Profile - Mobile (in)security

This website is intended to collect information about publicly-known security issues and other bugs of mobile communications systems, with a particular focus on the 3GPP-specified protocol layers of GSM, GPRS, EDGE and WCDMA. We collect informationon issues at any protocol layer and at any of the interfaces, i.e. the Um air interface just as well as A-bis, A, IuB, C or any of the SS7/MAP/TCAP based core network interfaces.

The issues can roughly be divided in
  • Specification Issues, which are problems resulting from how the specification is written.
    Thus, all implementations will exhibit the same problem, as long as they are compliant with the
  • Implementation Issues, which are problems resulting from how a given standard/protocol is
    implemented by a given vendor/manufacturer.

Many of those issues have been discovered by the Osmcocom developer team while working on software that is part of the Osmocom project, like OpenBSC, OsmocomBB, OsmoSGSN


The intention of this project is to bring more public awareness to the security issues of mobile communications. Compared with the IT security community of the Internet, the mobile world has a lack of security culture, and particularly a lack of public disclosure processes. Also, we see many self-proclaimed mobile security experts abusing their power from knowing about issues that have never been properly publicly disclosed. We want to bring more transparency into this field.



For a complete list of local wiki pages, see TitleIndex.