[liberationtech] Open-source GSM network update

Mon Jun 20 14:27:18 PDT 2011

On 06/20/2011 02:13 PM, Katrin Verclas wrote:
> Hi all - 
>
> Following on the discussions on mesh networks, let me update you all on a little experiment we did on a rooftop in NYC (in a non-descript building - we all seem to have a knack for those). 

Indeed we do. :)

>  See below for the short overview. We'll be writing mre on this,

Thanks for the update. Look forward to finding out more.

>  as well as setting up a network simulator in our Open Mobile Lab in NYC to test certain aspects further.

Nice. You guys have a faraday cage?

>   But, alas - we might just have a GSM network in a box at some point : ) 

That would be great.

> Last week, the SaferMobile team (MobileActive.org, together with the GuardianProject), as part of a semi-private hackday with members of the UC Berkeley TIER Group,

Very happy you guys are working together. I know TIER was attempting to
do a state side GSM deployment. I should reach out to my contacts at
TIER again. Been a while.

>  set up an USRP (software radio) open hardware box running the OpenBTS GSM base station sotware. With this, we could run our own very VERY low power GSM network (10m range?) on the 900mhz frequency.

Cool.

> We  connected the network via USB to a netbook running Freeswitch, an open-source PBX/phone switch, much simple and more functional alternative to Asterisk. That netbook was then connected to a Buffalo router running the TorRouter firmware as built/flashed by Daniel Bryg of Access Now. 

Awesome. I love that combination. Very cool.

> At that point, Freeswitch was connecting out to the Internet over Tor, to reach our VoIP service provider. We then dialed a number on the sub-$30 USD GSM phone connected to our special private GSM network, and that call was routed out via Freeswitch over Tor. The receiving phone (running on a large US MNO), received a call, and it came through loud and clear.

That first phone call is always the most fun, isn't it? :D

> We were also testing a number of configurations, potential threats, exploits and applications of these tools,

Excellent! Please post more about these tests.

>  including running this entire setup over a BGAN satellite network, which also worked relatively well, though with a 5 second lag.

Yeah satellite back haul is always painful. But sometimes it's all you
have.

> In the end, by adding Tor into this mix, we provided a means for the connection between our PBX and the VoIP provider to be protected, anonymized and circumvention-enabled, such that we can better protect deployments of PBXs in regions where crackdown on non-state approved telecommunications systems may be happening.

Indeed. This is awesome. How would one get involved with this project?
Mailing list? Forum? Blog? Private e-mail? Let me know. I've got a
special place in my heart for OpenBTS+TIER+Stateside gsm
experimentation. :)