lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 10 Dec 2013 10:43:51 -0800
From: Sean Lynch <seanl@...erati.org>
To: Anonymous <nobody@...ailer.paranoici.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Open phones for privacy/anonymity
	applications, Guardian

On Sun, Dec 08 2013, Anonymous wrote:

>> > GSM firmware is still not open-source though (as that would make
>> > phone not suitable for legal usage in USA)

>> I'd like to see a law link that says you cannot legally use your own
>> open source GSM compliant stack to communicate over a GSM network.

> Since the GSM f/w controls a radio, and thus the power, it may need a
> FCC certification.  In which case you would need someone to finance
> the certification every time a new version of the Gnu firmware is
> released (FSF perhaps?).

You cannot sell a radio into the consumer market that's easily modified
to operate outside its certification. This has been the major stumbling
block preventing fully open source wifi drivers for Atheros chips - the
power and frequency can be set arbitrarily by the driver. Forget doing
this in any legal fashion, because the law in most countries doesn't let
consumers have the ability to operate radios outside of their
certification limits, and there are no GSM radios that I'm aware of that
enforce these limits in hardware.

On the other hand, and seemingly contradicting what I just said, cheap
software-defined radios such as the HackRF are coming onto the
market. My suspicion is that the legislation simply hasn't caught up to
this reality yet and that these will become difficult to obtain. But
that will quickly become irrelevant, because they are open source
designs, so anyone will be able to build one. The most challenging part
will likely be the RF transmission components, which are generally
integrated blocks and will probably also end up being controlled. Good
luck trying to stop these from getting shipped into the US from China,
though.

It's still pretty easy for consumers to get their hands on ham radios
because widespread abuse has never been a problem. If open source GSM
remains in the hands of a few experimenters, we're probably safe. But if
it ever starts getting used on a large scale, I would expect to see
legislation trying to restrict access to the components. Perhaps by then
it will be too late, though.

I'd say our best bet is definitely cheap SDR peripherals like HackRF,
though. Dedicated GSM chipsets are a pipe dream if you want transparency
and control. 

-- 
Sean Richard Lynch <seanl@...erati.org>
http://www.literati.org/~seanl/

Download attachment "signature.asc" of type "application/pgp-signature" (836 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ