The base technology of most cell phone networks in the world – GSM – has been known to be weak for years. Consequently, standardization bodies and equipment manufacturers have invented and implemented security features to protect cell phone users from simple attacks.
Mobile network operators must now implement these security features. To publicly track the (currently slow) progress of security upgrading is publicly tracked by us to allow users to choose the highest (that is: least bad) protection in their market.
The level of security upgrades and configuration is continuously tracked at gsmmap.org based on data contributions from all over the world (please refer to this tutorial for a simple way to contribute data).
Each network’s protection capabilities are tracked in three dimensions:
As of May 2012, a little over 100 networks were mapped on gsmmap.org. Surprisingly few implement protection measures that have been known for years. Three of the many measures tracked would defeat most simple attacks:
The GSM security map compares each network against a reference defined as a network that implements all protection measures that have been seen “in the wild”. The reference is regularly updated to reflect new protection ideas becoming commercially available. Networks, therefore, have to improve continuously to maintain their score, just as hackers are continuously improving their capabilities to circumvent protections.
The main protection features of the reference network 2.0 of June 2012 are: A5/3 encryption, padding randomization, full authentication for outgoing calls and SMS, regular TMSI updates, and Home Routing.