security.osmocom.org - Mobile (in)security
This website is intended to collect information about publicly-known security issues and other bugs of mobile communications systems, with a particular focus on the 3GPP-specified protocol layers of GSM, GPRS, EDGE and WCDMA(UMTS). We collect informationon issues at any protocol layer and at any of the interfaces, i.e. the Um air interface just as well as A-bis, A, IuB, C or any of the SS7/MAP/TCAP based core network interfaces.
The issues can roughly be divided in
- Specification Issues, which are problems resulting from how the specification is written. Thus, all implementations will exhibit the same problem, as long as they are compliant with the specification
- Implementation Issues, which are problems resulting from how a given standard/protocol is implemented by a given vendor/manufacturer.
The intention of this project is to bring more public awareness to the security issues of mobile communications. Compared with the IT security community of the Internet, the mobile world has a lack of security culture, and particularly a lack of public disclosure processes. Also, we see many self-proclaimed mobile security experts abusing their power from knowing about issues that have never been properly publicly disclosed. We want to bring more transparency into this field.
- List of currently-known issues
- Will my phone show an unencrypted connection by displaying a ciphering indicatior?
- A52_Withdrawal -- a brief history on how A5/2 was withdrawn and how long it took.
- GSMA_Security_Group -- some of the little public information that we found about the GSMA Security Group
- Ericsson_Minilink -- some information we gathered about a popular microwave backhaul system
For a complete list of local wiki pages, see TitleIndex.