Will the Librem 5 give us more control over the sim card's protocol communications?


#1

I’d like to be given the tool for a better transparency and management of these “communications” and decide for myself what to allow and what not to, even if there may be a risk of breaking some functionalities.

I see this tool/app being useful by allowing us to record all the logs (if told so), to aggregate this information in a way that it would become useful reading it (i.e. today the xyz call to the xyz function of the sim card was made 5 times, at 2 pm, 1 am etc…) and of course to block some calls/communications.


#2

You can use Librem5 in three ways: one of them is only Wifi.

A No-Carrier Phone?

The Librem 5 can be used in any of three ways:

With a cellular carrier provided phone number, data plan, and WiFi
With a cellular carrier data plan, and WiFi
With no carrier, and using only WiFi

WiFi calling and VoIP calling will be able to be provided in WiFi or data plan modes. With the stretch goal further below, we expect to offer call-out, and call-in with phone numbers in all of these plans as well. If you still require a “traditional” phone number through a carrier and want to make unencrypted phone calls or messaging, it will be an option you can choose, but is not required (we recommend avoiding unencrypted phone calls).


#3

That’s great, but all that requires internet access and when you don’t have it - you make traditional calls and this is where my suggestion would come in handy, it offers transparency and control to the user.


#4

I enjoyed the video.

I doubt the Librem 5 will have this feature.

I wonder what kind of control you could actually exert with this technique.

I think of the modem and SIM as two parts of the same black box, which is in turn part of the cellular network. The black box knows my phone’s location, shares the SIM identity with the network, and sees the incoming and outgoing call audio, SMS messages and IP packets, but it has to do those things in order to function correctly, so if you want to prevent those things then you may as well just switch the modem off entirely and save some battery charge.

The modem/SIM black box doesn’t have access to any other sensors or data inside the phone. (Unless you store your own data on the SIM card.) The main CPU mediates everything.

Maybe you can manipulate the SIM protocol to make the phone seem to be out of range when people try to call it? That’s about the only thing I can think of besides just exploration and education.

If you don’t care whether they know you’re in-range, then you could just block calls by having software on the main CPU hang the call up or let it ring off silently. No need to intercept the SIM communications.

What’s more interesting is the radio interface between the modem and the rest of the cellular network. I can think of a few more things you could do if you controlled that, but that’s a different matter and not likely to happen for many years, if ever.


#5

Really? The cellular network (possibly) knows, by triangulation, but the chip itself can not determine it. It has no access to GPS or wireless. Ultimately, of course, it means that the provider knows your approximate position, if you don’t turn it off. And as you said that wouldn’t change if the firmware was free.

From the campaign page:

The mobile baseband will most likely use ROM loaded firmware, but a free software kernel driver.

I would assume that the firmware / driver interface is rather low-level. Maybe that even includes the possibility to know the commands exchanged between SIM, modem and tower? Either way, I agree, there is probably not much interesting to be found, because every action (that can not already happen on the network provider side) that could constitute spying or manipulation would require the kernel driver to cooperate.

One possibility that I find interesting (and I’m pretty sure we could have), is to have access to detailed statistics on the cell towers. Lacking proper authentication, you could at least monitor that data for anomalies. (If the cell tower, that you are connected to while also being connected to your home wireless, suddenly sends at double intensity, you might want to check if there’s a van with dark windows in front of your house, mimicking a tower. Perfectly disguised with the imprint “Vote John Doe. Your man from the middle” :wink: )

Or, a bit simpler: Whitelisting based on meta-data (which probably only works if the potential spy doesn’t expect it) “Connecting to an unknown cell tower. Deny - Allow - Allow always”


#6

But the chip, which I don’t control, is in collusion with the cellular network, so it may as well be assumed that they both know my location. The network needs to know my location, otherwise it cannot route calls and packet data to my phone.

I would expect a serial interface using AT commands or a USB CDC interface, or both. That’s how it usually works for mobile broadband modem cards for laptops. Regardless of the specifics, I think it will be an abstract interface, higher level than you are describing.

That said, the modem might implement commands that return interesting data about the network upon request, so there might be some things you can do with that.

The SIMCom 7100A and SIMCom 7100E list serial AT and MBIM (part of CDC) as interfaces. They also list RIL, which does look a little lower level. If these are the modems used on the development boards, I expect development has focused on an interface they support.

You propose some good and detailed use cases. :slight_smile:


#7

I can almost guarantee that you will. The OS might not come with a built-in reporting tool from the start, but not only will we have ready AT command access as mentioned above (for the basic cell tower statistics), but it’s a Qualcomm chip attached to a Linux system - which means that we get the /dev/diag interface and as such will be able to read the raw byte-level output directly after the demodulation and decoding stage from the cellular network. The means for doing that is already implemented under Android through a piece of GPL software called SnoopSnitch (https://opensource.srlabs.de/projects/snoopsnitch).

Implementing that for the Librem 5 shouldn’t be too difficult… well, I can kinda see how to port the parser software across and how to replicate their analysis code with something hopefully a little slimmer than SQL, but I have absolutely no idea how to code GUIs to make the information visible. That’s actually going to be my first project once mine arrives - to get a SnoopSnitch equivalent running. That piece of software is the only reason I even have a “modern” smartphone (Samsung Galaxy S5 running Lineage 14.1) instead of my lovely old Nokia E55. If I can’t have my passive network analysis tool, then there’s no reason for me not to stick with the phone which has a month of battery life and fits in the tiniest of pockets.


#8

Here is a very interesting follow-up video to the first one, enjoy :blush: