Project

General

Profile

Actions

ProjectRationale » History » Revision 1

Revision 1/5 | Next »
laforge, 02/19/2016 10:48 PM
start a page explainig what we do and why we do it


= Project Rationale =

Why?
Why on earth would somebody want (to write) an open source GSM stack for a GSM baseband chip?

There's many answers to this question. The first and obvious: Because we can. However,
looking more deeper, there are many good reasons for an Open Source GSM baseband firmware:

=== Security of an always-connected device in a public network ===
Every mobile device that is connected to a cellular network runs some kind of baseband
processor with highly proprietary and closed-source firmware.

Any reasonably complex software has bugs, and a number of them will be security relevant
and might get exploited.

As we know from more than a decade of security nightmares on the Internet: Open Source
projects provide a much higher level of security, as more eyes review the code and
security related bugs get fixed almost immediately. An update is released, and that
particular security issue is closed.

Most people understand that connecting an unprotected PC to a public network like
the internet is dangerous. People use personal or dedicated firewalls, application
level gateways, virus scanners and other technology to protect their PC.

But what about the mobile phone, particularly the baseband processor? It is permanently
attached to a public network, in most cases there is no proper incident response management
and not even a clean way how bugs in that software can be updated quickly, as device
manufacturers rarely release firmware update, publish security advisories or any of
that sort.

The security situation becomes even worse when looking at the software architecture in
those baseband chips. They often run the entire software stack in supervisor mode,
without any software protection. There are no non-executable pages, there's no
stack protection, etc. The UI and the protocol stack run in one shared address
space with no privilege separation.

The only companies who have access to the baesband firmware source code have no
interest in improving this situation. So the logical conclusion is to form an
Open Source project that can try to improve the situation

Files (0)

Updated by laforge about 8 years ago · 1 revisions

Add picture from clipboard (Maximum size: 48.8 MB)