How free is my phone?
By Andrew Back
A deep dive into the innards of a typical mobile phone and how little you know about what's going on inside, even when there's an open source operating system running on it.
You might think that your phone is open, but even Android, Tizen and Firefox OS all depend upon highly proprietary code bases for making telephone calls and transferring data. When it comes to these fundamental capabilities, the open source part of a mobile software stack is only the tip of the iceberg, and behind APIs and simple interfaces for voice, SMS and data lies the technology that makes wireless communications possible – and it's far from being open source.
First generation (1G) mobile telephone systems were reasonably simple and made use of frequency modulation (FM) – as used by broadcast radio – for carrying voice calls. This is why people could easily eavesdrop by using receivers known as "scanners". But things got an awful lot more complicated with the arrival of GSM, where all traffic is digital and gets encrypted and multiplexed before being transmitted on a radio carrier which can rapidly hop from one frequency to another.
Thanks to the increased complexity of GSM and later 3G systems we enjoy much improved call quality, higher capacity networks, some measure of privacy, and broadband data services – to name just a few benefits. But these don't come without a price and this means putting your faith in a formidable slice of proprietary tech that is built upon arcane, and in parts restricted, standards.
Where the smartphone operating system provides the user interface, the behind-the-scenes communications heavy lifting gets done by "baseband" firmware that is off-limits to developers and which typically runs in isolation on a second processor. The interface between this and the smartphone OS may then be provided by something as simple as a serial port and Hayes commands that enable calls to be set up and cleared, and text messages sent and received, etc.
It is this baseband firmware that is responsible for controlling the phone's radio transceiver, carrying out digital signal processing (DSP) and implementing the GSM or 3G protocol stack. This is no mean feat and involves complex modulation schemes, multiple layers of time division multiplex (TDM), high accuracy network timing, cryptography for authentication and encryption, and many other often-used-but-rarely-considered features that make mobile telephony work.
Impressive as baseband firmware is, its opaque nature presents us with certain problems.
The freedom to secure
There are many reasons why transparency is highly desirable when it comes to the technology that powers global communications networks, but perhaps the biggest has to be security. And while GSM remained largely secure – insofar as we know – for much of its early life, the GSM Association's security-by-obscurity strategy of restricting access to details of the A5/1 encryption algorithm ultimately didn't work out. This was reverse engineered in 1999, and over the years researchers have discovered lower cost and increasingly effective cryptographic attacks.
As if it were not bad enough that a PC with a powerful GPU can now break GSM encryption within a few seconds, it turns out that certain critical network operations are not authenticated, leaving handsets wide open to denial-of-service and man-in-the-middle attacks.
Open source baseband firmware would perhaps offer the hope of addressing some of these security shortcomings. As, even where a fix is near impossible due to a fundamental flaw in the GSM specifications, it should at least be possible to have firmware raise the alarm when something doesn't look right. Contrast this with the current situation where firmware can leave subscribers oblivious to the network taking it upon itself to downgrade or completely turn off call encryption.