Last night I heard Ali Gündüz speak about Free Software GSM. During the talk, and in the following discussion, many interesting points were made:
- The GSM standard is controlled by only four or five international corporations
- The standard is very complicated for even experts and seasoned developers to grasp
- Mobile phone manufacturers have no access to the source code of the GSM modems that they use in their devices – they don’t know how they work
- Many phones have two processors – one dedicated solely to the GSM modem, meaning that even Free Software and open hardware phones do not have access to the way that GSM is used (even Openmoko phones)
- GSM is incapable of meaningfully encrypting your calls, and its common practice for carriers to allow no encryption at all (in some countries encrypting calls is actually illegal)
- With only a few thousand euros, and the motive to do so, it is possible to eavesdrop on any GSM based conversation
- Several countries’ law enforcement agencies use GSM eavesdropping without warrants
- Network licenses issued by governments are required to set up your own GSM network, are prohibitively expensive, and often already all sold to large carriers.
- Network licenses are are throwback to early 20th century radio and are unnecessarily applied to protocols like GSM – Internet like packet based communication methods could do away with the need for costly government controlled broadcasting
- Because GSM is so tightly controlled and little understood, we can only guess at its privacy problems. Location may be recordable by third parties, chips may always be on and tracking location and call information, law enforcement may be able to gather data without permission
- Free Software GSM systems are used extensively on cruise ships operating in international waters
- GSM is very insecure and vulnerable to trivial attacks – it trusts members of the network to identify themselves correctly and obey guidelines and restrictions, making it easy to bring down a GSM network, lie about who and what your device and network is, and intercept and re-route calls and data meant for somebody else
What will be the outcome of 68% of all human beings relying on a communication system that is insecure, unconfidential and closed to inspection and understanding? GSM looks like a disaster waiting to happen; watch this space!