Forgot your password?
typodupeerror
Privacy Wireless Networking Your Rights Online

Leaky Cellphone Nets Can Give Attackers Your Location 67

Posted by samzenpus
from the there-you-are dept.
alphadogg writes "GSM cellular networks leak enough location data to give third-parties secret access to cellphone users' whereabouts, according to new University of Minnesota research. 'We have shown that there is enough information leaking from the lower layers of the GSM communication stack to enable an attacker to perform location tests on a victim's device. We have shown that those tests can be performed silently without a user being aware by aborting PSTN calls before they complete,' write the authors, from the College of Science and Engineering, in a paper titled 'Location Leaks on the GSM Air Interface' (Pdf). The researchers are working with carriers and equipment makers, including AT&T and Nokia, to address the security issues."
This discussion has been archived. No new comments can be posted.

Leaky Cellphone Nets Can Give Attackers Your Location

Comments Filter:
  • Re: Not a problem (Score:3, Informative)

    by slack_justyb (862874) on Monday February 20, 2012 @12:45AM (#39097207)

    If you happen to travel to the USA then getting tracked by GSM is the least of your problems with all the surveillance they have there now

    Oh please... Having been to many places in England, Scotland, Wales and Ireland (North and Republic); I can say that they are the ones with this problem and not the USA. They have police CCTV even out in the sticks. Here in the USA we're still doing good to have a telephone line out in the boonies.

  • by slack_justyb (862874) on Monday February 20, 2012 @12:58AM (#39097261)
    That's only a search area of 195 acres. Also depending on the area and direction/speed of movement (if any) it would be easy for someone to start eliminating some of the places you could be hiding in. Also depending on the environment, it would not be that hard to cover that large an area with enough people.

    Just because it doesn't pinpoint you, doesn't mean you need to be giving anyone a general direction to be looking in.
  • Re: Not a problem (Score:5, Informative)

    by jquirke (473496) on Monday February 20, 2012 @04:36AM (#39097755)

    The concepts here are not necessarily specific to the GSM Um link. The same concepts used by the authors equally apply for UMTS and LTE, and most other cellular systems.

    ALL of those systems page out phones based on some temporary (but plaintext) identifier when an incoming call needs to be routed and there is no active RRC (radio) connection. All of those systems try to mitigate this exact problem by using a temporary ID (the TMSI), rather than the permanent ID (the IMSI). The TMSI is re-allocated over a ciphered connection.

    The TMSI rotation policy is up to the operator. It can in theory be rotated each connection, but few operators do this - too much signalling load on the core network. Most operators will hold the TMSI until the next periodic (i.e. after a certain number of hours - operator defined), or aperiodic (when the phone moves into a different paging domain [location area]), or when the phone is power cycled (which implicitly does a type of location update anyway).

    One solution for future versions of the standard might be to encrypt the paging message (along with a random nonce to give uniqueness to each paging message) with the last known ciphering key, but this may not be known by the network entities in the new location areas.

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Working...