[Gsmmap] Is someone asking about GSM-R security in europe ?

Pedro Cabrera pedrocab at gmail.com
Thu Feb 5 13:08:03 CET 2015


Dear Karsten,

Yes, completely lack of both authentication and encryption in the GSM-R
network.

But reading the System Requirements Specs from EIREME, there are some
services using the GSM-R network, through SMS or calls, without further
application layers.

Also, some official documentation from train engine manufactures shows up a
feature for train engine models to be able to receive remote commands using
SMS.

You are right about these networks to carry M2M information and yes, it is
encrypted and authenticated.

I just wonder if this is just the case of my experience or other GSM-R
networks would have a better security.

Regards,
Pedro


2015-02-04 19:24 GMT+01:00 Karsten Nohl <nohl at srlabs.de>:

>  Dear Pedro,
>
>  How would you define a GSM-R insecurity? Are lack of encryption or
> authentication actual problems for train communication?
>
>  To my knowledge, the networks do carry M2M information that — at least
> in theory — should be encrypted and authenticated on the application layer.
>
>  Cheers,
>
>       -Karsten
>
>
>  On Feb 4, 2015, at 19:48 , Pedro Cabrera <pedrocab at gmail.com> wrote:
>
>  Hi Ralph,
>
>  I don't have official access, I’m a security researcher that sometimes I
> go out to capture what’s going on in the GSM networks.
>
>  It's pretty easy to find out on Google GSM-R agreements and tech
> documents with specifications (don't miss security points and their
> mandatory nature ...), also an interesting table with GSMR network
> providers per country.
>
>  I guess is out of scope for GSMmap.org to map this networks, but I find
> interesting to assess their security in comparison with the baseline
> established by SRlabs.
>
>  Regards,
> Pedro
>
>
> 2015-02-03 15:54 GMT+01:00 Ralph A. Schmid, dk5ras <ralph at schmid.xxx>:
>
>>  Do you have official access to those, or who could you find out? I am
>> also highly interested into this matter...
>>
>>
>>
>> Ralph.
>>
>>
>>
>> *From:* gsmmap-bounces at lists.srlabs.de [mailto:
>> gsmmap-bounces at lists.srlabs.de] *On Behalf Of *Pedro Cabrera
>> *Sent:* Tuesday, February 3, 2015 10:29 AM
>> *To:* gsmmap at lists.srlabs.de
>> *Subject:* [Gsmmap] Is someone asking about GSM-R security in europe ?
>>
>>
>>
>> Hello all,
>>
>>
>>
>> Are there plans to integrate in the GSMmap info about the GSM-Railway
>> networks ?
>>
>>
>>
>> The experience I have when taking a look to this network is horrible,
>> worst than comercial GSM networks (yes, it is possible...) in terms of
>> security.
>>
>>
>>
>> I'm interested to know if this is just my experience or someone else
>> found this kind of networks so out of the subject regarding security and
>> GSM.
>>
>>
>>
>> Thank you all,
>>
>> Pedro
>>
>
>  _______________________________________________
> Gsmmap mailing list
> Gsmmap at lists.srlabs.de
> https://lists.srlabs.de/cgi-bin/mailman/listinfo/gsmmap
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/gsmmap/attachments/20150205/7d9fd27c/attachment-0002.html>


More information about the Gsmmap mailing list