Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Open phones for privacy/anonymity applications, Guardian
From: Sean Lynch <seanl () literati org>
Date: Tue, 10 Dec 2013 10:43:51 -0800

On Sun, Dec 08 2013, Anonymous wrote:

GSM firmware is still not open-source though (as that would make
phone not suitable for legal usage in USA)

I'd like to see a law link that says you cannot legally use your own
open source GSM compliant stack to communicate over a GSM network.

Since the GSM f/w controls a radio, and thus the power, it may need a
FCC certification.  In which case you would need someone to finance
the certification every time a new version of the Gnu firmware is
released (FSF perhaps?).

You cannot sell a radio into the consumer market that's easily modified
to operate outside its certification. This has been the major stumbling
block preventing fully open source wifi drivers for Atheros chips - the
power and frequency can be set arbitrarily by the driver. Forget doing
this in any legal fashion, because the law in most countries doesn't let
consumers have the ability to operate radios outside of their
certification limits, and there are no GSM radios that I'm aware of that
enforce these limits in hardware.

On the other hand, and seemingly contradicting what I just said, cheap
software-defined radios such as the HackRF are coming onto the
market. My suspicion is that the legislation simply hasn't caught up to
this reality yet and that these will become difficult to obtain. But
that will quickly become irrelevant, because they are open source
designs, so anyone will be able to build one. The most challenging part
will likely be the RF transmission components, which are generally
integrated blocks and will probably also end up being controlled. Good
luck trying to stop these from getting shipped into the US from China,

It's still pretty easy for consumers to get their hands on ham radios
because widespread abuse has never been a problem. If open source GSM
remains in the hands of a few experimenters, we're probably safe. But if
it ever starts getting used on a large scale, I would expect to see
legislation trying to restrict access to the components. Perhaps by then
it will be too late, though.

I'd say our best bet is definitely cheap SDR peripherals like HackRF,
though. Dedicated GSM chipsets are a pipe dream if you want transparency
and control. 

Sean Richard Lynch <seanl () literati org>

Attachment: signature.asc

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]