Hacking

Using an inexpensive phone and open source software, the researchers were able to track the location of cell phone users without their knowledge on the Global System for Mobile Communications (GSM) network, the predominant worldwide network.
We may not address security concerns as quickly as operating system or browser vulnerabilities, but there is no doubt that we should be paying more attention to our phones. Researchers at the University of Minnesota have discovered that it is fairly easy to track a user’s location based on the data exchange between a phone and a GSM cell tower.

The tracking of a user happens via data packets that are typically sent to a phone to help a cell tower to locate a phone and allocate the appropriate resources to support a call. Such packets are also sent to tell the phone that someone is calling it. The researchers found that they could force cell towers to send the data and hang up, before the recipient’s phone rings. However, by then, the location data is already available. Apparently, there is no need for support from a cellular provider and open source software running on “commodity” platforms will give hackers or anyone else who wants to track cell phone user location access to exploit the vulnerability.

“Cell phone towers have to track cell phone subscribers to provide service efficiently,” Denis Foo Kune, Ph.D. student at the University of Minnesota, explained. “For example, an incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call. Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it.”

According to the findings, the location data is rough, and an individual’s location could only be determined within a 10-block radius. However, for some purposes, 10-blocks may be good enough.

The implications of this research highlight possible personal safety issues.

“Agents from an oppressive regime may no longer require cooperation from reluctant service providers to determine if dissidents are at a protest location,” the researchers wrote in the paper. “Another example could be thieves testing if a user’s cell phone is absent from a specific area and therefore deduce the risk level associated with a physical break-in of the victim’s residence.”

Foo Kune and his group have contacted AT and T and Nokia with low-cost techniques that could be implemented without changing the hardware, and are in the process of drafting responsible disclosure statements for cellular service providers.

Complete Research Paper located here.

Source: Tom’s Guide, Space Daily