Implications of Unlicensed Mobile Access (UMA) for GSM security

Despite its imperfections, GSM security has stood well the test of time. In part, this security success has relied on closed platforms that prevent the end-user from tampering with the GSM protocol stacks. While it is possible to build phones that do not have such restrictions, this is difficult due to, e.g., legislation and technical complexity. Unlicensed Mobile Access (UMA) is a new technology that provides access to GSM services over Wireless LAN or Bluetooth. It also challenges the assumption of closed platforms, since it is relatively easy to implement a UMA phone purely in software running on standard PC hardware and operating systems. This paper examines the security implications of UMA for GSM security, focusing especially on the impact of open terminal platforms. We identify several areas where open platforms may increase risks to both honest users and network operators, and propose countermeasures for mitigating these risks.