Forgot your password?
typodupeerror
Privacy Security Your Rights Online

Flaws Allow Every 3G Device To Be Tracked 81

Posted by Unknown Lamer
from the police-departments-line-up-to-purchase dept.
mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victim's outgoing traffic to different networks."
This discussion has been archived. No new comments can be posted.

Flaws Allow Every 3G Device To Be Tracked

Comments Filter:
  • by Chrisq (894406) on Tuesday October 09, 2012 @05:07AM (#41594211)
    Did the 3G equipment come from Huwei or ztc?
    • Re:Makes me wonder (Score:5, Informative)

      by Anonymous Coward on Tuesday October 09, 2012 @08:29AM (#41595033)

      Did the 3G equipment come from Huwei or ztc?

      No, but that is a rather amusing post, I lol'd.

      On a more serious note, the summary and article make it sound worse than it is. Here's what they are doing:

      "The attacks were made by intercepting, altering and injecting 3G Layer-3 messages into communication between the base station and mobile phones in both directions."

      So to be clear, it won't allow you to just track any 3G device any time you want. It's a MITM attack which requires you to physically intercept and spoof a cell signal using the 3G standard... assuming the network fully complies with 3G and doesn't have it's own signalling or other security added on.

    • Re:Makes me wonder (Score:4, Informative)

      by msauve (701917) on Tuesday October 09, 2012 @08:56AM (#41595233)
      Actually, if they were CDMA phones from Huwei or ZTE (ztc?), they apparently wouldn't be subject to the "flaw" mentioned. The article blithely uses "3G" to refer exclusively to UMTS, no mention whatsoever of CDMA2000. Of course, "every 3G device" is not on a UMTS network.
  • by mosb1000 (710161) <mosb1000@mac.com> on Tuesday October 09, 2012 @05:10AM (#41594217)

    I'm pretty sure the word flaw should be in quotation marks in this context.

    • by Anonymous Coward on Tuesday October 09, 2012 @05:31AM (#41594289)

      Indeed - it requires malevolent base stations to be deployed and even then only determines the presence of particular 3G devices in the area.

      They were obviously straining for an example when discussing an employed deploying such stations to track employee movements in a building; door pass access is somewhat easier to track...

      In general though I'm resigned to the fact that the telco underlying my MVNO knows my location when I am connected and will happily relay this to the "authorities" with minimal encouragement, so this new attack doesn't seem particularly startling; now someone else other than the telco can know this. Whoppeee.

    • by mabhatter654 (561290) on Tuesday October 09, 2012 @07:07AM (#41594595)

      I don't see how you think any ACTIVE radio transmitter can't be tracked? By definition, phones connect to towers and that gets logged for network purposes. All these people are doing is adding their own radio to the mix, which your phone happily pings to see if ithat "tower" useful. That's the whole definition of a network and "cellular" communication.

      Next thing you know, they'll be telling me my IP address is in EVERY packet I send and receive on the Internet!!!!

      • Re: (Score:3, Funny)

        by flappinbooger (574405)

        Next thing you know, they'll be telling me my IP address is in EVERY packet I send and receive on the Internet!!!!

        What? What? That is outrageous! This needs to be front page news! I will not tolerate such privacy violations!

      • by Anonymous Coward

        OMG! The cell phone company knows that I am connected to their network and which towers should broadcast my calls?

  • Intentional (Score:4, Interesting)

    by aaaaaaargh! (1150173) on Tuesday October 09, 2012 @05:15AM (#41594233)

    I believe these kinds of flaws are intentional. Just think about the early cell phone encryption standards, who were completely insecure despite having been designed by teams who should have known better.

    Governments and government-near task forces and interest groups have no incentive to make communication devices for the general population secure.

    • by Anonymous Coward

      You make it sound as if it's some government conspiracy or something. The simple fact is that the general population doesn't care, so neither do the people designing devices for them.

    • Re: (Score:3, Informative)

      by umghhh (965931)
      they do not have to - in majority of jurisdictions where such networks operate there are laws in place that force operators to:
      • be able know where a mobile device is
      • to intercept all standard mobile communications i.e. calls and texting

      I believe in US this is called Lawful Interception.

      • by Anonymous Coward

        The idea is that these flaws ease unlawful interception - without all the hassle of asking a judge and possibly on foreign soil.

    • by MrZilla (682337)

      Yes, an obscure error message that can be used to differentiate one UE from another, if you have already used a compromised base station to sniff earlier sessions, and which will give you an indication if that UE is in the area of your transmitter or not sounds just like the sort of nefarious flaw that the Men in Black Illuminati would work into an international standard to spy on the tinfoil community.

      As a comment above already mentioned, the operator knows where you are, with a lot more precision than thi

      • You and the other poster are comparing apples with bananas.

        If intentional flaws indeed have been inserted into communications technology, then certainly for complementing lawful interception with means for unlawful interception rather than as a substitute. You need to take into account that many government agencies are explicitly allowed (by the laws of their country) to spy on foreign residents in foreign countries, and only under rare circumstances will these be able to ask local authorities for help and

        • Ah.. but spying on foreign residents in foreign countries is almost always an offense with a maximum penalty of death in the target country....

        • by MrZilla (682337)

          Well, I grouped you in with the crowd that seem to think governments only spy on their own citizens.

          But I still feel that this method of tracking gives too little data for the effort needed to execute it. Not to mention sneaking it in to a 3GPP standard with this express intent. Not saying that it's impossible, but it does seem far fetched.

  • Not thatbad (Score:3, Informative)

    by Anonymous Coward on Tuesday October 09, 2012 @05:27AM (#41594279)

    Acctually from the article "This would reveal the presence of devices in a monitored area, breaking anonymity and ‘unlinkability’ by revealing the IMSI and TMSI correlation." And by moitored area they mean area with specific hardware installed. So you have to be a spy or something to be afraid of such tracking.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Bullshit. The police can set one up near any protest, make life hell for everybody who showed up, even if the protesters weren't breaking the law. It's been done before, why trust this time?

      • Re:Not thatbad (Score:5, Insightful)

        by MrZilla (682337) on Tuesday October 09, 2012 @06:51AM (#41594537) Homepage

        Sure. If they know the IMSI of the mobiles that the protesters are using in advanced. This attack gives the TMSI of the device, which is a temporary identifier, and will change when the mobile roams outside of the current location area.

        Then they need to set up compromised base stations all over the city if they want to track this protester, and I am sure that there are easier ways to go about that.

  • You know... (Score:5, Interesting)

    by GeekWithAKnife (2717871) on Tuesday October 09, 2012 @05:48AM (#41594355)

    Richard Stallman, often considered a nutcase, once said that he won't use a cell phone because he does not want to be tracked.

    Whether by design, by accident or by the nature of the device, the fact is you can be tracked. Of course I don't care about that, because I have nothing to hide...then again what will this information be/is used for? big brother stuff, of course not!? Naturally, it's all just a big misunderstanding.
    • by thegarbz (1787294)

      I wonder if Richard Stallman has ever used a computer attached to the internet. Because you know, the whole theory of packet switching and networks which relies on your IP address being constantly sent back and forth. God forbid he uses a landline too, I'd much rather some anonymous $5 SIM card inserted in my phone then actually use something linked to an account under my name.

      The man fights for our privacy but he is a nutcase.

    • by alexgieg (948359)

      Of course I don't care about that, because I have nothing to hide...

      The problem isn't what you do, is what you can be accused of having done, which is an entirely different problem. If you were near a crime scene at or near the moment it occurred, and might ever so slightly linked to it (you were friends in college to the roommate of the boyfriend of the victim) and at some point in your life commented on Friendster (yep, going old school here) you found said boyfriend a slob or whatever, a case WILL be made for you potentially being the criminal. Things can go downhill fro

  • I'm safe! (Score:5, Funny)

    by Cruciform (42896) on Tuesday October 09, 2012 @05:52AM (#41594379) Homepage

    Good luck tracking me! I'm served by Bell Aliant. I can lose service anywhere they offer coverage!
    And they charge me a reasonably high fee for this knd of security.
    Thanks Bell!

  • by Anonymous Coward

    can't hack me. i'm on cdma. verizon secured me so i can't even talk and use data at the same time, good luck getting in, hackers!

  • by cvtan (752695) on Tuesday October 09, 2012 @06:41AM (#41594519)
    I'm going to keep using Windows so I know I'm safe.
  • by Anonymous Coward

    That's how they work. http://en.wikipedia.org/wiki/Mobile_phone_tracking [wikipedia.org]

    And it's not a "flaw"... it is a "feature"!

    • Of course it's a feature since only an idiot wouldn't know that your phone is an active radio transmitter. Also, if you couldn't be tracked how exactly would you expect the cell network to know which towers to hand you off to while you were moving?

  • At least then everyone knew that they were in effect glorified CB radios and could be listened in to by a scanner so don't say anything you wouldn't want anyone else to hear. Now everything thinks because its digital it must be secure. Nope. If its broadcast it can be intercepted and (eventually unless its using serious encryption) decoded. End of.

  • by erroneus (253617) on Tuesday October 09, 2012 @07:47AM (#41594793) Homepage

    Lately, I have seen a decrease in smartphone fever. Okay, maybe not "lately" -- it has been decreasing for a long time actually. People are less excited about new gadgets and spending that money when they know another new thing is coming along soon. Even the demand for iPhone 5 seems to have dropped where I am... I have a good number of iPhone users where I work but they have been moving to droid and even a couple back to flip phones. I have seen exactly zero iPhone5 phones where I work or anywhere in the wild.

    I think people are realizing what "good enough" means and that spending the $100-$300 more doesn't buy them a whole lot more. Also, simple and reliable seem to be features many people are interested having again.

    But the phone companies have invested a lot of money in FCC costs, marketing and especially in ruining perfectly good smart phones with their bloatware and hacked ROMs that remove features they hope to sell back to customers at a premium. People are losing interest. I know *I* am losing interest... not completely... I'm still looking to get an unlocked, unbranded GalaxyS3 for my next phone and ditching the carrier's plans. Prepaid is the way to go for me. I will save TONS of money when my contract is up.

    • That's that you get for living in USA. I couldn't buy an operator locked phone in my country if I tried. Some of the very cheap ones are still branded though.
  • by ThatsNotPudding (1045640) on Tuesday October 09, 2012 @07:55AM (#41594827)
    Probably in an NSA spec book somewhere.
  • by jensend (71114) on Tuesday October 09, 2012 @08:34AM (#41595075)

    <gmaxwell> [bash.org] 1960: "I have a great idea! lets have every person in the country carry a radio tracking beacon!" "That'll never fly!" 2012: "I can has TWO iphones??"

  • Because Sprint ensures your privacy by not actually having a functional network. Hand to god, smoke signals have better bandwidth.

  • It's a feature
  • So does this include my 3G AT&T phone that shows an icon claiming it's 4G?

It is better to give than to lend, and it costs about the same.

Working...