Gsm security - we're at the mercy of the firmware

Brian Kemp brian.kemp at gmail.com
Wed Jan 4 00:27:20 UTC 2012 

On Wed, 2012-01-04 at 00:59 +0100, Matthias Weiler wrote:
> Dear List,
> 
> going through last years 28c3 talks a came across a talk [1] (and it's
> summary [2]) about GSM (in-)security. Naturally I thought about
> replicant handles and could handle those issues.
> 
> * silent SMS
> The user has to be notified about them.

We are at the mercy of the radio firmware here - it is possible that the
application processor would not be aware of an SMS being received.

That being said, some "silent SMS" like the ones CarrierIQ is known to
use...well Replicant doesn't know about CarrierIQ so it would send that
on to the user.

> * IMSI-Catcher
> Discovering those seems to be non-trivial (but I'm not into the topic at
> all) but should be thought about.
> 
> * turning off GSM
> It's just a work-around but it might help in many situations. There is a
> "2G only" option but no "3G only".

As far as I am aware, UMTS and HSPA are separate from GSM/GPRS/EDGE,
but I don't think the current radio firmware supports those modes of operation.

> Am I right that as the firmware is free software, any change should be
> possible in theory at least, or are there parts that are in hardware and
> unreachable for us?

I would consider the Radio firmware to be unreachable hardware at the moment.

> And are there links between replicant and osmocom? It seems like the
> projects could benefit a lot from each other. Because as they say on
> their wiki:
> > In short: By using OsmocomBB on a compatible phone, you are able to
> > make and receive phone calls, send and receive SMS, etc. based on
> > Free Software only.

The only chipset supported by OsmocomBB is the TI Calypso chipset, which
is used in the FreeRunner. The phones supported by Replicant don't use
that chipset.

Even the FreeRunner's firmware (that ships with it) is not exactly
easily modified by the user, which is mostly regulatory compliance. I
think OsmocomBB is still listen-only but it's been a few months since I
looked at it.

Replicant phones are still useful without the GSM part being turned on -
Wifi works in airplane mode, for example. It would probably not be too
hard to set up a mode where wifi & bt worked but GSM did not, but this
would have to be in Replicant as it could get device-specific (as
opposed to an App).



-- 
--Brian Kemp
brian.kemp at gmail.com
PGP Key fingerprint: 1E5BF363
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20120103/d1d9e735/attachment.asc>

More information about the Replicant mailing list