08 January 2010

Still Spinning

(This post disappeared from the blog a couple of days ago. I don't know why. It's back now.)

A little over a week ago, I posted some comments on Karsten Nohl's public A5/1 attack and the GSMA's response. Reuters & MSNBC think that carrying what is essentially a GSMA press release should somehow pass for journalism. (Thanks, Foneswitch, for bringing this to my attention.) I thought that the links to ads for cellular service were a particularly ironic touch. I hope a real person actually thought to put them there. Irony aside, two things about this press release strike me.

First, the GSMA is admitting that there are simple things that carriers can do to make their networks more secure and that they just haven't bothered doing those things yet. If that's really the case, then Dr. Nohl's public announcements are already having their intended effect of forcing the GSMA to pay attention the security security practices of its members. I'd really love to hear the specifics of these improvements, though, since traces of transactions in most EU and US networks show that they are already just about as secure as their current equipment allows. There's not much left to do.

Second, many GSM networks in other parts of the world, outside the US and EU, are not encrypted at all, not even with A5/2. Many governments simply do not allow their publics to use encrypted cellular networks. This is an issue that is not addressed by Dr. Nohl's project, by the GSMA or by the various media outlets who are providing free publicity for the GSMA's damage control campaign. For nearly half of the world's GSM users, all this bickering and posturing over A5 cracking is irrelevant because they are not even allowed that level of security. Worse yet, most of them probably don't even know that. That's a much bigger story that doesn't get covered.

Given all the recent spin, I think we should probably stop listening to the GSMA and just find out for ourselves how these networks are configured. In that spirit, I would like to propose a new crowd-sourcing project on GSM security: a public catalog of the security and encryption policies of all of the world's public cellular networks. A good place to put this might be somewhere in Wikipedia, where it will be very hard to censor once published. If anyone is interested in organizing something like that, please let me know.


  1. Wikipedia is a bad place, because it is known to be "censored" by many organizations and governments who are just watching for changes they do not like and revert or "fix" them.
    Wikileaks may be a better place.

  2. What is your opinion on http://www.vnl.in ?

  3. My understanding is that you need a VNL core network in order to deploy their VillageSite equipment, so that's very different from what we do with OpenBTS. But that doesn't have anything to do with this blog post.

  4. @Alex You obviously not aware of the wikipedia editing process and policies.

    David, wow, I'm quite surprised that the encryption is not used universally and not even required by protocol. This is indeed sounds like a huge security/privacy hole... BTW, is there a way for a cell network user, to discover whenever the encryption is used, without an aid of any special equipment?

  5. http://www.airshoes.us