Flaws Allow Every 3G Device To Be Tracked 81
mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victim's outgoing traffic to different networks."
Makes me wonder (Score:5, Funny)
Re:Makes me wonder (Score:5, Informative)
Did the 3G equipment come from Huwei or ztc?
No, but that is a rather amusing post, I lol'd.
On a more serious note, the summary and article make it sound worse than it is. Here's what they are doing:
"The attacks were made by intercepting, altering and injecting 3G Layer-3 messages into communication between the base station and mobile phones in both directions."
So to be clear, it won't allow you to just track any 3G device any time you want. It's a MITM attack which requires you to physically intercept and spoof a cell signal using the 3G standard... assuming the network fully complies with 3G and doesn't have it's own signalling or other security added on.
Re:Makes me wonder (Score:4, Informative)
"Flaw" allows us to be tracked. (Score:5, Insightful)
I'm pretty sure the word flaw should be in quotation marks in this context.
Re:"Flaw" allows us to be tracked. (Score:5, Informative)
Indeed - it requires malevolent base stations to be deployed and even then only determines the presence of particular 3G devices in the area.
They were obviously straining for an example when discussing an employed deploying such stations to track employee movements in a building; door pass access is somewhat easier to track...
In general though I'm resigned to the fact that the telco underlying my MVNO knows my location when I am connected and will happily relay this to the "authorities" with minimal encouragement, so this new attack doesn't seem particularly startling; now someone else other than the telco can know this. Whoppeee.
Re:"Flaw" allows us to be tracked. (Score:5, Funny)
If the mob is tracking you, you have bigger problems than "privacy"
Re: (Score:2)
Re: (Score:2)
DeBeers, OPEC, all IT firms, all food/drinks chains
Zionists, Illuminati, jew conspiracy, mormon conspiracy
JFK inside job, 9/11 inside job, terrorism in general inside job
USA wants oil, europe is USA's bitch, USA doesn't care about selling out to china, Russia is too drunk to care
I dunno, I'm running out of shit to say but there you go
I'm not a journalist nor an anonymous coward so I guess I don't apply to your comment?
Re:"Flaw" allows us to be tracked. (Score:4, Insightful)
I don't see how you think any ACTIVE radio transmitter can't be tracked? By definition, phones connect to towers and that gets logged for network purposes. All these people are doing is adding their own radio to the mix, which your phone happily pings to see if ithat "tower" useful. That's the whole definition of a network and "cellular" communication.
Next thing you know, they'll be telling me my IP address is in EVERY packet I send and receive on the Internet!!!!
Re: (Score:3, Funny)
Next thing you know, they'll be telling me my IP address is in EVERY packet I send and receive on the Internet!!!!
What? What? That is outrageous! This needs to be front page news! I will not tolerate such privacy violations!
Re:"Flaw" allows us to be tracked. (Score:4, Funny)
Re: (Score:3)
No, it's okay because everyone has the same IP address - 127.0.0.1.
Phew. That's a relief.
Re: (Score:3)
mines ::1
Re: (Score:3)
That singles you out as one of those IPV6 hipster kiddos!
Re: (Score:1)
OMG! The cell phone company knows that I am connected to their network and which towers should broadcast my calls?
Re: (Score:2)
You still have to have some ID number so the tower can find you and route your encrypted packets. The device has to "check in" and get the new keys for each tower... Thats what this attack is.
Unless you are going to use a device with pre-approved encryption keys, on pre-approved towers to create a "closed" network you are going to have to need some kind of ID that's visible. At which point you've entirely defeated the idea of sharing your device on multiple networks to get the best signal as you drive acros
Intentional (Score:4, Interesting)
I believe these kinds of flaws are intentional. Just think about the early cell phone encryption standards, who were completely insecure despite having been designed by teams who should have known better.
Governments and government-near task forces and interest groups have no incentive to make communication devices for the general population secure.
Re: (Score:1)
You make it sound as if it's some government conspiracy or something. The simple fact is that the general population doesn't care, so neither do the people designing devices for them.
Re: (Score:2)
Idiot.
Re: (Score:2)
Re: (Score:3, Informative)
I believe in US this is called Lawful Interception.
Re: (Score:1)
The idea is that these flaws ease unlawful interception - without all the hassle of asking a judge and possibly on foreign soil.
Re: (Score:3)
Yes, an obscure error message that can be used to differentiate one UE from another, if you have already used a compromised base station to sniff earlier sessions, and which will give you an indication if that UE is in the area of your transmitter or not sounds just like the sort of nefarious flaw that the Men in Black Illuminati would work into an international standard to spy on the tinfoil community.
As a comment above already mentioned, the operator knows where you are, with a lot more precision than thi
Re: (Score:3)
You and the other poster are comparing apples with bananas.
If intentional flaws indeed have been inserted into communications technology, then certainly for complementing lawful interception with means for unlawful interception rather than as a substitute. You need to take into account that many government agencies are explicitly allowed (by the laws of their country) to spy on foreign residents in foreign countries, and only under rare circumstances will these be able to ask local authorities for help and
Re: (Score:3)
Ah.. but spying on foreign residents in foreign countries is almost always an offense with a maximum penalty of death in the target country....
Re: (Score:3)
Well, I grouped you in with the crowd that seem to think governments only spy on their own citizens.
But I still feel that this method of tracking gives too little data for the effort needed to execute it. Not to mention sneaking it in to a 3GPP standard with this express intent. Not saying that it's impossible, but it does seem far fetched.
Re: (Score:2)
Considering there are few if any Maemo/MeeGo haters, it's relatively safe.
Not thatbad (Score:3, Informative)
Acctually from the article "This would reveal the presence of devices in a monitored area, breaking anonymity and ‘unlinkability’ by revealing the IMSI and TMSI correlation." And by moitored area they mean area with specific hardware installed. So you have to be a spy or something to be afraid of such tracking.
Re: (Score:2, Interesting)
Bullshit. The police can set one up near any protest, make life hell for everybody who showed up, even if the protesters weren't breaking the law. It's been done before, why trust this time?
Re:Not thatbad (Score:5, Insightful)
Sure. If they know the IMSI of the mobiles that the protesters are using in advanced. This attack gives the TMSI of the device, which is a temporary identifier, and will change when the mobile roams outside of the current location area.
Then they need to set up compromised base stations all over the city if they want to track this protester, and I am sure that there are easier ways to go about that.
Re: (Score:1)
Go straight to the teleco with your rubber-stamped warrant. Hell, the warrant part can probably skipped since the telecos are little lapdogs.
You know... (Score:5, Interesting)
Richard Stallman, often considered a nutcase, once said that he won't use a cell phone because he does not want to be tracked.
Whether by design, by accident or by the nature of the device, the fact is you can be tracked. Of course I don't care about that, because I have nothing to hide...then again what will this information be/is used for? big brother stuff, of course not!? Naturally, it's all just a big misunderstanding.
Re: (Score:2)
I wonder if Richard Stallman has ever used a computer attached to the internet. Because you know, the whole theory of packet switching and networks which relies on your IP address being constantly sent back and forth. God forbid he uses a landline too, I'd much rather some anonymous $5 SIM card inserted in my phone then actually use something linked to an account under my name.
The man fights for our privacy but he is a nutcase.
Re: (Score:2)
Of course I don't care about that, because I have nothing to hide...
The problem isn't what you do, is what you can be accused of having done, which is an entirely different problem. If you were near a crime scene at or near the moment it occurred, and might ever so slightly linked to it (you were friends in college to the roommate of the boyfriend of the victim) and at some point in your life commented on Friendster (yep, going old school here) you found said boyfriend a slob or whatever, a case WILL be made for you potentially being the criminal. Things can go downhill fro
Re: (Score:2)
Even a pager can be tracked via tower triangulation (not 911 GPS). But most of them aren't 3G, so this won't apply.
Re: (Score:1)
Re: (Score:2)
So pagers only get one shot to receive a page? And they broadcast over all transmitters in the country at once? Doesn't sound very reliable without an acknowledgement. I admit I don't know how they operate.
Re: (Score:2)
So pagers only get one shot to receive a page? And they broadcast over all transmitters in the country at once? Doesn't sound very reliable without an acknowledgement.
Actually, digital pagers get a few shots to receive a page, because the packet is retransmitted a few times over the course of a minute for redundancy. Some of the fancy pagers had a reply transmitter (they acknowledged receipt, and had four buttons you could press to return one of four answers.) And depending on the paging service you subscribed to, pages could be sent from a local tower, all towers in a region, or all towers across the country. At least all this was true back in 2000 when I still carri
I'm safe! (Score:5, Funny)
Good luck tracking me! I'm served by Bell Aliant. I can lose service anywhere they offer coverage!
And they charge me a reasonably high fee for this knd of security.
Thanks Bell!
Re:I'm safe! (Score:4, Funny)
"Reassuringly expensive" is the phrase you're looking for.
i'm safe (Score:1)
can't hack me. i'm on cdma. verizon secured me so i can't even talk and use data at the same time, good luck getting in, hackers!
Shocked and appalled at 3G smartphone insecurity (Score:3)
_Every_ phone can be tracked... (Score:1)
That's how they work. http://en.wikipedia.org/wiki/Mobile_phone_tracking [wikipedia.org]
And it's not a "flaw"... it is a "feature"!
Re: (Score:2)
Of course it's a feature since only an idiot wouldn't know that your phone is an active radio transmitter. Also, if you couldn't be tracked how exactly would you expect the cell network to know which towers to hand you off to while you were moving?
We should just go back to analogue phones (Score:2)
At least then everyone knew that they were in effect glorified CB radios and could be listened in to by a scanner so don't say anything you wouldn't want anyone else to hear. Now everything thinks because its digital it must be secure. Nope. If its broadcast it can be intercepted and (eventually unless its using serious encryption) decoded. End of.
That'll make'm buy newer phones! (Score:3)
Lately, I have seen a decrease in smartphone fever. Okay, maybe not "lately" -- it has been decreasing for a long time actually. People are less excited about new gadgets and spending that money when they know another new thing is coming along soon. Even the demand for iPhone 5 seems to have dropped where I am... I have a good number of iPhone users where I work but they have been moving to droid and even a couple back to flip phones. I have seen exactly zero iPhone5 phones where I work or anywhere in the wild.
I think people are realizing what "good enough" means and that spending the $100-$300 more doesn't buy them a whole lot more. Also, simple and reliable seem to be features many people are interested having again.
But the phone companies have invested a lot of money in FCC costs, marketing and especially in ruining perfectly good smart phones with their bloatware and hacked ROMs that remove features they hope to sell back to customers at a premium. People are losing interest. I know *I* am losing interest... not completely... I'm still looking to get an unlocked, unbranded GalaxyS3 for my next phone and ditching the carrier's plans. Prepaid is the way to go for me. I will save TONS of money when my contract is up.
Re: (Score:2)
As Designed (Score:3)
Re: (Score:3)
Why? They can just ask for the far more precise location data straight from the telecoms who are more than willing to give it up.
Re: (Score:2)
Sometimes, you dont want the telecoms to know what you are looking for.
From bash.org: (Score:3)
<gmaxwell> [bash.org] 1960: "I have a great idea! lets have every person in the country carry a radio tracking beacon!" "That'll never fly!" 2012: "I can has TWO iphones??"
Not if you're a Sprint customer (Score:2)
Because Sprint ensures your privacy by not actually having a functional network. Hand to god, smoke signals have better bandwidth.
Aint a bug, (Score:2)
So what about AT&T? (Score:2)
So does this include my 3G AT&T phone that shows an icon claiming it's 4G?