Slashdot Mirror

← Back to Stories (view on slashdot.org)

All GSM Phones Open To Attack, Tracking

Posted by Soulskill on from the now-where'd-that-tinfoil-hat-go dept.

Trailrunner7 writes "A pair of security researchers has discovered a number of new attack vectors that give them the ability not only to locate any GSM mobile handset anywhere in the world, but also to find the name of the subscriber associated with virtually any cellular phone number, raising serious privacy and security concerns for customers of all of the major mobile providers. The research builds upon earlier work on geolocation of GSM handsets and exposes a number of fundamental weaknesses in the architecture of mobile providers' networks. However, these are not software or hardware vulnerabilities that can be patched or mitigated with workarounds. Rather, they are features and functionality built into the networks and back-end systems that Bailey and DePetrillo have found ways to abuse in order to discover information that most cell users assume is private and known only to the cell provider."

3 of 119 comments (clear)

  1. Scary shit by wurp · · Score: 1, Troll

    This is some scary shit. How long until some celebrity or world leader is abducted, raped, or shot based on this vulnerability?

    1. Re:Scary shit by wurp · · Score: 1, Troll

      Troll. Huh?

  2. This is bogus by dnaumov · · Score: 0, Troll
    This is so bogus it's not even funny. Well it might work in some retarded 3rd world country, but certainly not where I live.

    "For example, during their research, Bailey and DePetrillo scanned a number block in Washington, D.C., and identified a large block of numbers allocated to a defense contractor."

    I am sorry, what? How exactly does this scan work? If a defence contractor has it's numbers available in a publically accessible number database, this is probably a lapse in security at said contractor, not some kind of a GSM technology exploit. If you don't want to tell the world that YOU own number 123 4567, don't share this information. DUH. Every operator out there has an option where the subscriber can chose to "keep my number secret and do not share my information with public registries". Your failure to use this option is well, your failure.

    "Once they accessed the database, known as the Home Location Register (HLR), the researchers are able to determine which mobile provider a given subscriber uses, and then combine that with the caller ID data, giving them a profile of the subscriber."

    I am an operator. What the fuck gives you the idea that YOU can access my HLR? Are you retarded?