Am Donnerstag, den 30.07.2009, 23:16 +0200 schrieb Harald Welte:
yes, this is very likely. This is why it is very
important how we communicate
our work and its result to the public. I actually wnat to build an
operational GSM network and an operational GSM mobile phone from open source
components. We can show that our work is constructive, that we actually
have useful results. Doing nothing else but implementing open specifications
in open source software. And among other things, this can be used for security
research and to make more engineers familiar with practical aspects of GSM
protocols.
But as a matter of fact the GSM standard itself has security
vulnerabilities. So are we gonna demonstrate this? For example do you
plan to show that false Basestation attacks are possible within a 1000
Euro cost range or something like that?
I think we must be careful with such things and everybody should be
aware of the fact that openbsc could be abused for criminal purpose.
I see this project as a chance to sensitize the general public of GSM
security problems and send a message towards industry.
Johannes