OpenBSC: A tool for GSM protocol level security analysis of mobile phones

By: Harald Welte[1]

The OpenBSC project[2] is a Free Software implementation of the minimal
neccessarry elements to operate a GSM network.  It includes the functionality
typically performed by the Base Station Controller (BSC), Mobile Switching
Center (MSC), Home Location Register (HLR), SMS Switching Center (SMSC) and
others.  Using OpenBSC and a commercially available BTS (Base Transceiver
Station), it is possible to operate a completely indpendent GSM network.

Running your own GSM network will enable you to take full control over
every protocol message that is exchanged with the mobile phone.  Suddenly,
it is possible to send arbitrarily crafted and corrupted messages to the
various layers of the GSM protocol stack inside the phone.  Attacks can
be performed that so far only cellphone manufacturers or network operators
could implement.

In 2010, it is finally time for GSM mobile phones to see the kind of
protocol-level attacks that TCP/IP has seen at least a decade ago.

[1] http://laforge.gnumonks.org/
[2] http://openbsc.gnumonks.org/