Overall security review of GSM infrastructure. presented at BlackHatAsia 2001

by Emmanuel Gadaix,

Summary : There are an estimated 100 million of users of the Internet after more than 20 years of existence. This unprecedented growth is only beaten by GSM, whose user base is estimated at 500 million users, less than 10 years after its conception. Although GSM has been designed with security in mind (as opposed to early cellular systems), there are a number of issues that surround its various components, from the user terminal (handset) to the network infrastructure implemented by operators. Upcoming 3G technologies promise us broadband multimedia, always-on 2 Mbit/s connections, a whole range of interactive services and complete integration with the Internet. This can only mean increased security concerns, for both users and operators. The presentation will focus on issues that operators are facing, or will face soon. The traditional head-in-the-sand approach of most telcos, particularly in GSM when time-to-market constraints are paramount, will certainly not be able to stand the upcoming integration with the Internet and its legions of hackers.