Russian/PGP/Encrypted SIM card - how they defend your privacy.

Aug 14 , 2020

Russian/PGP/Encrypted SIM card - how they defend your privacy.

Introducing Encrypted SIM cards

Encrypted SIMS carry a number of names, from PGP SIM, Russian SIM, Encro SIM or simply an encrypted SIM card & yet these names are terrible descriptors of what the SIM card do.

Encryption is a fraction of the privacy service offered by these amazing devices & they represent only a tiny fraction of the global infrastructure that resides in the cloud providing users with an always-on, unlimited calling, global roaming voice call service which is completely anonymous.

Through a combination of clever tactics & advanced technology, Omerta eSIMs allow for secure calling to be made from any unlocked mobile phone over the GSM network. This article has been written to explain how these devices work so you can make an informed decision.

Risks associated with GSM Network

The risks to privacy when using a mobile phone on the GSM network consist of the following:

  • Intercepting your calls
  • Identifying your location (both present & historical)
  • Identifying your credentials & social circles (name, address, call history from records held by network providers)

You would think the name Encrypted SIM card means the main defence provided by the SIM cards is simply by encrypting your calls however the reality is the SIM cards work by utilising a series of strategies since the attack vectors are numerous & varied in approach. If we implemented a single solution the cards would offer very little real value in protecting you.

We breakdown each risk below & highlight how our technology mitigates or removes these risks. Do not be fooled into thinking there is a silver bullet for protecting yourself on the GSM network. If your SIM card doesn't provide these features you need to ask why.

Intercepting your calls

Mobile phones connect to the phone network by connecting to the mobile cell tower emitting the strongest signal. This acts as your gateway for communications & the mobile cell tower actually has a significant amount of control over your call. For example, when a call is made, it is the cell tower which instructs your phone to encrypt the call. It even tells the phone which encryption standard to use & worryingly your phone will agree to these instructions without any security checks (this is a fundamental design failure within the entire mobile phone infrastructure)

Authorities can eavesdrop quite easily into mobile phone calls by using a device called an IMSI Catcher. This device pretends to be a mobile phone cell tower & your phone will connect to it simply because it spoofs the handset into thinking it is the strongest signal. Once the phone has connected to the IMSI Catcher, the device can instruct your phone to use no encryption thus rendering your call completely open for listening into. It is a classic man in the middle attack.

We deploy a number of strategies to defend against this; chiefly:

  • The SIM card is programmed to avoid connecting to the strongest cell tower; meaning it will not connect to an IMSI Catcher - this completely mitigates the risk associated with interception & encryption removal. 
  • The majority of IMSI Catchers cannot intercept incoming calls - a key feature of our SIM cards is that when you dial a number, the SIM card connects to a virtual switchboard in Russia which then disconnects the call & then calls you back. Whilst this is transparent to you (the process happens in a split second & end users have no awareness of this process) it is another mitigating strategy.

Finally, your call can be intercepted without the use of an IMSI Catcher. In these scenarios, the call encryption is enough to prevent the call being deciphered.

However, to ensure you can communicate to anyone using encryption, we have to utilise technology native to all phones, which is A5/1 encryption. In certain circumstances, this encryption standard can be broken & deciphered but not in real-time. We mitigate this risk by disconnecting calls after 7 minutes.

So, hopefully, you can see there is much more going on than encrypting a call to protect your privacy - we actually employ a number of tactics specifically designed to de-risk, mitigate or defeat any attack.

Furthermore, due to the call back feature it is actually impossible to prove a call ever took place (once you factor in number substitution & inability identify location).

Identifying your location (both present & historical)

Another privacy threat is being able to identify your location from cell tower data. With a standard SIM card, a number of markers are provided tying the phone to you & your location. Again we use a series of strategies to render this impossible & tactics used include:

  • Your SIM card doesn't broadcast a IMSI number (this is your phone number)
  • Your IMEI number is not broadcast
  • We connect to a random cell tower, not the strongest signal, meaning you can't triangulate the position of the phone
  • There is no billing information to cross-reference
  • Our servers also encrypt any geolocation data residing in the call.

So besides protecting your call contents, we also protect your location, an important factor for many investigations.

Identifying your credentials, phone usage & social circles (name, address, call history from records held by network providers)

Obviously the lack of records means no paper trail can be traced back to you from any calls however we provide a much more significant level of anonymity. Authorities can establish every device a SIM has been used in by merit of the IMSI number broadcast whilst an IMEI can be used to identify every SIM which has been used in a phone. Since our SIMs present neither number these risks are mitigated. 

Since all calls originate from a virtual switchboard, it is impossible to trace a call back to you & the recipients call logs to show a random number thanks to number substitution. Finally, to further muddy the waters, we employ voice modulation to prevent voice identification.

Finally - we can also "bake" the Omerta ESIM into the handset so it is a virtual SIM rather than a physical chip. This means should you have to factory reset the phone, be it under duress or otherwise, no trace of the SIM will exist.