How to wiretap or identify a GSM phone - and enable the masses

Submitted by Quest-News-Serv... on Sat, 06/20/2009 - 02:05.

Wednesday, June 03, 2009

How to wiretap or identify a GSM phone - and enable the masses


David Burgess, a software/radio engineer formerly employed in building
GSM-tapping equipment, has turned his efforts to publicly implementing
the GSM standards in free software under GPLv3. He hopes to provide
low-cost GSM communication service to billions in underserved regions
of the world. He also hopes to demystify the cellular networks for
a generation of hackers.

His OpenBTS software builds on the GNU Radio framework and the USRP
computer/radio interfaces to implement a fully functional GSM network
base station, making voice and SMS calls with ordinary GSM handsets,
and back-hauling via VoIP networks. Early code was tested at Burning
Man last year, and he hopes to provide free communcation service to BM
participants this year (as well as doing some testing in field
conditions under serious load).

His understanding of the GSM protocols comes from reading the published
standards documents, which are written in bureaucratese but can be
decrypted without a secret key. However, a former customer of his
has been suing him for alleged disclosure of trade secrets, claiming
that either the GSM protocol or perhaps the way to wiretap a GSM phone
is secret (the published court documents make vague allegations, as

David's blog, "The OpenBTS Chronicles" has a variety of interesting
posts, one of which links to a German patent on an IMSI-catcher which
lets wiretappers force a phone to identify itself, and to a UK High
Court decision that upholds it (and also reveals a Nokia patent on how
to do a man-in-the-middle attack on a GSM phone). Clearly the things
revealed in these documents are not trade secrets. But they may be of
interest to this list.

I also found that David's posting on "The Value of Knowing How Stuff
Works" struck a chord with me.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo [at] metzdowd [dot] com



| fde-subscribe [at] www [dot] xml-dev [dot] com| fde [at] www [dot] xml-dev [dot] com |



( categories: )