Forgot your password?
typodupeerror
Privacy Security Your Rights Online

Flaws Allow Every 3G Device To Be Tracked 81

Posted by Unknown Lamer
from the police-departments-line-up-to-purchase dept.
mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victim's outgoing traffic to different networks."
This discussion has been archived. No new comments can be posted.

Flaws Allow Every 3G Device To Be Tracked

Comments Filter:
  • Not thatbad (Score:3, Informative)

    by Anonymous Coward on Tuesday October 09, 2012 @05:27AM (#41594279)

    Acctually from the article "This would reveal the presence of devices in a monitored area, breaking anonymity and ‘unlinkability’ by revealing the IMSI and TMSI correlation." And by moitored area they mean area with specific hardware installed. So you have to be a spy or something to be afraid of such tracking.

  • by Anonymous Coward on Tuesday October 09, 2012 @05:31AM (#41594289)

    Indeed - it requires malevolent base stations to be deployed and even then only determines the presence of particular 3G devices in the area.

    They were obviously straining for an example when discussing an employed deploying such stations to track employee movements in a building; door pass access is somewhat easier to track...

    In general though I'm resigned to the fact that the telco underlying my MVNO knows my location when I am connected and will happily relay this to the "authorities" with minimal encouragement, so this new attack doesn't seem particularly startling; now someone else other than the telco can know this. Whoppeee.

  • Re:Intentional (Score:3, Informative)

    by umghhh (965931) on Tuesday October 09, 2012 @06:25AM (#41594479)
    they do not have to - in majority of jurisdictions where such networks operate there are laws in place that force operators to:
    • be able know where a mobile device is
    • to intercept all standard mobile communications i.e. calls and texting

    I believe in US this is called Lawful Interception.

  • Re:Makes me wonder (Score:5, Informative)

    by Anonymous Coward on Tuesday October 09, 2012 @08:29AM (#41595033)

    Did the 3G equipment come from Huwei or ztc?

    No, but that is a rather amusing post, I lol'd.

    On a more serious note, the summary and article make it sound worse than it is. Here's what they are doing:

    "The attacks were made by intercepting, altering and injecting 3G Layer-3 messages into communication between the base station and mobile phones in both directions."

    So to be clear, it won't allow you to just track any 3G device any time you want. It's a MITM attack which requires you to physically intercept and spoof a cell signal using the 3G standard... assuming the network fully complies with 3G and doesn't have it's own signalling or other security added on.

  • Re:Makes me wonder (Score:4, Informative)

    by msauve (701917) on Tuesday October 09, 2012 @08:56AM (#41595233)
    Actually, if they were CDMA phones from Huwei or ZTE (ztc?), they apparently wouldn't be subject to the "flaw" mentioned. The article blithely uses "3G" to refer exclusively to UMTS, no mention whatsoever of CDMA2000. Of course, "every 3G device" is not on a UMTS network.

At work, the authority of a person is inversely proportional to the number of pens that person is carrying.

Working...