28C3: New attacks on GSM mobiles and security measures shown (The H) [LWN.net]

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 29, 2011 19:35 UTC (Thu) by josh (subscriber, #17465) [Link]

To clarify: I do think introducing more openness into these protocols will help make them more secure, but it would really hurt Osmocom if it gets portrayed and perceived as primarily a "hacking tool" (in the negative sense). That would tend to trigger poor reactions to it by GSM operators, which would seriously impact the ability to use Osmocom as part of a FOSS GSM stack for more open phones and other devices.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 29, 2011 19:48 UTC (Thu) by cesarb (subscriber, #6266) [Link]

I thought Harald Welte himself said the primary purpose of Osmocom was to enhance the security of GSM by finding and fixing vulnerabilities?

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 29, 2011 20:32 UTC (Thu) by josh (subscriber, #17465) [Link]

The various project descriptions on the Osmocom site would seem to disagree with that.

The project has certainly found a number of security vulnerabilities, due in large part to shedding more light on systems historically kept closed. However, the project descriptions seem to indicate openness as the primary purpose, with security as a(n intentional) side effect.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 6:32 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

Nah, FOSS-powered phones are just not realistic.

Not in the least because you'll HAVE to lock them down to pass licensing requirements in a lot of countries, GSM spectrum is tightly controlled (for a reason!).

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 7:08 UTC (Fri) by josh (subscriber, #17465) [Link]

People always say this, but the regulations in question rarely back it up. At most, the regulations in question say that you can't make it trivial for users to modify equipment to violate the various standards on the use of that part of the spectrum. (Those rules came about due to the existence of radios with well-known "clip off this one component" fixes to remove blocks on certain frequencies.) Considering how frequently people patch *binaries* to work around limitations, and that either way it only takes one person to make a patch and publish it for others to use, I think you could easily enough argue that the availability of source code does not make it significantly more likely that people will modify the device to violate GSM spectrum standards.

Also consider the widespread availability of software-defined radios, which can easily violate any spectrum regulation you'd care to name.

I don't see it as impossible to have a fully FOSS GSM phone/radio/etc, just more difficult than a proprietary one. Doing something differently always requires more work to blaze the trail.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 9:52 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

I have actually checked the relevant laws several years ago when I worked in a local telecom startup.

In Ukraine one can use _any_ part of the radio spectrum provided that transmitters are:
1) Not more powerful than 2mWt.
2) Strictly for indoor use.
3) Do not interfere with licensed spectrum users.

So one can play with SDRs freely, provided that one doesn't cause problems for other users. But the moment you try to use your phone at full power outside of a builing you have to have a license.

And licensing requirements are applied to the whole software+hardware package. So even if you manage to license a GSM board based on the free software, the moment you make a modification in its software - you have to go through the whole process of obtaining a license again.

This situation is definitely not ideal, but I personally don't see an easy way out of it. Allowing uncontrolled use of GSM spectrum is not a good idea, IMO.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 12:19 UTC (Fri) by josh (subscriber, #17465) [Link]

That would still allow a FOSS GSM stack, it would just lead to some legal problems when trying to use a modified version in that particular regulatory environment. Better than nothing.

Also, what do the regulations say that implies "whole software+hardware package"? A naive wording would prohibit most smartphones (since people can install apps on them), and an only slightly less naive wording would force vendors to re-license their devices with every over-the-air upgrade to the firmware (such as a new Android version or system software).

(Also, you can support FOSS without necessarily allowing "uncontrolled use of GSM spectrum"; just hold end-users responsible for their own devices. And honestly, I suspect a simple "don't jam other users" would suffice for regulation; self-regulation would handle the rest quite nicely, just like it does for many other regions of the spectrum.)

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 12:46 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

>That would still allow a FOSS GSM stack, it would just lead to some legal problems when trying to use a modified version in that particular regulatory environment. Better than nothing.

I don't really see a point. What use is FOSS if you are not allowed to modify it?

>Also, what do the regulations say that implies "whole software+hardware package"? A naive wording would prohibit most smartphones

Nope. Most (all?) current smartphones have a discrete GSM chip, which is controlled using a special serial interface. So licensing requirements stop at the interface between this chip and the main CPU of the smartphone.

But it's actually an interesting topic. CyanogenMod has recently been forced to pull support for Samsung Galaxy S Vibrant because of problems with 911 service (some problems with audio routing). AFAIR, it's flat out illegal to operate a phone incapable of calling 911.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 13:18 UTC (Fri) by josh (subscriber, #17465) [Link]

> I don't really see a point. What use is FOSS if you are not allowed to modify it?

Not everyone lives in Ukraine, and regulations vary by country. You can modify the software all you like; the regulations in your local jurisdiction may cause problems for you when trying to use your modified version, but you'd have the same problems if you wrote the software from scratch. Either way, the bug lies in the regulations, not the software or its license.

The situation seems nearly identical to that of FOSS which implements technology covered by bogus software patents in countries where those patents apply, or FOSS cryptography software in countries that regulate cryptography, or any other software that the local jurisdiction attempts to regulate. In all of those cases the bug lies in the regulations, not the software.

> Nope. Most (all?) current smartphones have a discrete GSM chip, which is controlled using a special serial interface. So licensing requirements stop at the interface between this chip and the main CPU of the smartphone.

Again, I'd want to know the details of the regulations in question, because this seems like an ideal time to take advantage of the *letter* of the law.

For example, consider the existing wifi regulatory framework in the Linux kernel, which relies on a cryptographically signed but otherwise entirely transparent list of acceptable frequencies, power levels, etc. Anyone could trivially modify the kernel to ignore the signature or use a different key, but that mechanism still satisfies various regulatory agencies.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 15:47 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

>Not everyone lives in Ukraine, and regulations vary by country.

There are similar laws in Russia (and probably the rest of the xUSSR) and I bet that they are similar in most of the other countries.

>You can modify the software all you like; the regulations in your local jurisdiction may cause problems for you when trying to use your modified version, but you'd have the same problems if you wrote the software from scratch.

Of course. But then we have a problem - FOSS is so powerful exactly because everybody is allowed to modify it. What use is FOSS to me if I'm not allowed to actually use it?

>The situation seems nearly identical to that of FOSS which implements technology covered by bogus software patents in countries where those patents apply, or FOSS cryptography software in countries that regulate cryptography, or any other software that the local jurisdiction attempts to regulate. In all of those cases the bug lies in the regulations, not the software.

As I've said, the need to protect the GSM spectrum is very real. It's absolutely possible for bad devices to interfere with other nodes. Imagine a nightmare scenario - you are trying to call 911 but your neighbor's misbehaving GSM phone interferes with your call and makes it disconnect immediately.

Would you (as a user of a FOSS GSM stack) agree to be liable for damages in this case? I don't think so.

That's the main difference between cryptography/patents and GSM spectrum. In case of the radio spectrum governments regulate the use of a scarce resource which has to be somehow regulated to remain useful.

Besides, a lot of operators' GSM equipment is not terribly secure and can be crashed by bad GSM stacks.

>Again, I'd want to know the details of the regulations in question, because this seems like an ideal time to take advantage of the *letter* of the law.

Russian regulations are in Russian, obviously. But I can try to find relevant FCC regulations, I don't think they are much different.

>For example, consider the existing wifi regulatory framework in the Linux kernel, which relies on a cryptographically signed but otherwise entirely transparent list of acceptable frequencies, power levels, etc. Anyone could trivially modify the kernel to ignore the signature or use a different key, but that mechanism still satisfies various regulatory agencies.

Nobody cares about WiFi spectrum. It's a junkyard in any case.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 18:52 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

> Nobody cares about WiFi spectrum. It's a junkyard in any case.

you are missing the point, if you change the list of frequencies that the kernel will use, you are no longer operating in the WiFi spectrum for that country, so this is the exact same situation.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 19:02 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

Nope, I'm not missing it. The whole area around the WiFi spectrum is one big junkyard (that's why WiFi uses it), a couple extra channels don't matter that much.

GSM spectrum has to be carefully guarded. It's quite easy to make it unusable by having a lot relatively high-powered (2 watt) cell phone radios interfering with each other.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 21:43 UTC (Fri) by josh (subscriber, #17465) [Link]

If GSM radios fail to work just because one device doesn't play nice, the network has fundamental flaws to begin with. Nothing short of broadband noise (active jamming) should prevent a properly designed radio protocol from operating, and it seems simple enough for regulations to say "don't spew noise". Anything more than that just compensates for vulnerabilities in a badly designed protocol.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 31, 2011 11:06 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

Duh. GSM has quite a lot of fundamental flaws.

Designing a radio network resilient against malicious interference is definitely not easy. Especially if it's a TDMA network like GSM. Your signal can be quite easily suppressed by a phone which is closer to a base station, it's pure physics and there's nothing you really can do about it.

CDMA networks are more resilient by design (since they use spread-spectrum encoding).

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 5, 2012 14:44 UTC (Thu) by yaap (subscriber, #71398) [Link]

I generally agree and support all what you say. Only exception is on the last point:

> CDMA networks are more resilient by design (since they use spread-spectrum encoding).

Actually CDMA network are extremely sensitive to power control, much more than GSM for example. A device transmitting too loud can badly degrade the capacity of a cell.

As you say, it's all physics in the end, and very hard engineering. All communication systems, whether 2G, 3G of 4G (either LTE or WiMAX), in order to maximize the system capacity and make it workable need to have properly behaving devices. Devices that do proper time, frequency and power control for sure, these are the key point to make sure a device will not degrade other devices experience.

To support your point: ensuring this is tricky, and that's why many countries (at least in Europe) requires a device to have passed a suitable certification program to be used on mobile communication bands. Look for "GCF" as the key example for 3GPP standards. Using a non-certified device is simply illegal.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 3, 2012 19:49 UTC (Tue) by lambda (subscriber, #40735) [Link]

> There are similar laws in Russia (and probably the rest of the xUSSR) and I bet that they are similar in most of the other countries.

Yes, but the specific frequencies are different in different countries. If the reason that my phone is restricted from using some particular frequency bands is because of the country I'm in, and I go to another country, then there may no longer be such a restriction, and I may want to modify my device to use the frequency bands allowed in the new country (and possibly turn off support for some bands not allowed in the new country).

> Of course. But then we have a problem - FOSS is so powerful exactly because everybody is allowed to modify it. What use is FOSS to me if I'm not allowed to actually use it?

There are plenty of other things that you could modify about your GSM stack than the frequencies you transmit on. For instance, if there are security vulnerabilities, you could patch those. Or maybe you wanted to get detailed network diagnostics, to track problems you're having with the network or map out various network related information. And as I point out above, there are perfectly valid and legal reasons you may want to switch which frequencies you use.

I think that the legal restrictions argument is a red herring. It isn't hard to provide free software that, by default, can only use legally allowed frequencies, but which with a recompile could be made to use other frequencies. There are some legal reasons you may want to do this, and there are reasons besides wanting to do this that you may want to modify the software. I have yet to hear of anyone who writes software defined radio software, or releases SDR hardware, being arrested because they make hardware that it is possible to break the law with.

This argument, that we shouldn't make the code free because someone *could* break the law with it is poor reasoning. Should we ban knives, because someone could break the law with them? If we do, how will you cut up your food? Should we ban cars, or require them all to have tamperproof speed limiter chips, because someone could break the law by driving too fast? Why is it necessary to enforce this law by limiting legitimate user freedoms, when an appropriate safety mechanism could prevent them from inadvertently breaking the law while giving them the freedom to use and improve their own hardware in ways that they choose?

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 4, 2012 3:52 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

You don't get it.

In a lot of countries it's ILLEGAL to use uncertified GSM stacks (hardware+software). As simple as that. You can certify OpenSource code, probably. But the moment you make a modification (even to close a security hole) you'll have to re-certify it again which kinda beats all the advantages of OpenSource.

>This argument, that we shouldn't make the code free because someone *could* break the law with it is poor reasoning. Should we ban knives, because someone could break the law with them?

The problem is, if you cut yourself with a knife - you only cut yourself. A bad firmware can affect a lot of people around you.

That's why we generally don't allow private persons to own nuclear arms.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 4, 2012 6:22 UTC (Wed) by lambda (subscriber, #40735) [Link]

> In a lot of countries it's ILLEGAL to use uncertified GSM stacks (hardware+software). As simple as that. You can certify OpenSource code, probably. But the moment you make a modification (even to close a security hole) you'll have to re-certify it again which kinda beats all the advantages of OpenSource.

Do you have a citation for this claim? That seems farfetched to me. I can believe that it is illegal to *sell* uncertified stacks (hardware+software), and I can believe that it's illegal to *use* anything that uses the wrong frequencies, for whatever reason. But I would be hard pressed to imagine a law that forbid you, personally, from creating and using a stack (possibly by modifying the software) that was not certified, which still met all of the frequency and signal strength requirements. If that were the case, then it would be illegal to develop GSM stacks, as you would never be able to test and debug them before certifying them.

Furthermore, even if it is, technically, illegal, in certain jurisdictions, how would anyone know? If it meets all of the requirements and doesn't interfere with the network, who would ever notice?

> The problem is, if you cut yourself with a knife - you only cut yourself. A bad firmware can affect a lot of people around you.

And with a knife, you can also affect a lot of people around you, by stabbing them or mugging them. Knives are plenty dangerous; probably more dangerous than rogue GSM devices, which, if the networks are at all responsible, could at most create a temporary denial of service for a service that we've managed to live without up until a dozen or so years ago.

> That's why we generally don't allow private persons to own nuclear arms.

Are you seriously trying to compare a rogue GSM transmitter with a nuclear weapon?

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 4, 2012 11:12 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

>Do you have a citation for this claim? That seems farfetched to me.

Yes. I'll use Russia as an example:
1) "Communication regulations law" states (41, F3) that mobile devices must be certified (have a "certificate of correspondence" [to the terms of the regulations]) for use if their owner doesn't have a personal license for radio frequency: http://www.zakonrf.info/zosvyazi/41/

2) There's even a special provision which allows manufacturers to re-declare devices as compatible in case of software changes (by notifying the regulator and paying a fee for registration).

3) "Radioelectronic device" refers to a device _and_ its software as a whole.

>Furthermore, even if it is, technically, illegal, in certain jurisdictions, how would anyone know? If it meets all of the requirements and doesn't interfere with the network, who would ever notice?

Yes, there's that. It's a bit like crypto export laws in the US back in 90-s - there was no way to enforce them but they still made a lot of projects impossible.

>And with a knife, you can also affect a lot of people around you, by stabbing them or mugging them. Knives are plenty dangerous; probably more dangerous than rogue GSM devices, which, if the networks are at all responsible, could at most create a temporary denial of service for a service that we've managed to live without up until a dozen or so years ago.

That has been before people started to rely on mobile phones for 911 and other emergency services. I don't even _have_ a fixed-line phone anymore, for example.

So yes, I think that something that has a very real potential to disrupt an important service should be controlled somehow.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 4, 2012 18:29 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]

> So yes, I think that something that has a very real potential to disrupt an important service should be controlled somehow.

by this argument you end up controlling just about everything.

shovels have the ability to cause major disruption to major services (just dig in the wrong place and cut fiber, ever hear of a 'backhoe outage'?)

at some point you need to hold people responsible for doing the disruption (and account for true accidents) rather than trying to outlaw every possible means of disruption.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 5, 2012 14:55 UTC (Thu) by yaap (subscriber, #71398) [Link]

With the knife example above, it's obvious when you create a problem.

With the shovel problem you mention, it may not be so obvious you create a big problem. A cable is a cable, it's not necessarily obvious what will be the consequence of a bad shovel move cutting a cable. But it's rare, and easy to detect and locate.

With telecommunications, it's hard to realize you're creating a problem in the first place. And it's very hard to pin-point and solve. Hence the strict laws to prevent the issue in the first place.

As an example of how easy it is to be a problem without realizing it. There was an article in LWN (too lazy to track the ref...) about guys doing a free software 2G stack. They were quoted saying that they just did tests with the transmit power stuck at the maximum because it was easier (yes, AGC is tricky). And they were doing the tests on a live network.
Does this mean anything to you? Well, to a telecom engineer this is pure evil incarnate. You just don't mess with power, and don't create interference in neighboring cells and being a nuisance for all but yourself.

People expert in one field tend to consider themselves good in other fields, particularly if they're both technical. And when you're new to something, many times things seem simpler than they are just because you don't even realize the problems lurking behind the surface. One has to be very careful when dealing with telecommunications not to be bitten by this. It's a very complex domain, no person can cover it all actually.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 5, 2012 16:50 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

Well, shovels that can do real accidental damage (yes, they're called 'backhoes') are actually licensed. So your example is quite good, in fact.

You have to have a special license to operate a backhoe (at least in my country) and you also have to get a work permit to dig at a public territory.

Phones are like backhoes - they have real potential to cause disruptions in public networks and so they are regulated. It's just that regulation framework for mobile phones is quite well designed so it's essentially invisible for end-users.

>at some point you need to hold people responsible for doing the disruption (and account for true accidents) rather than trying to outlaw every possible means of disruption.

Let me quote the GPL for you:

>IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Do you agree as a GSM stack developer to be liable for disruptions (up to and including loss of life) caused by the code you distribute? If the answer is 'yes' then how this liability is going to be enforced?

IMO, the answer to this problem should lie in well-defined interfaces (hardware and software) between radiomodems and the rest of the device.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 5, 2012 17:37 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

In the US you do not need any license to use a backhoe

Sorry, but this just not true...

Posted Jan 5, 2012 18:41 UTC (Thu) by khim (subscriber, #9252) [Link]

Most (all?) states require at least heavy equipment operator license and Class A of CDL. Some have specialized license for backhoes.

People like to pretend that all these licenses and permits are problems of the "Old World" and in a brave new "Free World" you can do whatever you want whenever you want, but it may surprise you if you'll actually try to dig deeper and see how many things require a license in US.

Sorry, but this just not true...

Posted Jan 5, 2012 19:02 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

it depends on what you are doing. you can go down to the local rental yard and rent a small backhoe (plenty large enough to cut cables) with no special license needed.

If you are going to be employed running a backhoe, and especially if you are going to drive one on public streets, then the licensing that you are talking about will come into play.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 4, 2012 18:26 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]

I don't agree with the idea that it's illegal to modify a certified stack, but I will say that there are lots of different types of certification.

With some types of certification the manufacturer certifies that the device meets specific specs, and it's not legal to use any devices that don't have this certification. This doesn't mean that the device can't be modified, just that use outside the certified specs is not certified (and therefor may not be legal, depending on what licensing you have)

an example of this is 'type accepted' 2-way radios where the manufacturer certifies that on <this> range of frequencies the performance of the radio is <this>. If the radio gets modified to operate outside of that range of frequencies, the manufacturer makes no certification of the performance, and so it may not be legal to use it (even if you have a valid license to transmit on the new frequency)

However, the types of things that the FCC (in the US, similar organizations in other countries) are concerned about are things like power level, frequency stability, how clean the signal is, modulation type, etc. not how well it complies with encryption standards or if it waits it's 'turn' properly.

We have seen several examples of regulated 'transmissions' be able to be performed by certified open source code. I think the first example was the ISDN code in Linux and it's need to be certified for use in several countries, but there have been several others over the years. I really don't see GSM from being any different. The fact that Harold Weite has been able to get licenses to setup a cell tower for testing use running on completely opensource code is a good indicator that there is a path open here.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 5, 2012 15:13 UTC (Thu) by yaap (subscriber, #71398) [Link]

> The fact that Harold Weite has been able to get licenses to setup a cell tower for testing use running on completely opensource code is a good indicator that there is a path open here.

It's rather easy to get a license for testing purposes of network devices. But it usually come with string attached. Typically indoor use, with limited power. I have several such tests system in the building I'm in for example.

For devices, it's a different story. If it's on a dedicated test network it's fine, but such tests are usually driven by certification authorities and not widely open.

If it's with a test (or hacked) devices in an operational network, it's very hard and you can only get the authorization from the operator. Who will never give it without some pre-certification (to make sure the device is at least nor harmful). With the cost involved, it's only for business reasons.

Otherwise, in Europe for 3GPP standards and in most countries a device must at least be GCF certified to be legally used (http://www.globalcertificationforum.org).
The GCF certification only is actually quite open, as the operator has no say: it can't refuse a certified device. In other places it's different. In the US you need the operator approval for the big guys for example.
The GCF certification covers both hardware and firmware, with the software version locked. You can have reduced testing for small changes, with justification.
The cost of certification is such that only a business can afford it. First, in order to pass in a reasonable time and cost envelope, you must be able to pre-certify in your own lab with a good coverage. This is already hundreds of k€ minimum (in the millions more typical). Then you have to pay the certification lab.
It's an expensive business, because there's a lot of work. But it's not "locked" in Europe at least: anyone with deep pockets could get its own custom device certified and legally use it. And all the specs are public at www.3gpp.org.
Now I'm not a lawier, so please don't ask me about law references.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Jan 5, 2012 16:05 UTC (Thu) by BenHutchings (subscriber, #37955) [Link]

For example, consider the existing wifi regulatory framework in the Linux kernel, which relies on a cryptographically signed but otherwise entirely transparent list of acceptable frequencies, power levels, etc.

The kernel doesn't even do that. The regulatory agent (crda) checks the signature on the file before passing the requested information to the kernel. Any programmer should find it quite easy to rebuild the database and install the public key used for the signature as trusted. Similarly it would probably be easy to modify the kernel's regulatory framework to allow all frequencies and power levels. But it's obviously not as simple as flipping a switch.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 18:47 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

the 'clip off one component' radios are the solution to the regulation problem. They are considered non-trivial to modify. prior to the regulations going into place, similar radios were either wide open, or just had a menu item to unlock them.

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 30, 2011 22:43 UTC (Fri) by Kensan (subscriber, #52930) [Link]

This mail on the Osmocom BB mailing list is Harald Welte's take on the issue: http://lists.osmocom.org/pipermail/baseband-devel/2011-De...

28C3: New attacks on GSM mobiles and security measures shown (The H)

Posted Dec 31, 2011 11:08 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

So, basically:
1) Existing licensed devices can be used.
2) Software in itself is not a device.
3) Software + device probably need to be certified.
4) The legality of end-user use of a modified firmware is unknown.

That's not that different from what I've said.