Last night I heard Ali Gündüz speak about Free Software GSM. During the talk, and in the following discussion, many interesting points were made:
- The GSM standard is controlled by only four or five international corporations
- The standard is very complicated for even experts and seasoned developers to grasp
- Mobile phone manufacturers have no access to the source code of the GSM modems that they use in their devices – they don’t know how they work
- Many phones have two processors – one dedicated solely to the GSM modem, meaning that even Free Software and open hardware phones do not have access to the way that GSM is used (even Openmoko phones)
- GSM is incapable of meaningfully encrypting your calls, and its common practice for carriers to allow no encryption at all (in some countries encrypting calls is actually illegal)
- With only a few thousand euros, and the motive to do so, it is possible to eavesdrop on any GSM based conversation
- Several countries’ law enforcement agencies use GSM eavesdropping without warrants
- Network licenses issued by governments are required to set up your own GSM network, are prohibitively expensive, and often already all sold to large carriers.