28C3: New attacks on GSM mobiles and security measures shown (The H)
Posted Jan 5, 2012 16:05 UTC (Thu) by BenHutchings
In reply to: 28C3: New attacks on GSM mobiles and security measures shown (The H)
Parent article: 28C3: New attacks on GSM mobiles and security measures shown (The H)
For example, consider the existing wifi regulatory framework in the Linux kernel, which relies on a cryptographically signed but otherwise entirely transparent list of acceptable frequencies, power levels, etc.
The kernel doesn't even do that. The regulatory agent (crda) checks the signature on the file before passing the requested information to the kernel. Any programmer should find it quite easy to rebuild the database and install the public key used for the signature as trusted. Similarly it would probably be easy to modify the kernel's regulatory framework to allow all frequencies and power levels. But it's obviously not as simple as flipping a switch.
to post comments)