Hi, On Sat, Mar 29, 2014 at 10:25:23AM -0700, Hanno Schlichting wrote: > GSM security is unfortunately not very well documented, as all the > standards and algorithms are secret. > > Based on what I know of documented attacks against GSM, it seems that > it’s rather easy to impersonate a GSM base station. To my knowledge > there is nothing that prevents anyone to set up a fake base station > with a valid cell id for a particular area. As long as that person > emits a stronger signal than the real base station, it should be > possible to shadow the real one. > > I’m not sure if current spammers actually do this, but I don’t think > there’s anything that would prevent them from doing so. For increasing > GSM security, carriers should switch to more modern ciphers like A5/3 > (http://en.wikipedia.org/wiki/KASUMI).
IMSI Catchers as the spamming worked from what i understood are completely unrelated to cipher like A/3. Basically you come up as a cell in vicinity of the phone which has the strongest signal. So Handsets will try to register to your network. The Network will not authenticated against the phone but only the other way round. So as long as the "fake network" allows foreign phones to register you basically suck in all phones in your neighbourhood. Once they are registered to your network you may intercept traffic or even spam the phones. > One other avenue might be to warn users if the network disables > encryption. It seems many fake base stations force the handsets into > A5/0 mode. As the choice of the encryption standard is up to the base > station, the handset itself will happily comply. But that is a > discussion better suited for > https://lists.mozilla.org/listinfo/dev-security :) Coming back to the idea to increase GSM security by only trying to register to "known cells". In theory this should be possible but the amount of GSM cellids are enormous. Another thing is that on todays smartphone the baseband is doing cell handover on its own without interaction to your android application processor. So you could display a warning to the user but you would probably not be able to prevent registering to the fake cell. Flo -- Florian Lohoff [email protected]
signature.asc
Description: Digital signature
_______________________________________________ dev-geolocation mailing list [email protected] https://lists.mozilla.org/listinfo/dev-geolocation
