DIY mobile phone tracking using open source

By

Researchers locate target without help from phone carriers.

US researchers have developed a cheap and simple method for tracking the location of GSM mobile phones.

DIY mobile phone tracking using open source

Mobile carriers typically transmit unencrypted signals between GSM towers and phones to determine location. This is required for phone services to be provisioned.

But the new research has revealed that anyone running the open source Osmocom GSM software could use the same functionality to determine whether or not a mobile phone is in an area of between one and 100 square kilometers.

“Agents from an oppressive regime may no longer require cooperation from reluctant service providers to determine if dissidents are at a protest location,” Denis Foo Kune, computer science PhD student with the University of Minnesota, wrote in a paper.

“Another example could be thieves testing if a user’s cell phone is absent from a specific area and therefore deduce the risk level associated with a physical break-in of the victim’s residence.”

Researchers from the university’s science and engineering college tracked the location of a test subject within 800 metres as they walked through a CBD, without help from a phone provider.

To do this, attackers would dial a target’s mobile phone number from a mobile phone connected to a laptop.

Osmocom software on the laptop would monitor the relevant GSM network tracking signals and reveal the Location Area Code (LAC) of the target phone.

An attacker then re-dials the phone from within the LAC to pinpoint the base station which the user is connected to.

Provided the attacker hangs up within five seconds, the tracking will complete without the target’s phone ringing.

Foo Kune explained that GSM networks needed to "loosly track" phones in a similar fashion to CB radio.

“An incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call," he said.

"Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it.”

The research was described in the paper “Location Leaks on the GSM Air Interface” presented at the Network & Distributed System Security Symposium in California.

The research group informed US carrier AT&T and Nokia about cheap mitigation techniques that do not require hardware changes.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
gsmmobilesopensourceprivacyresearchsecuritytelco

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?