RISKS ASSOCIATED WITH GSM NETWORK

The risks to privacy when using a mobile phone on the GSM network consist of the following:

• Intercepting your calls
• Identifying your location (both present & historical)
• Identifying your credentials & social circles (name, address, call history from records held by network providers)
• You would think the name Encrypted SIM card means the main defence provided by the SIM cards is simply by encrypting your calls however the reality is the SIM cards work by utilising a series of strategies since the attack vectors are numerous & varied in approach. If we implemented a single solution the cards would offer very little real value in protecting you.

We breakdown each risk below & highlight how our technology mitigates or removes these risks. Do not be fooled into thinking there is a silver bullet for protecting yourself on the GSM network. If your SIM card doesn't provide these features you need to ask why.

INTERCEPTING YOUR CALLS

Mobile phones connect to the phone network by connecting to the mobile cell tower emitting the strongest signal. This acts as your gateway for communications & the mobile cell tower actually has a significant amount of control over your call. For example, when a call is made, it is the cell tower which instructs your phone to encrypt the call. It even tells the phone which encryption standard to use & worryingly your phone will agree to these instructions without any security checks (this is a fundamental design failure within the entire mobile phone infrastructure)

Authorities can eavesdrop quite easily into mobile phone calls by using a device called an IMSI Catcher. This device pretends to be a mobile phone cell tower & your phone will connect to it simply because it spoofs the handset into thinking it is the strongest signal. Once the phone has connected to the IMSI Catcher, the device can instruct your phone to use no encryption thus rendering your call completely open for listening into. It is a classic man in the middle attack.

We deploy a number of strategies to defend against this; chiefly:

• The SIM card is programmed to avoid connecting to the strongest cell tower; meaning it will not connect to an IMSI Catcher - this completely mitigates the risk associated with interception & encryption removal.
• The majority of IMSI Catchers cannot intercept incoming calls - a key feature of our SIM cards is that when you dial a number, the SIM card connects to a virtual switchboard in Russia which then disconnects the call & then calls you back. Whilst this is transparent to you (the process happens in a split second & end users have no awareness of this process) it is another mitigating strategy.
• Finally, your call can be intercepted without the use of an IMSI Catcher. In these scenarios, the call encryption is enough to prevent the call being deciphered.

However, to ensure you can communicate to anyone using encryption, we have to utilise technology native to all phones, which is A5/1 encryption. In certain circumstances, this encryption standard can be broken & deciphered but not in real-time. We mitigate this risk by disconnecting calls after 7 minutes.

So, hopefully, you can see there is much more going on than encrypting a call to protect your privacy - we actually employ a number of tactics specifically designed to de-risk, mitigate or defeat any attack.

Furthermore, due to the call back feature it is actually impossible to prove a call ever took place (once you factor in number substitution & inability identify location).

IDENTIFYING YOUR LOCATION (BOTH PRESENT & HISTORICAL)

Another privacy threat is being able to identify your location from cell tower data. With a standard SIM card, a number of markers are provided tying the phone to you & your location. Again we use a series of strategies to render this impossible & tactics used include:

• Your SIM card doesn't broadcast a IMSI number (this is your phone number)
• Your IMEI number is not broadcast
• We connect to a random cell tower, not the strongest signal, meaning you can't triangulate the position of the phone
• There is no billing information to cross-reference
• Our servers also encrypt any geolocation data residing in the call.
• So besides protecting your call contents, we also protect your location, an important factor for many investigations.