Open Source GSM Network At Dutch Hacker Convention 141
solevita writes "Harald Welte, who's been interviewed previously by Slashdot, has written on his blog about operating an Open Source GSM network at the recent HAR2009 conference. Photographs and a description of the setup, run under license of the Dutch regulatory authority, are provided; essentially the setup consisted of a pair of BTS' (Base Transceiver Stations) running at 100mW transmit power each and tied to a tree. In turn these provided access to the Base Station Controller (BSC), in this case a Linux server in a tent running OpenBSC. The system authenticated users with a token sent via SMS; in total 391 users subscribed to the service and were able to use their phones as if they were on any other network. Independent researchers are increasingly examining GSM networks and equipment, Welte's work proves that GSM is in the realm of the hackers now and that this realm of mobile networking could be set for a few surprises in the future."
Re:What are the costs? (Score:0, Insightful)
That kinda thing happens only in civillized regions of the world anyway.
This article is merely masturbatory material for Slashdotting Americans who wish that their government wasn't the sixth Reich. While we're at it, we'd like ponies. captcha: unrest
-- Ethanol-fueled
GSM? Future? WTF? (Score:2, Insightful)
Independent researchers are increasingly examining GSM networks and equipment, Welte's work proves that GSM is in the realm of the hackers now and that this realm of mobile networking could be set for a few surprises in the future.
Interesting. And here I thought that at least where I live, operators would love nothing more than to get rid of the old GSM networks in favor of newer technologies.
They can't do that quite yet but constantly larger part of data transfers utilize 3rd generation technologies... GSM will probably be around 5 years from now, I doubt it will be 10 years from now.
GSM and future just don't mix. Hackers should have looked at it a decade ago.
Re:what it means (Score:3, Insightful)
CB is rather bandwidth inefficient, though, and can't handle multiple users well. Then again, allowing average Joe to throw up a cell tower isn't the greatest of ideas for spectrum utilization, either.
Re:what it means (Score:2, Insightful)
Is there anywhere on the planet where spectrum utilization is demonstrably worse than it is in the United States?
I don't think the FCC does a terrible job, or even a bad job, but people are, in general terms, pragmatic and lazy, so I wonder just how tragic this particular commons would be in the long term.
Re:what it means (Score:4, Insightful)
I'd be more worried about 'surprises' involving A5/1 cracking and the privacy implications. As they put it in the HAR talk, TCP/IP services have been analyzed all the way and back because anyone can get an Ethernet card, put it in promiscuous mode, and start sniffing/injecting packets. This hasn't been the case for GSM until recently. Nevermind that GSM is designed such that mobile equipment (cellphones) are authenticated, but networks aren't - you can set up a rogue network and any cell will happily connect to it automatically!
A5/1 has been shown to be vulnerable many years ago. There is now an A5/1 cracking project [reflextor.com]. If you have the resources (Nvidia CUDA graphics card) you should help them build rainbow tables, or just mirror the site and SVN in case bad things happen again like they have in the past (there's more than one government that would like to shut down such a project). A public demonstration of A5/1 cracking would do a lot towards debunking the myth of GSM security.
Free phone calls? I doubt people are *that* interested in them, nevermind that any issues people find are probably easily fixable at the operator's side anyway However, another issue that might arise is DoS attacks against cell networks. Apparently a lot of GSM expects the terminals to "play nice". Deliberately doing things outside the spec can cause an entire cell to deny service to all the other users.
Basically, GSM is a very large part security through obscurity these days, and its end security-wise is looming closer. Let's hope the newer standards (3G) have done things better.
Re:GSM? Future? WTF? (Score:4, Insightful)
Oh dear, someone clearly has a new 3G phone and thinks everyone should dump that old stuff. Because it's old. Nobody likes old technology! It has to be new and flash!
I suggest you educate yourself before criticising a technology that has served the world [coveragemaps.com] (as well as the U.S.) for a good several decades. Apart from video calls and high-speed internet access, GSM does everything that 3G does. For many people, voice calls and text messaging is still what they use a mobile phone for. Mobile phone use is taking off in poorer parts of the world because it's cheaper and simpler to set up towers that can serve hundreds (thousands?) of people across a large area than run telephone lines to every single house ("leapfrogging [wikipedia.org]"). This software (OpenBSC) could certainly be of use in these parts of the world.
UMTS [wikipedia.org], a 3G technology, uses GSM's Mobile Access Part (MAP) and voice codecs. It's basically GSM with a new air interface. Handsets using UMTS can also use 'old' GSM when there's no 3G coverage.
So this development effort will not be for naught in the 3G world. They'll just have to find some new hardware that does UMTS and will continue working.
Uhhhhh... I smell trouble (Score:4, Insightful)
Let's see what we got here...
1) Companies with a lot of money and a lot of influence in Washington.
2) Companies that invested little if anything into securing their systems, deeming it inherently secure because nobody could break into it anyway.
3) Companies whose very business model relies on an oligopol, if not monopol in certain areas, on the service they provide.
I smell terrorist laws concerning "private" GSM networks any time soon.