[LINK] Hacker Access to Mobile-Device Location
Roger Clarke
Roger.Clarke at xamax.com.au
Fri Feb 17 11:37:02 AEDT 2012
Cell Phone Hackers Can Track Your Location Without Your Knowledge
ScienceDaily
Feb. 16, 2012
http://www.sciencedaily.com/releases/2012/02/120216165701.htm?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+sciencedaily+(ScienceDaily:+Latest+Science+News)
[Picked up from Lauren Weinstein's list]
Cellular networks leak the locations of cell phone users, allowing a
third party to easily track the location of the cell phone user
without the user's knowledge, according to new research by computer
scientists in the University of Minnesota's College of Science and
Engineering.
University of Minnesota computer science Ph.D. student Denis Foo
Kune, working with associate professors Nick Hopper and Yongdae Kim,
and undergraduate student John Koelndorfer, described their work in a
recently released paper "Location Leaks on the GSM Air Interface"
which was presented at the 19th Annual Network & Distributed System
Security Symposium in San Diego, California.
"Cell phone towers have to track cell phone subscribers to provide
service efficiently," Foo Kune explained. "For example, an incoming
voice call requires the network to locate that device so it can
allocate the appropriate resources to handle the call. Your cell
phone network has to at least loosely track your phone within large
regions in order to make it easy to find it."
The result is that the tower will broadcast a page to your phone,
waiting for your phone to respond when you get a call, Foo Kune said.
This communication is not unlike a CB radio. Further, it is possible
for a hacker to force those messages to go out and hang up before the
victim is able to hear their phone ring.
Cellular service providers need to access location information to
provide service. In addition, law enforcement agencies have the
ability to subpoena location information from service providers. The
University of Minnesota group has demonstrated that access to a cell
phone user's location information is easily accessible to another
group -- possible hackers.
"It has a low entry barrier," Foo Kune said. "Being attainable
through open source projects running on commodity software."
Using an inexpensive phone and open source software, the researchers
were able to track the location of cell phone users without their
knowledge on the Global System for Mobile Communications (GSM)
network, the predominant worldwide network.
In a field test, the research group was able to track the location of
a test subject within a 10-block area as the subject traveled across
an area of Minneapolis at a walking pace. The researchers used
readily available equipment and no direct help from the service
provider.
The implications of this research highlight possible personal safety issues.
"Agents from an oppressive regime may no longer require cooperation
from reluctant service providers to determine if dissidents are at a
protest location," the researchers wrote in the paper. "Another
example could be thieves testing if a user's cell phone is absent
from a specific area and therefore deduce the risk level associated
with a physical break-in of the victim's residence."
Foo Kune and his group have contacted AT&T and Nokia with low-cost
techniques that could be implemented without changing the hardware,
and are in the process of drafting responsible disclosure statements
for cellular service providers.
Visit http://z.umn.edu/fookuneresearch to read the full research paper.
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list