Flaws Allow Every 3G Device To Be Tracked 81
mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victim's outgoing traffic to different networks."
Not thatbad (Score:3, Informative)
Acctually from the article "This would reveal the presence of devices in a monitored area, breaking anonymity and ‘unlinkability’ by revealing the IMSI and TMSI correlation." And by moitored area they mean area with specific hardware installed. So you have to be a spy or something to be afraid of such tracking.
Re:"Flaw" allows us to be tracked. (Score:5, Informative)
Indeed - it requires malevolent base stations to be deployed and even then only determines the presence of particular 3G devices in the area.
They were obviously straining for an example when discussing an employed deploying such stations to track employee movements in a building; door pass access is somewhat easier to track...
In general though I'm resigned to the fact that the telco underlying my MVNO knows my location when I am connected and will happily relay this to the "authorities" with minimal encouragement, so this new attack doesn't seem particularly startling; now someone else other than the telco can know this. Whoppeee.
Re:Intentional (Score:3, Informative)
I believe in US this is called Lawful Interception.
Re:Makes me wonder (Score:5, Informative)
Did the 3G equipment come from Huwei or ztc?
No, but that is a rather amusing post, I lol'd.
On a more serious note, the summary and article make it sound worse than it is. Here's what they are doing:
"The attacks were made by intercepting, altering and injecting 3G Layer-3 messages into communication between the base station and mobile phones in both directions."
So to be clear, it won't allow you to just track any 3G device any time you want. It's a MITM attack which requires you to physically intercept and spoof a cell signal using the 3G standard... assuming the network fully complies with 3G and doesn't have it's own signalling or other security added on.
Re:Makes me wonder (Score:4, Informative)