~stef/blog/

Harald Welte megjelentette a HAR-on végzett GSM kisérlet eredményeit. A leglényegesebb eredmény szerintem az RRLP protokol problematikája:

Many modern smartphones with GPS receiver are rumoured to have support of the RRLP protocol. According to its specification, RRLP enables the netwokr (or anyone claiming to be the network) to obtain the current GPS fix of the MS without any form of authentication. The operators of the test network consider this a dagnerous feature of GSM networks and were intereted in determining if this protocol is actually implemented in real-world MS. Therefore, OpenBSC was extended to send a RRLP position request message every time a dedicated channel was established, e.g. at location update, mo/mt sms and mo/mt voice call establishment time. Implementation of this feature was only finished on the last day of the test, explaining the relatively little number of successful (and unsuccessful) RRLP requests. Result: RRLP is not just a theoretical feature specified in the GSM/3GPP specs. It is implemented by numerous high-end smartphones. There is no authentication of the network. There is no notification of the user. There is no way for the user to disable this [mis]feature. Impact: Public debate about this feature is needed. Operators probably need to consider working on a policiy for using this feature in their privacy policy.

Az RRLP protokol segítségével a hálózat-operátor pontosan le tudja kérdezni a készülékek pozicióját. A hálózat maga viszont nincs védve, így minimális befektetéssel, szinte bárki igen pontos nyomkövetést tud alkalmazni. Félelmetes.