← Back to team overview

touch-packages team mailing list archive

[Bug 1412444] Re: no indication when the cellular network connection is not encrypted

 

Tony, thanks for the links to those bug reports. Quotes from the Android
bug report that address my earlier questions:

0. What is the threat model: "it's about exposing and tracking
surveillance, not necessarily directly increasing security."

1. What is the Type I error: "Nation state attackers are just going to
intercept traffic when it hits the carrier network. Link level
encryption won't slow them down in any way." And: "All link level
encryption is broken, because via SS7 you can retrieve the encryption
keys and SS7 isn't authenticated. And there is no easy way to change
that, because without key handover your mobile phone would in fact be a
stationary phone."

2. What is the Type II error: "Carriers routinely turn off network
security in cases of natural disasters or popular events such as
concerts, when networks become overwhelmed. Displaying a notice in those
cases only serves to confuse people."

3. Why would anyone use Signal or Telegram instead: "Android traffic
routinely traverses untrusted networks, such as open wifi access points,
and end to end encryption is the only solution that guarantees the
integrity and confidentiality of the data."

4. Which, if any, of the seven encryption algorithms are worthwhile:
"A5/1 and A5/2 are broken. There has been no published work on A5/3 or
A5/4 ... Also all the active interception gear just doesn't use
ciphering at all."

To summarize my understanding, then: If the cellular network connection
is not encrypted, you might be being spied on ... or you might just be
at a concert or in a natural disaster. And if it *is* encrypted, that
does not mean that you are *not* being spied on, either. So even if we
limited our goal just to notifying you of surveillance, we couldn't be
confident either way.

So, while I would be delighted if we could provide some just-in-time
indication -- or even bad-TLS-style blocking -- for insecure
connections, I don't think we can with the networks currently in use. If
this changes five or ten years from now, such that legitimate
connections always use well-researched link-level security, maybe that
can be revisited. Or if there is some specific situation where we could
be confident that you were being spied on, that might be presentable
too.

In the meantime, though, it's reasonable to show the encryption type in
System Settings somewhere, so I'm moving this report there.

** Project changed: ubuntu-ux => ubuntu-system-settings (Ubuntu)

** Changed in: ubuntu-system-settings (Ubuntu)
       Status: Triaged => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to indicator-network in
Ubuntu.
https://bugs.launchpad.net/bugs/1412444

Title:
  no indication when the cellular network connection is not encrypted

Status in the base for Ubuntu mobile products:
  New
Status in indicator-network package in Ubuntu:
  Triaged
Status in ofono package in Ubuntu:
  Confirmed
Status in ubuntu-system-settings package in Ubuntu:
  Confirmed

Bug description:
  From TS 100 920 - V8.1.0:

  3.3.3 Functional Requirements:

  """
  The ME has to check if the user data confidentiality is switched on using one of the seven algorithms. In the event that
  the ME detects that this is not the case, or ceases to be the case (e.g. during handover), then an indication is given to the
  user.

  This ciphering indicator feature may be disabled by the SIM (see GSM
  11.11).

  In case the SIM does not support the feature that disables the ciphering indicator, then the ciphering indicator feature in
  the ME shall be enabled by default.
  """

  My understanding of this is that we should at least show a warning
  icon and maybe explanatory text inside the i-network and maybe
  relevant apps like phone-app and messaging-app that the cellular
  communication channel is not encrypted. Without encryption anyone with
  sufficient equipment can eavesdrop the voice and data communication
  between the cell tower and users phone.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1412444/+subscriptions