Skip to main content

Researchers track mobile phone locations with cheap hardware and open-source software


While cop shows have shown us that it's easy for service providers to track a person's location via their mobile phone, researchers at the University of Minnesota have revealed it's also an easy task for hackers. Using a cheap phone and open source software, the researchers were able to track the location of mobile phone users without their knowledge on the GSM network, which is estimated to serve 80 percent of the global mobile market.
According to the new research by computer scientists in the University of Minnesota's College of Science and Engineering, a third party could easily track the location of a mobile phone user without their knowledge because cellular mobile phone networks "leak" the locations of mobile phone users.
"Cell phone towers have to track cell phone subscribers to provide service efficiently," Foo Kune explained. "For example, an incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call. Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it."
To do this, mobile phone towers will broadcast a page to a user's phone and wait for the phone to respond when they get a call. Hackers would be able to ascertain the general location of the user by forcing those pages to go out and hanging up before the phone rings.
Although the GSM standard assigns a phone a temporary ID to disguise its identity, it is possible to map the phone number to its temporary ID. Just by looking at the broadcast messages sent by the network, the researchers say it is possible to locate the device within an area of 100 square km (38 square miles). But by testing for a user on a single tower allows a user to be tracked to within a geographic area of 1 square km (0.38 square miles) or less.
"It has a low entry barrier," Foo Kune said. "Being attainable through open source projects running on commodity software."
In a field test using an inexpensive mobile phone and open source software and with no direct help from the service provider, the researchers were able to track the location of a test subject within a 10-block area as they traveled across an area of Minneapolis at walking pace.
In their Paper, which was presented at the 19th Annual Network & Distributed System Security Symposium in San Diego, California, the researchers highlight some possible personal safety issues arising from their discovery.
"For example, agents from an oppressive regime may no longer require cooperation from reluctant service providers to determine if dissidents are at a protest location. A second example could be the location test of a prominent figure by a group of insurgents with the intent to cause physical harm for political gain. Yet another example could be thieves testing if a user's cell phone is absent from a specific area and therefore deduce the risk level associated with a physical break-in of the victim's residence."
But it's not all bad news. Foo Kune and his group have identified low-cost techniques to plug the leaks that could be implemented without changing the hardware. They have contacted AT&T and Nokia to inform them of these techniques and are also in the process of drafting responsible disclosure statements for mobile service operators.

Comments

Popular posts from this blog

Nerf Vulcan Sentry Gun tracks targets and avoids friendly fire

Anyone who plays video games will know that few things protect an area like a well-placed sentry gun. In the real world, though, even a person's bedroom or office could use a little protection sometimes, which is why one designer has built the Nerf Vulcan Sentry Gun. Using a custom program and some servos, the sentry can automatically locate targets and unleash a stream of foam darts at over seven times the usual speed, while keeping its owner out of the crosshairs. Britt Liv Ulrike Michelsen, a chemical and biological engineering student from Germany, designed and constructed the sentry using mostly basic electronics and some plywood. This isn't the first time she's modified a Nerf gun, but building this robotic turret is arguably her most ambitious project to date. Luckily, the Nerf Vulcan already operates using an electric motor, so controlling the actual firing mechanism through a computer was just a matter of connecting it directly to an Arduino Uno and a laptop. ...

Students crash rockets to develop new asteroid sample collection technique

In what at first glance seems like a terrible sense of direction, in March students from the University of Washington fired rockets from kites and balloons at an altitude of 3,000 ft (914 m) straight into the ground at Black Rock, Nevada: a dry lake bed in the desert 100 mi (160 km) north of Reno. This may seem like the ultimate in larking about, but it's actually a serious effort to develop new ways of collecting samples from asteroids. The test was part of the “Sample Return Systems for Extreme Environments” project. The idea is to find cheaper, more efficient ways of collecting samples from asteroids and hazardous areas on Earth, such as volcanoes and nuclear disaster zones, by using penetrators instead of soft landers or ground crews to hammer out sample cores. According to the team, this would result in lower cost than soft landing techniques by reducing the velocity and vehicle mass needed to gather the sample, minimizing damage on impact, as well as being mechanically s...

Review: i-H2GO hydrogen-powered remote-control car

At the end of last month, Horizon Fuel Cell Technologies began shipments of its latest hydrogen fuel cell-powered remote-control toy car, the  i-H2GO . Like its predecessor, the  H2GO , it runs on hydrogen obtained from user-supplied water. The main thing that's new about the i-H2GO, however, is the fact that it is now controlled using a free app on the user's existing smartphone. I got my hands on an early production model, mainly just so that I could truthfully say "I've driven a fuel cell car." Like the H2GO, the new car comes with an included Refueling Station. The user pours purified water into that device, and it proceeds to electrolyze the H2O, separating it into H and O – hydrogen and oxygen. A plunger on the station rises as hydrogen fills its temporary holding compartment. The user then connects the car to the station using a built-in hose, and manually pumps the hydrogen from the station into the car. The car's fuel cell subsequently combines...