Leaky Cellphone Nets Can Give Attackers Your Location 67
alphadogg writes "GSM cellular networks leak enough location data to give third-parties secret access to cellphone users' whereabouts, according to new University of Minnesota research. 'We have shown that there is enough information leaking from the lower layers of the GSM communication stack to enable an attacker to perform location tests on a victim's device. We have shown that those tests can be performed silently without a user being aware by aborting PSTN calls before they complete,' write the authors, from the College of Science and Engineering, in a paper titled 'Location Leaks on the GSM Air Interface' (Pdf). The researchers are working with carriers and equipment makers, including AT&T and Nokia, to address the security issues."
Re: Not a problem (Score:5, Funny)
If you happen to travel to the USA then getting tracked by GSM is the least of your problems
"And with all our coverage black spots, you won't ever be tracked whilst on our network" /AT&T Marketing Campaign
Re: (Score:3, Informative)
If you happen to travel to the USA then getting tracked by GSM is the least of your problems with all the surveillance they have there now
Oh please... Having been to many places in England, Scotland, Wales and Ireland (North and Republic); I can say that they are the ones with this problem and not the USA. They have police CCTV even out in the sticks. Here in the USA we're still doing good to have a telephone line out in the boonies.
Re: Not a problem (Score:5, Funny)
Re: (Score:2)
If you happen to travel to the USA then getting tracked by GSM is the least of your problems with all the surveillance they have there now
Oh please... Having been to many places in England, Scotland, Wales and Ireland (North and Republic); I can say that they are the ones with this problem and not the USA. They have police CCTV even out in the sticks. Here in the USA we're still doing good to have a telephone line out in the boonies.
Billy-Joe-Ray: Hey Jeb, what's that buzzin,
Jeb: Poe leese drone.
Re: (Score:2)
The post you replied to was talking about "most of Europe". Did you swap that out for "UK" because that's the most orwellian country in it by far and the only way to have a lame comeback, or because it's the only one you know?
Re: (Score:2)
You're right, I totally forgot about Russia and Turkey o_O
Re: Not a problem (Score:5, Informative)
The concepts here are not necessarily specific to the GSM Um link. The same concepts used by the authors equally apply for UMTS and LTE, and most other cellular systems.
ALL of those systems page out phones based on some temporary (but plaintext) identifier when an incoming call needs to be routed and there is no active RRC (radio) connection. All of those systems try to mitigate this exact problem by using a temporary ID (the TMSI), rather than the permanent ID (the IMSI). The TMSI is re-allocated over a ciphered connection.
The TMSI rotation policy is up to the operator. It can in theory be rotated each connection, but few operators do this - too much signalling load on the core network. Most operators will hold the TMSI until the next periodic (i.e. after a certain number of hours - operator defined), or aperiodic (when the phone moves into a different paging domain [location area]), or when the phone is power cycled (which implicitly does a type of location update anyway).
One solution for future versions of the standard might be to encrypt the paging message (along with a random nonce to give uniqueness to each paging message) with the last known ciphering key, but this may not be known by the network entities in the new location areas.
Re: Not a problem (Score:4, Interesting)
Further to this, here is an example of some paging traffic I captured over a live UMTS network (Telstra NextG, in Australia), using nothing more than a USRP with 900MHz daughterboard, and some custom Matlab code. The message has been unpacked from ASN.1 format to XML, but it clearly shows IMSI and TMSI in plaintext.
File is here [jquirke.com.au].
This shows the flaw is definitely not GSM only.
Re: (Score:1, Funny)
Oh, I don't know. I feel fine.
Re: (Score:2, Offtopic)
Woosh
Re: (Score:2)
Is this really a thing? (Score:1)
Re:Is this really a thing? (Score:4, Informative)
Just because it doesn't pinpoint you, doesn't mean you need to be giving anyone a general direction to be looking in.
Re: (Score:3, Interesting)
Re: (Score:1)
Unless you call someone, in which case it is reduced to a few meters.
Re: (Score:2)
Re:It probably matters, but I don't care. (Score:5, Insightful)
I'm trying to think of one thing someone could do to me armed with knowldege of my current location.
1. Determine that you're far away from home while they burglarize your house.
2. Determine that you were in the vicinity of a burglarized house and throw you behind bars without a warrant for 48 hours while they try to find evidence.
3. Determine you were someplace "unsavory" and use it as blackmail, or to deny you future employment, etc.
Re: (Score:3, Insightful)
1. Determine that you're far away from home while they burglarize your house.
a. I have an alarm system
b. I have a dog
c. I have insurance
d. The same thing could be achieved by simply watching me go to work in the morning without the complexity of tracking my position
e. Just because I am away from home, doesn't mean no-one is there.
2. Determine that you were in the vicinity of a burglarized house and throw you behind bars without a warrant for 48 hours while they try to find evidence.
a. You watch too much TV.
b. I have no prior convictions of any such nature
c. Police don't lock people up because they were *near* a crime unless there is another reason to suspect them.
3. Determine you were someplace "unsavory" and use it as blackmail, or to deny you future employment, etc.
a. My life is already a pretty open book to those who know me. I h
Re:It probably matters, but I don't care. (Score:5, Funny)
I am not important enough to blackmail.
Security by social irrelevance. Brilliant!
It's quite real (Score:3)
In the physical world, there's no such thing as perfect security. Period. If you think you have it, you are lying to yourself. So with that in mind you have to design your security to deal with the greatest threat you are reasonably likely to face.
What that means is your relevance plays a great deal in to your security. A normal person doesn't need a ton of security, they aren't relevant enough in any sense to be targeted with a serious attack. A government isn't going to send an elite group of commandos to
Re: (Score:2)
In the physical world, there's no such thing as perfect security... Real security has a lot of different considerations than digital security, a big one being "How much is the target worth?"
Your post is very insightful, but I just want to comment to point out that this is true of digital security as well. There is no such thing as perfect digital security, and one of the considerations of any kind of security is "how much is the target worth?"
For example, even the most guarded computers, whether they're CIA or NSA or whatever, are not perfectly secure. By the nature of providing even a single person with access, you've opened up avenues of attack, even if the attack is a manipulation of tha
Re: (Score:2)
I agree, however I will concede the fact that at least in theory it is possible to have perfect virtual security. It is theoretically possible to have a system with no bugs, no vulnerabilities. Plenty of people on Slashdot seem to think they have such a system on account of running Linux and I'm not inclined to argue.
However in the physical world it isn't possible, even in theory. Even the best security has known flaws, it is just a matter of making the flaws something that is impractical to exploit.
As with
Re: (Score:2)
I agree, however I will concede the fact that at least in theory it is possible to have perfect virtual security. It is theoretically possible to have a system with no bugs, no vulnerabilities. Plenty of people on Slashdot seem to think they have such a system on account of running Linux and I'm not inclined to argue.
I am inclined to argue. Linux has bugs. There are security vulnerabilities. They're not terribly easy to exploit, but they exist.
Aside from that, it's just a basic rule of any kind of security (digital or physical): enabling access to authorized users also creates the risk of allowing access by unauthorized users. If you can log into your desktop computer through SSH, then it means it's also theoretically possible for me to log in through SSH. It's just a question of whether I can get ahold of (or gues
Re: (Score:2)
I'm just not a worthwhile target
How worth it are you? As the cost of tracking goes towards zero, there are more and more profitable targets.
Re: (Score:2)
Not very. I lack the ability to pay out much ransom myself, don't have rich family to pay out a ransom, and kidnapping for money is a stupid crime in the US. The FBI has basically a 100% closure rate on it. They don't always recover the person kidnapped, but they always get the people who did it.
Also you confuse the cost of tracking with the cost of doing something. Tracking me is pretty easy. Doing something to me is harder. Even if a baddie could know my precise location 24/7 for zero cost that doesn't me
Re: (Score:1)
"d. The same thing could be achieved by simply watching me go to work in the morning without the complexity of tracking my position "
Sometimes its nice to know that the person is not anywhere near coming home so that the appropriate time and care can be taken to ransack a house.
"c. Police don't lock people up because they were *near* a crime unless there is another reason to suspect them."
Just wow, you have no idea what goes on in this country, please grow up or at the very least do not ever vote. Go to an
Re: (Score:1)
Re: (Score:1)
"I've been wandering around this earth for 36 years now and so far I haven't been wrongly arrested."
You must be a Caucasian Christian Protestant then, I didn't need GSM to determinate _that_.
Re:It probably matters, but I don't care. (Score:5, Interesting)
You, sir, are totally full of shit and out of touch with reality. Or you live in a state that doesn't matter, like Montana or one of the Dakotas.
Come down to California and try to drive across an interstate highway. You may not be "arrested" per se, but you will be detained and your personal effects be searched...all because a low-rent goon fed the right hand-signal to a well-trained dog at a blatantly unnecessary highway checkpoint.
Re:It probably matters, but I don't care. (Score:5, Interesting)
Yeeeep. I used to think law enforcement was a good thing, then one day, a cop decided to become my worst enemy and now I hate them all equally. I am not a "bad guy", but they have made it clear they are not the "good guys".
When I was 18, I totaled my parents' car. I wasn't drinking, nor high, nor doing anything wrong besides driving at night on an unfamiliar and poorly maintained, where I was blinded by oncoming high-beams and veered into the ditch... where a giant stone was waiting to send my vehicle flying. Freak accident.
30 minutes later, someone stops to help and calls 9-1-1. Minutes later, the ambulance takes my passenger, who had a pretty bad gash in his arm. I wasn't hurt at all. A full hour later, the police officer shows up. She (*grumble*) asked me if I'd been drinking, I'd say about 4-5 times, hoping I'd change my story. So she had me do a roadside breathalyzer test. Zero. Took me down to the station, did the same test on a bigger machine. Zero. When she realized I was clean as a whistle, she slapped me with $5000 worth of bogus fines and suspended my licence. Two months later, the judge overturned all my fines and reinstated my licence.
Fast-forward two years, I was working a shit job at a video store. One night, I got robbed by armed thugs. Sure enough, that same asshole cop showed up to take my report. Instead of actually taking my report, she said I had to be lying, that a big guy like me could not possibly be scared of two (knife-wielding) crackheads and I must have been in on it. I caught her comments on the CCTV and took her to court, won, and had her suspended without pay for a year. Only problem was, her husband was also a cop, so for the next two years, they stalked me. They'd park at the end of my street in the morning, and wait for me to leave for work, and hubby would follow me in his squad car, sometimes tailgating very aggresively, trying to psych me into doing something stupid, or pulling me over every morning for a week. I endured two years of this harassment, until he actually bumped me and caused an accident. He tried very hard to blame it on me, that I had been driving "suspiciously" and somehow caused him to rear-end me, but that didn't hold up in court. Both of them were again suspended (goddamned unions), and a restraining order was issued.
Needless to say, after all that bullshit, I have a less than stellar view of law enforcement officials. I'll go as far as saying that, if a cop were to be injured and in need of help, I would sit and watch them suffer. It boggles my mind that we entrust such heinous, immature people with a badge and a gun. In the few times when I needed help, they just kicked me down. That to me makes them less than human and instead of giving them new ways to harass, we should be stripping them of their powers because they clearly lack the intelligence and respect to use them properly.
Re: (Score:2)
nah, that's just missing from your own personal reading comprehension. to wit: "a restraining order was issued."
Re: (Score:1)
Now, that said, it is true that police are frequently given too much arbitrary authority, and that the unions (who also have too much power) often prevent those who are truly undeserving of a badge from being forced to seek other employment
Re: (Score:2)
No. That was 12 years ago. You'd think that, over time, I would have gotten over it; that my other experiences would have reframed that incident as an unfortunate mishap, but no. I've even done consulting for the police over many years, and it did nothing to redress my perception of the system. What's particularly chilling is when regional directors tell you how they know it's fucked up, but not worth going against the majority.
Just last week, they let me down yet again, this time in a different city.
Re: (Score:2)
If this story is true, you are truly a hero. To have endured this and used the system each time to prove they are wrong, without flying off the handle or doing something that really did get you in trouble - that is an amazing amount of discipline. You are tenacious. And good job on finding 2 bad guys and getting them off the street - maybe they will learn a lesson?
Re: (Score:2)
I'm not a hero. Anyone else would have done the same thing, especially if they had a few lawyer friends like I do. And really, there wasn't a day where I didn't fantasize about throwing a tire iron at their faces until the screaming stopped.
A true hero would change the underlying system that creates these aberrations of society in the first place. I don't actually believe people set out to be bad cops, they are simply the product of an unhealthy environment. The pay sucks, stress is stigmatized, no good
Re: (Score:1)
b. That would be sad. I like my dog. But again, why go to the trouble of killing my dog (after disabling the alarm of course) to steal what?
c. You seem like an angry individual with a loud dog living nearby. You probably don't believe me, but my dog is well behaved and well liked by all my neighbours.
Re:It probably matters, but I don't care. (Score:5, Funny)
I'm trying to think of one thing someone could do to me armed with knowldege of my current location. Fly a drone missile into me? Fortunately I'm not that important. I'm sure it matters to some people, but I'm not going to lose any sleep.
Your wife and I use it to tell us when you're on the way back home.
Did anyone even read this article? (Score:2)
I have to ask, did anyone who commented even read this? I spent 20 minutes reading this technical paper, i by no means claim to have understood any of it, and i looked forward to reading the comments because I figured the comments would make some sense out of all this. Yah, that didnt happen.
Overreaction? (Score:1)
Yes, GSM system needs to know the cell you are using during a call.
This seems to be known issue: How come phone exchange knows with whom I am talking?
It seems a bit silly to me, really. If cell is not known, connection can not be established.
On top of it: GSM is TDMA system, so it measures distance to the terminal in cca 550m steps.
It is called Timing Advance, it is needed in order to allign all incomming frames on cell receiver.
Now... Somebody looks at Abis (protocol between cell and Base Station Controlle
Re: (Score:1)
It is much easier to get my location using different methods, like asking me politely ;-)
BR
s52d
Can you, please, tell us where you currently are, preferably within 550m accuracy?
Re: (Score:1)
It is much easier to get my location using different methods, like asking me politely ;-)
BR
s52d
Can you, please, tell us where you currently are, preferably within 550m accuracy?
At home, 1m from my PC.
And you have my home address from elsewhere, of course.
BR
s52d
Now I understand much better (Score:2)
How they can track me [slashdot.org] during my mall wherwabouts!
And you can bet this is not happening by mistake!!!
Hummm... (Score:1)