I've long suspected that the only way to make an actually private/secure cellular phone is by bypassing 3G all-together and making it optional -- forcing the SMS/SIP features of the phone were actually on separate hardware that had very limited integration with the phone itself (essentially as dangerous as any external USB device would be)?
Most smart phones are considered pwned-by-default due to the inclusion of the 3G/4G/whatever chip you have no control over.
Of course, there's the whole issue of distributed trust by way of pre-loaded X509 certs but there are some relatively secure ways around that (keybase, meeting in person and swapping PGP keys, etc) that would move the goalpost far enough to where it might not even matter any more.
Does anyone know anything that's close to this? basically a phone that only uses SDR for connectivity?
> SMS/SIP features of the phone were actually on separate hardware... basically a phone that only uses SDR for connectivity?
Not exactly what you’re after, but the Librem 5 (crowd-funded, at the head-scratching stage) aims to put the baseband processor in an optional M2 slot with killable power. On a device that runs Debian. From following progress on that project I’ve got the impression that everything to do with chips for mobile connectivity are so patent/IP-law encumbered that there’s little hope for Free Software replacements.
I think only the prototypes are using M2. The production devices likely won't have a removable modem, but it will still be a separate chip with separately controllable power.
In case of SDR you should not forget to get a license to transmit in GSM spectrum:
Legalities and options
The GSM spectrum is very expensive private property. You may not transmit (or even receive) in GSM bands without permission. In the UK, it is an offence under the Wireless Telegraphy Act to transmit on licensed bands without permission and furthermore intercepting GSM without a warrant is an offence under the Regulation of Investigatory Powers Act.You should apply for a licence (example from OFCOM below) before commencing GSM testing and will also need a faraday cage to suppress radiation. (For these reasons, GSM interfaces get less scrutiny than TCP/IP for example).
If you want to use an SDR instead of a dedicated 2G/3G/LTE modem, you would still need 2G/3G/LTE baseband firmware to teach your SDR how to access the cell network (if/when you wanted that). As mentioned by "pjc50", OsmocomBB (see https://osmocom.org/projects/baseband ) aims to do this for 2G, though it isn't quite ready yet. FreeCalypso (see https://www.freecalypso.org/software.html ) has a working 2G firmware, but is focused on very specific hardware. Note that any free/adaptable baseband firmware for 3G/LTE is still a long way off.
In the meantime, it's better to use a phone that gives you control over the cellular modem (if you still need the modem), as "confounded" suggested (with the Librem 5). Other phones similar to the Librem 5 are also specifically designed to ensure the modem is not doing anything unexpected, such as the Neo900: https://neo900.org/faq#privacy - "Unlike some other smartphones do, Neo900 won't share system RAM with the modem and system CPU will always have full control over the microphone signal sent to the modem. You can think of it as a USB dongle connected to the PC, with you in full control over the drivers, with a virtual LED to show any modem activity."
Regardless of which of these you choose, you can already separate your phone number from your SIM card with projects like https://jmp.chat/ so you don't need to use a cellular modem just to send/receive SMS/MMS and calls if you happen to be around wifi already. And you get other nice features like voicemail auto-transcribed and delivered as text by default, too (see https://jmp.chat/#voicemail for details).
So I'd start by using https://jmp.chat/ with your existing phone and phone number, then switch to new phones/modems as the modem separation gets better.
This was an awesome read. I finally decided to resuscitate my old ThinkPad x200s who had a modem card in it, put SIM card in the spot and do some testing. Sammy/fammi worked after some quarrel with ModemManager (not really it's fault, it was doing his job).
By the way this read has resuscitated an old fantasy of mine: adding an indirection layer to my mobile phone presence.
After this testing I am finally sure I can leave my SIM card at home and just use a regular internet connection to poll messages from home. My bigger fantasy is to be able to proxy calls too, so that I can finally leave this third-millennium-leash (my phone) at home.
You could add this indirection layer with something like JMP instead.
With https://jmp.chat/ you don't need a SIM card at all - you just login to your phone number with an XMPP client (SMS/MMS) or SIP client (voice) and use it wherever you have an Internet connection. If you only want to use it at home, you can just use wifi and don't need to pay any cell carrier. But if you do want access to your number away from wifi, you can get a cheap data-only plan and use XMPP/SIP clients on your phone too. It's always up to you if you want to be tracked - you can turn off your phone('s modem) and use your number only over wifi whenever you like.
No, that's not what I want. Stuff like JMP might not work in my country and would tie me to that particular provider.
I dream of a solution where I just put a SIM in and I am good to go (go as in "go away from the physical location of my sim card"). SMS will be forwarded to my email inbox and upon receiving a phone call it will be forwarded to the computer I am currently using via some protocol (SIP/webrtc?). Whether such computer is a mobile phone connected to the internet via a cellular modem or a laptop connected via some wifi that should not matter.
This should work with my current SIM card and with whatever other SIM card from any provider.
And BTW FYI: JMP does not work in my country. Please stop assuming everybody is from the US.
I'm trying to do a thought exercise on how I might approach building a Twilio side project, but after I buy phone numbers from sipTrunk, I wouldn't know how to connect it to sim cards.
Depending on what you want your project to do, you don't need to connect a phone number to a SIM card. Twilio does that for you, letting you use their API to send and receive SMS (text) messages with other phone numbers. It's the recipient's phone number, not your Twilio one, that's connected to a SIM card.
What the linked post here talks about is using a device that's basically a mobile phone in a USB stick form factor to send and receive SMS like you'd do on a mobile phone. You buy a SIM, insert it into the device, and start texting. That's the other side of what your Twilio project would do.
Oops I reread my statement and I think I miscommunicated. I meant I'm trying to figure out how I might build Twilio (the product). OP's article shows how to send/receive texts (check). I don't know how Twilio buys numbers, and how I might build a service that buys numbers for people.
>"JMP gives you a Canadian or US phone number that is yours to keep. JMP allows you to send and receive text messages and picture messages using your Jabber client, with calls delivered to voicemail (including a text transcription) by default. "
I've inherited (then reinstalled) a monitoring system using SMS Tools. The modem has a long USB cable, and an external antenna. I positioned the antenna on top of the rack.
It's in the middle of the ground/machine floor of a large building, so there's a lot of thick concrete walls around, but it gets a good signal and reliably sends SMS alerts to me.
Side note, is it just me, or is the Android Messages app really laggy? Especially on the phone, there is a significant delay from when I hit send to the message popping up on screen, to the point that I frequently get the "Messages has stopped working, would you like to stop it" dialog. It has been slowly getting better, but it's still surprising in such a high-profile app so I'm wondering if it's something specific to me.
That said, I recently switched to AM from Pulse (which also has a webui). I quite liked Pulse, but the web interface had a lot of trouble staying in sync, plus it requires a subscription to use the web interface. Also tried MightyText, but $7/mo is ridiculous and it also had sync issues. Android Messages seems to have really nailed sync across several devices, which is pretty important to me.
> So, we got hold of a USB GSM modem and used a prepaid phone SIM. This allowed us to receive unlimited messages for free.
Keep in mind it is common (at least in EU) for mobile providers to forbid M2M and M2P traffic when using typical customer tariff plan, especially ones with unlimited messages. It's quite easy to detect it and SIM cards used in such way are blocked rather quickly.
The first mistake in the article is using smstools. Having personally had to deal with smstools for the past two years, using Gammu SMSD or even a paid SMS Gateway would have been a better choice.
Granted, this was on OpenWRT using a frozen version of smstools and largest issues were with trying to get Å, Ä & Ö to work (fun times with UCS-2/UTF-8/WTF-8 and Latin1/CP-1502/ISO-8859-1). It sure was an experience and in the end, the problem was blown away by just using UTF-8 (which had the unfortunate side-effect of doubling the amount of sent messages due to the space taken by the encoding).
What puzzles me is how easily large entities go for services that send from a random phone number (for example, VR in Finland sends "mobile train tickets" via random numbers that change with every message) where as some opt to "fake" the from number to have the company/service name.
Btw. if its just about replying to an SMS manually, tools like kdeconnect [1] can be handy which allow you to write SMS messages on your desktop and send them via your smartphone.
Before anyone thinks of implementing this for large-scale notifications/outbound SMS with one SIM card and an "unlimited" SMS plan for $40/mo, be aware that your cellular carrier will rate limit or cut you off completely pretty quickly if you use it for bulk SMS.
There's a reason why various VoIP providers have APIs and bulk SMS rate pricing.
Great project, definitely going to do this. I've been wanting a setup like this to use with the Gnokii(1) toolkit for sending SMS class 0 messages. Maybe this toolkit can do this as well.
Curious if anyone else here has tried this as well...
You don't need any of this stuff. It might be technically cool to do SMS now, but there is an android app for SMS Gateways. Just have an extra phone that sits around and sends SMS all day long. Much cheaper than Twilio if your sending large amounts of text messages.
Is it possible to write an Android/OS app that has full control over SMS, and have that app connect (as a "node") to a central server for sending/receiving messages? Then, if you need more throughput, just turn on some more phones?
Most smart phones are considered pwned-by-default due to the inclusion of the 3G/4G/whatever chip you have no control over.
Of course, there's the whole issue of distributed trust by way of pre-loaded X509 certs but there are some relatively secure ways around that (keybase, meeting in person and swapping PGP keys, etc) that would move the goalpost far enough to where it might not even matter any more.
Does anyone know anything that's close to this? basically a phone that only uses SDR for connectivity?