On 29.03.2014, at 02:18 , Clochix <[email protected]> wrote: > So I was wondering if we couldn’t use our database to enforce users > security, by warning them if the phone connects to an unknown cell > (hoping the malicious modems don’t spoof the currently available cell > id). For example, the cell could ask our database the list of known > cells around it’s current position, and warn when it connect to an unknown > cell).
GSM security is unfortunately not very well documented, as all the standards and algorithms are secret. Based on what I know of documented attacks against GSM, it seems that it’s rather easy to impersonate a GSM base station. To my knowledge there is nothing that prevents anyone to set up a fake base station with a valid cell id for a particular area. As long as that person emits a stronger signal than the real base station, it should be possible to shadow the real one. I’m not sure if current spammers actually do this, but I don’t think there’s anything that would prevent them from doing so. For increasing GSM security, carriers should switch to more modern ciphers like A5/3 (http://en.wikipedia.org/wiki/KASUMI). One other avenue might be to warn users if the network disables encryption. It seems many fake base stations force the handsets into A5/0 mode. As the choice of the encryption standard is up to the base station, the handset itself will happily comply. But that is a discussion better suited for https://lists.mozilla.org/listinfo/dev-security :) Hanno _______________________________________________ dev-geolocation mailing list [email protected] https://lists.mozilla.org/listinfo/dev-geolocation
