I still have not seen that the phone shows the lack of encryption in the network. Even when testing OpenBTS, which does not support encryption. In fact, until recently I did not even know what to call the specification is recommended to do so. I learned about it on 26C3 of the sensational report Karsten Nola (Kartsen Nohl) and Chris Paige (Chris Paget) and the consequent discussion. It is said that some phones do not know how to show icon lack of encryption, and the rest do not show, because this feature is blocked by an overwhelming majority of operators by setting a special bit in the SIM-card. Here's how it is described in the specification GSM 02.07 Normative Annex B.1.26:
Ciphering Indicator
The ciphering indicator feature allows the ME to detect that ciphering is not switched on and to indicate this to the user, as defined in GSM 02.09.
The ciphering indicator feature may be disabled by the home network operator setting data in the «administrative data» field (EF AD) in the SIM, as defined in GSM 11.11.
If this feature is not disabled by the SIM, then whenever a connection is in place, which is, or becomes unenciphered, an indication shall be given to the user.
Ciphering itself is unaffected by this feature, and the user can choose how to proceed.
In my free translation:
Indicator encryption
Indicator encryption allows ME (Mobile Equipment, mobile equipment, ie mobile phone) to determine that encryption is not enabled and report it to the user, as defined in the specification GSM 02.09.
Inlikator encryption may be blocked by domestic telecoms operator (ie operator, which produces the SIM-card), setting the field "administrative data» (EF AD) on the SIM-card, as defined by the specification GSM 11.11.
If the light is not SIM-locked, then the connection that already or just will not be encrypted, must be accompanied by an indicator of the lack of encryption.
Of course encryption is not affected by this
The indicator does not affect the encryption itself, and the user himself decides how he act.
Also, this "feature" is mentioned in GSM 02.09 Section 3.3.3:
Functional requirements
...
The ME has to check if the user data confidentiality is switched on using one of the seven algorithms as defined in GSM 02.07. In the event that the ME detects that this is not the case, or ceases to be the case (eg during handover), then an indication is given to the user.
This ciphering indicator feature may be disabled by the SIM (see GSM 11.11).
In case the SIM does not support the feature that disables the ciphering indicator, then the ciphering indicator feature in the ME shall be enabled by default.
The nature of the indicator and the trigger points for its activation are for the ME manufacturer to decide.
During the establishment of a call the trigger point shall be at call initiation at the latest. In the case of handover the trigger point shall be the completion of handover at the latest.
The manufacturer may provide the means to enable the user to temporarily disable the feature. This should be done in such a way that the user can protect it from misuse.
In my free translation:
Functional
...
ME has to check whether your protect your privacy, one of the seven algorithms defined in the specification GSM 02.07. If it is not, or has ceased to be so (for example, in the case of transfer of connection (handover'a)), the user is an indicator.
Ability to display an indicator fishrovaniya may be banned SIM-card (see spetsifikatsaiyu GSM 11.11).
In case the SIM-card does not support the ban encryption indicator, the ability to display an indicator of encryption must be enabled by default.
The essence of the indicator and the point of its inclusion are determined by the manufacturer ME.
During installation the connection point should be included indicating no later than the initialization call. In the case of transfer sodineniya point inclusion indication should be no later than the completion of the transfer connection.
Manufacturer may give oplzovatelyu to temporarily disable this feature is to be in such a way that the user can protect her from the wrong (Log) use.
Well, in the specification GSM 11.11 Section 10.3.18 describes the actual format for storing the flag to the SIM-card. It is called the OFM and is stored in the low bit of the third byte field EF AD (Administrative data). In the specifications for GSM its value for some reason not rashifrovyvaetsya, and more Within the specifications, such as 3GPP TS 31.103 Section 4.2.5 of its value is clearly written:
The OFM bit is used to control the Ciphering Indicator as specified in TS 22.101 [21].
Ie
Bit OFM is used to control the Indicator of encryption, as described in the specification TS 22.101.
So, with adapter for reading SIM-cards or smart cards should be possible to check this bit, as if programmed SIM-cards - remove it and check whether the phone shows the lack of encryption when connecting to OpenBTS. What I'm going to do soon.
If you have a SIM-card, try to read this bit on your SIM-card. Let's see whether all the operators hide the indicator encryption?
PS Thanks Sylvain Munaut for something that gave a clear reference to the place in the standard, where this "feature" is described.






