest signal. This is reasonable - you can reduce the power of the transmitter and save the battery. Thus, the trap "takes" the phones on itself. Then she asks from the phone for his...

IMSI: Interntaion Mobile Subscriber Identifier is actually a unique SIM card number; IMEI: Interntaion Mobile Equipment Identifier - unique set number.

Problems

Communication disruption

It is possible to leave the subscriber without communication: first "grab" on yourself, and then break off, and so on to infinity. And you can issue garbage or deliberately incorrect packages.

Intercept conversations

The most delicious. Everything is not so simple here, but easier than it could be. As you know, GSM provided protection against unauthorized capture of information. There are several modes:

A5/0 - in fact, it is plain text, there is no encryption; A5/1 - the first option with a streaming cipher, which is now no longer considered quite persistent; A5/2 - an export version of A5/1 with deliberately low resistance. Where's the bottom? A5/3 is a fairly persistent option that arose with the arrival of 3G.

How does this happen

We describe the algorithm of how a trap is wedged into this system. Immediately note that if the operator initially applies A5/2 everywhere, then the task becomes trivial - this cipher is opened in real time. But operators are not exactly idiots, so they use A5/1. The base station announces this protocol and the phone "agrees" to it, everyone is pleased.

All A5 ciphers work on a key that is stored both by the operator and on the SIM card. It is unique for each subscriber and the cryptograph of the SIM card is responsible for its safety. It follows that the trap with respect to the original base station is "pretended" by the subscriber unit on the algorithm A5/1, and for the real phone "pretends" by the base station on the algorithm A5/2, which is opened on the fly. Thus, the trap retrieves the private key of the subscriber and reconstructs the session with the base station. It's done. Profit!

Counteraction

The most efficient way is to enable 3G mode only, the standard has the most robust key and the least number of vulnerabilities found in this standard.

[GermanAizek]

@Flohack74 If UB project is focused on security, you need to add this functionality.

[Flohack74]

I am not sure I can follow. Are you talking about an IMSI catcher?

[GermanAizek]

I am not sure I can follow. Are you talking about an IMSI catcher?

Yeah, that's right.

[Flohack74]

I dont see in any documentation that this encrpytion is a property of the connection standard. Can you quote some documentation for that claim? Moreoever, 3G is being shut down in many countries, and already now our users are reporting issues whit older devices that have no 4G. I do not believe hardlocking your connection tech will be a useful option in practice. Also, you must be a very important person that your secret service is after you with an IMSI catcher. Those devices are very expensive and must follow you all around your day, so thats nothing your neighbour can pull off "just so". If you are such an important person then Ubuntu Touch is not for you. We are not as secure as already existing, AOSP-based OSes for Android devices. And we probably will never reach that point.

[GermanAizek]

@Flohack74 What is the difficulty of adding additional items to select only a specific standard? Most android devices have such functionality in the settings, in ubuntu touch there is still no such.

[Flohack74]

The difficulty is that we have 100s of requests from users, plus a lot of other urgent things to do, so when we change something, it must be worth and backed by facts. Yes, its software, you can do everything with it, but our time for any changes to UT is precious. Next months core team is blocked with 20.04 upgrade, which is due for quite some time. If you want to do it yourself, or know someone who can work on this, then of course please contribute. One more complication is that the speed selection is done in ofono, and idk if it has an API to lock in a speed. I only know it can do "upper limit" but not "exact that one" selection.