Ciphering Indicator approaches and user awareness

One of the fundamental mobile phone security problems in GSM is the absence of base station authentication, which allows man-in-the-middle attacks. During such attacks, a third party activates a fake base station, which acts as a bypass to the network, thus switching off the encryption and intercepting the user’s communications. 3G mobile networks enforce mutual authentication but this can be circumvented if the 3G band is jammed by the attacker, forcing the phone to connect using GSM. GSM and newer standards provide a user alert indicating that the encryption has been switched off, which is called a Ciphering Indicator. In the present paper, different approaches followed by various manufacturers concerning the Ciphering Indicator are investigated. A total of 38 different mobile phones ranging from old to new and from simple to smart-phones that were produced by 13 different manufacturers were intercepted using a GSM testing device in order to document their reactions. Four approaches were identified with some manufacturers choosing not to implement the feature at all. It was also found that in the cases in which the feature was actually implemented, no universal indication was used and it was seldom documented in the phones’ manuals. User awareness regarding the Ciphering Indicator and security issues was also investigated via an empirical survey employing more than 7,000 users from 10 countries and was found to be significantly low.