Kevin Redon starts collaborative Osmocom project to collect terminal profile
As Kevin Redon writes in
his blog, he has created some tools and a project for
collaboratively gathering a database on the TERMINAL PROFILE capabilities of mobile phones.
The terminal profile describes which particular features regarding
proactive sim or sim application toolkit a given phone
This is not only important for SIM application / SIM toolkit developers,
but it is also an important factor when trying to analyze the potential
threat that can originate from a malicious SIM card attack.
I personally see no reason why my phone should ever report its GPS
position to the SIM card, or why the SIM card should be able to re-write
the nubers I'm dialling. Yes, there are cases where such features are
useful, but then they should be explicitly enabled by the user, and the
default should be that they are all switched off.
Who knows, after all, with some attention to this problem we might still
see a SIM firewall / proxy, that you can put between the SIM and the
phone to prevent any of those features from being (mis)used.
So all you need to do to contribute to the database is some way how you
can read out the terminal profile from your mobile phone(s), and use
Kevin's tool to upload it to the public website. And hwo do you read
out the terminal profile? For example by using Osmocom SIMtrace to sniff the
communication between SIM card and phone.
Openmoko USB Product ID and IEEE OUI (Ethernet MAC Address) range available to the community
As it has been quite some time since Openmoko, Inc. (the company) has
released any hardware, I have obtained the permission to "donate" the
Product ID and IEEE OUI (MAC
Address) allocations to the community.
As the actual allocations cannot be transferred unless the registrant
(Openmoko. Inc.) is sold, the official registration will remain with
Openmoko Inc. while the various Free / Open Source Software and hardware
communities can make use of the range.
Registering a USB Vendor ID is expensive (USD 2000), and even if it
wasn't for the money, many companies (let even aside community projects)
will never require the 65535 product IDs allocated within that one USB
As for Ethernet/Wifi/Bluetooth MAC addresses, they are allocated from
the IEE OUI number ranges, which are also quite expensive (USD 1600) -
but at least you get 16.7 million (24bit) and not just 16bit like USB ;)
So if you are running a small homebrew or community built project that
implements a USB device or Ethernet ports, and either the software or
the hardware of it is available under a free software / open source
license, you can follow the instructions given at the pages in the
Openmoko wiki that I linked above and request an allocation.
I'd like to thank Openmoko Inc. and especially Sean Moss-Pultz for
making this donation.