Am Donnerstag, den 30.07.2009, 23:16 +0200 schrieb Harald Welte:
yes, this is very likely. This is why it is very important how we communicate our work and its result to the public. I actually wnat to build an operational GSM network and an operational GSM mobile phone from open source components. We can show that our work is constructive, that we actually have useful results. Doing nothing else but implementing open specifications in open source software. And among other things, this can be used for security research and to make more engineers familiar with practical aspects of GSM protocols.
But as a matter of fact the GSM standard itself has security vulnerabilities. So are we gonna demonstrate this? For example do you plan to show that false Basestation attacks are possible within a 1000 Euro cost range or something like that? I think we must be careful with such things and everybody should be aware of the fact that openbsc could be abused for criminal purpose. I see this project as a chance to sensitize the general public of GSM security problems and send a message towards industry.
Johannes