OsmocomBB: Sending arbitrary protocol data to GSM networks
Abstract
So far, lower-level protocol attacks against GSM networks were not
feasible due to lack of a usable simple GSM "transceiver": Something
that implements the physical layer operations like [de]modulation,
[de]scrambling, [de]multiplexing, but provides the ability to send
and receive raw data at the lowest possible layer in the protocol
stack.
In January 2010, after working about 18 months on a network-side GSM
protocol implementation OpenBSC, the speaker has started a project to write a
custom open source firmware for GSM baseband processors called OsmocomBB.
Using this software, it is possible to turn innocent mobile phones into a
protocol and protocol security analysis tool.
Suddenly, you can send hand-crafted packets on all the various GSM protocol
layers, and thus target all functional elements in a GSM network: Base
Transceiver Sation, Base Station Controller, Mobile Switching Center, ...
References:
http://bb.osmocom.org/
http://laforge.gnumonks.org/papers/gsm_phone-anatomy-latest.pdf
http://openbsc.gnumonks.org/
Harald Welte
|