Slashdot Mirror

← Back to Stories (view on slashdot.org)

Leaky Cellphone Nets Can Give Attackers Your Location

Posted by samzenpus on from the there-you-are dept.

alphadogg writes "GSM cellular networks leak enough location data to give third-parties secret access to cellphone users' whereabouts, according to new University of Minnesota research. 'We have shown that there is enough information leaking from the lower layers of the GSM communication stack to enable an attacker to perform location tests on a victim's device. We have shown that those tests can be performed silently without a user being aware by aborting PSTN calls before they complete,' write the authors, from the College of Science and Engineering, in a paper titled 'Location Leaks on the GSM Air Interface' (Pdf). The researchers are working with carriers and equipment makers, including AT&T and Nokia, to address the security issues."

67 comments

  1. Not a problem by Anonymous Coward · · Score: 0

    Don't use GSM. Most of Europe has 3G at least and some parts LTE. If you happen to travel to the USA then getting tracked by GSM is the least of your problems with all the surveillance they have there now ;-)

    1. Re: Not a problem by Anonymous Coward · · Score: 5, Funny

      If you happen to travel to the USA then getting tracked by GSM is the least of your problems

      "And with all our coverage black spots, you won't ever be tracked whilst on our network" /AT&T Marketing Campaign

    2. Re: Not a problem by slack_justyb · · Score: 2, Informative

      If you happen to travel to the USA then getting tracked by GSM is the least of your problems with all the surveillance they have there now

      Oh please... Having been to many places in England, Scotland, Wales and Ireland (North and Republic); I can say that they are the ones with this problem and not the USA. They have police CCTV even out in the sticks. Here in the USA we're still doing good to have a telephone line out in the boonies.

    3. Re: Not a problem by Anonymous Coward · · Score: 0

      The cameras point down every sidewalk on my block says otherwise.

      I live in a residential area of Croydon.

    4. Re: Not a problem by Anonymous Coward · · Score: 0

      Say hello to the mayor for me.

    5. Re: Not a problem by Zapotek · · Score: 4, Funny

      Hello pot! Meet kettle. :)

    6. Re: Not a problem by mjwx · · Score: 1

      If you happen to travel to the USA then getting tracked by GSM is the least of your problems with all the surveillance they have there now

      Oh please... Having been to many places in England, Scotland, Wales and Ireland (North and Republic); I can say that they are the ones with this problem and not the USA. They have police CCTV even out in the sticks. Here in the USA we're still doing good to have a telephone line out in the boonies.

      Billy-Joe-Ray: Hey Jeb, what's that buzzin,
      Jeb: Poe leese drone.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    7. Re: Not a problem by jquirke · · Score: 4, Informative

      The concepts here are not necessarily specific to the GSM Um link. The same concepts used by the authors equally apply for UMTS and LTE, and most other cellular systems.

      ALL of those systems page out phones based on some temporary (but plaintext) identifier when an incoming call needs to be routed and there is no active RRC (radio) connection. All of those systems try to mitigate this exact problem by using a temporary ID (the TMSI), rather than the permanent ID (the IMSI). The TMSI is re-allocated over a ciphered connection.

      The TMSI rotation policy is up to the operator. It can in theory be rotated each connection, but few operators do this - too much signalling load on the core network. Most operators will hold the TMSI until the next periodic (i.e. after a certain number of hours - operator defined), or aperiodic (when the phone moves into a different paging domain [location area]), or when the phone is power cycled (which implicitly does a type of location update anyway).

      One solution for future versions of the standard might be to encrypt the paging message (along with a random nonce to give uniqueness to each paging message) with the last known ciphering key, but this may not be known by the network entities in the new location areas.

    8. Re: Not a problem by jquirke · · Score: 3, Interesting

      Further to this, here is an example of some paging traffic I captured over a live UMTS network (Telstra NextG, in Australia), using nothing more than a USRP with 900MHz daughterboard, and some custom Matlab code. The message has been unpacked from ASN.1 format to XML, but it clearly shows IMSI and TMSI in plaintext.

      File is here.

      This shows the flaw is definitely not GSM only.

    9. Re: Not a problem by Johann+Lau · · Score: 1

      The post you replied to was talking about "most of Europe". Did you swap that out for "UK" because that's the most orwellian country in it by far and the only way to have a lame comeback, or because it's the only one you know?

    10. Re: Not a problem by Anonymous Coward · · Score: 0

      Is not the UK part of Europe? It is also the fifth largest by population. Russia, Germany, and Turkey the top three are not doing any better than the UK in this respect.

      Just thinking out loud here, do not mind me, but the parts of Europe that given by the GP makes up about sixty-five million people. Of course, France (sixty-three million) does not have eyes peering at you quite as bad. We do however have some hate towards Muslims. Just depends on who you ask, I guess.

    11. Re: Not a problem by Johann+Lau · · Score: 1

      You're right, I totally forgot about Russia and Turkey o_O

  2. Is this really a thing? by atari2600a · · Score: 1

    Isn't GSM geolocation limited to an accuracy of 500m?

    1. Re:Is this really a thing? by slack_justyb · · Score: 3, Informative

      That's only a search area of 195 acres. Also depending on the area and direction/speed of movement (if any) it would be easy for someone to start eliminating some of the places you could be hiding in. Also depending on the environment, it would not be that hard to cover that large an area with enough people.

      Just because it doesn't pinpoint you, doesn't mean you need to be giving anyone a general direction to be looking in.

    2. Re:Is this really a thing? by atari2600a · · Score: 3, Interesting

      If you're HIDING you wouldn't be using [your own, non-prepaid] cellphone AT ALL. Mitnick was once chased by a helicopter [pre-GSM] because of this mistake.

    3. Re:Is this really a thing? by Hentes · · Score: 0

      Unless you call someone, in which case it is reduced to a few meters.

  3. Re:2012 by Anonymous Coward · · Score: 1, Funny

    Oh, I don't know. I feel fine.

  4. I doubt this will be a problem for T-Mobile users by Anonymous Coward · · Score: 0

    Assuming that proximity to a tower carrying T-Mobile service is a prerequisite.

  5. Re:2012 by Anonymous Coward · · Score: 0

    You feel fine with all the governments all around the world passing laws to enable Big Brother monitoring without warrants? You feel fine with media companies pushing laws to turn the internet into a streaming TV? You feel fine with companies like Monsanto polluting the world's food chain? You feel fine with corporations turning their workers into slaves with ever diminishing pay checks?

    Ignorance is bliss.

  6. This is news? by Anonymous Coward · · Score: 0

    There was an article in Wired magazine about doing this very thing more than 10 years ago.

  7. Re:2012 by LordLucless · · Score: 1, Offtopic

    Woosh

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
  8. Oblig by Anonymous Coward · · Score: 0

    http://xkcd.com/610/

  9. Peculiar PDF by Ethanol-fueled · · Score: 0
    The article opens with,

    " GSM cellular networks leak enough location data to give third-parties secret access to cellphone users' whereabouts, according to new University of Minnesota research. "

    Then it closes with,

    "The research was funded in part by the National Science Foundation and Korean Advanced Institute of Science and Technology."

    The paper(.PDF) was authored by Denis Foo Kune, John Koelndorfer, Nicholas Hopper, and Yongdae Kim. Now read the PDF. Does it sound kinda funny to you(a native English speaker)? Perhaps Kune and Kim should have let Nicholas, or at least John, write the paper.

    Now, I'm not trolling, I just believe that it makes the most sense for native speakers to write for their target countries. Eloquence is academic, and the western version of this paper has UMinn and the names of two caucasians on it.

  10. Re:2012 by socceroos · · Score: 1

    I heard that you can only perform this hack by uploading a virus from a Mac to the carriers central server farm - so, the chances of it being viable are slim.

  11. It probably matters, but I don't care. by multiben · · Score: 0

    I'm trying to think of one thing someone could do to me armed with knowldege of my current location. Fly a drone missile into me? Fortunately I'm not that important. I'm sure it matters to some people, but I'm not going to lose any sleep.

    1. Re:It probably matters, but I don't care. by NoKaOi · · Score: 5, Insightful

      I'm trying to think of one thing someone could do to me armed with knowldege of my current location.

      1. Determine that you're far away from home while they burglarize your house.
      2. Determine that you were in the vicinity of a burglarized house and throw you behind bars without a warrant for 48 hours while they try to find evidence.
      3. Determine you were someplace "unsavory" and use it as blackmail, or to deny you future employment, etc.

    2. Re:It probably matters, but I don't care. by multiben · · Score: 3, Insightful

      1. Determine that you're far away from home while they burglarize your house.

      a. I have an alarm system
      b. I have a dog
      c. I have insurance
      d. The same thing could be achieved by simply watching me go to work in the morning without the complexity of tracking my position
      e. Just because I am away from home, doesn't mean no-one is there.

      2. Determine that you were in the vicinity of a burglarized house and throw you behind bars without a warrant for 48 hours while they try to find evidence.

      a. You watch too much TV.
      b. I have no prior convictions of any such nature
      c. Police don't lock people up because they were *near* a crime unless there is another reason to suspect them.

      3. Determine you were someplace "unsavory" and use it as blackmail, or to deny you future employment, etc.

      a. My life is already a pretty open book to those who know me. I have nothing to hide from those I don't know which could not be obtained much more simply.
      b. I am not important enough to blackmail.

      Like I said in my original post, it probably does matter to some people, but I'm not personally that bothered.

    3. Re:It probably matters, but I don't care. by lucm · · Score: 5, Funny

      I am not important enough to blackmail.

      Security by social irrelevance. Brilliant!

      --
      lucm, indeed.
    4. Re:It probably matters, but I don't care. by Anonymous Coward · · Score: 1

      "d. The same thing could be achieved by simply watching me go to work in the morning without the complexity of tracking my position "
      Sometimes its nice to know that the person is not anywhere near coming home so that the appropriate time and care can be taken to ransack a house.

      "c. Police don't lock people up because they were *near* a crime unless there is another reason to suspect them."

      Just wow, you have no idea what goes on in this country, please grow up or at the very least do not ever vote. Go to any city in America and ask a minority person if they worry about things like this. It happens every single day, in a large city it happens multiple times each day.

    5. Re:It probably matters, but I don't care. by Anonymous Coward · · Score: 0

      a: Alarms can be disabled. Even functional they provide a good 10-15 minute window to rob your home. Or longer depending on location and police responce time.

      b: Dogs can be killed. Easily. Quietly. And even if it does make noise. most likely your neighbors are so fucking sick of your dog barking they won't even bother to get up and look out the window. But of course you are one of those rare people on the planet with a quiet dog right.

    6. Re:It probably matters, but I don't care. by multiben · · Score: 1

      I've been wandering around this earth for 36 years now and so far I haven't been wrongly arrested. Neither have any of my friends, and as far as I know neither have any of their friends. In fact, I don't think I even know of a 3rd hand connection who has been wrongly arrested. But if you believe everything you see in the media, as apparently you do, then it happens to everyone every day.

    7. Re:It probably matters, but I don't care. by multiben · · Score: 1

      a. WTF do you think I keep in my house that is worth going through the trouble of disabling an alarm rather than robbing my neighbours who don't have one?
      b. That would be sad. I like my dog. But again, why go to the trouble of killing my dog (after disabling the alarm of course) to steal what?
      c. You seem like an angry individual with a loud dog living nearby. You probably don't believe me, but my dog is well behaved and well liked by all my neighbours.

    8. Re:It probably matters, but I don't care. by Anonymous Coward · · Score: 1

      "I've been wandering around this earth for 36 years now and so far I haven't been wrongly arrested."

      You must be a Caucasian Christian Protestant then, I didn't need GSM to determinate _that_.

    9. Re:It probably matters, but I don't care. by Ethanol-fueled · · Score: 5, Interesting

      I have no criminal record, but I have been pulled over and followed by cops. I have been pulled over to secondary at DHS checkpoints and had my car torn apart while they looked for contraband, only for them to find nothing and try to "bargain" with me and get me to incriminate myself on baseless charges to inflate their numbers.

      You, sir, are totally full of shit and out of touch with reality. Or you live in a state that doesn't matter, like Montana or one of the Dakotas.

      Come down to California and try to drive across an interstate highway. You may not be "arrested" per se, but you will be detained and your personal effects be searched...all because a low-rent goon fed the right hand-signal to a well-trained dog at a blatantly unnecessary highway checkpoint.

    10. Re:It probably matters, but I don't care. by Anonymous Coward · · Score: 0

      a. WTF do you think I keep in my house that is worth going through the trouble of disabling an alarm rather than robbing my neighbours who don't have one?
      b. That would be sad. I like my dog. But again, why go to the trouble of killing my dog (after disabling the alarm of course) to steal what?

      You would be surprised how many people do it just for the heck of it. My old worn out bike secured by a Kryptonite New York lock was stolen, and thief preferred it over a nice looking road bike secured by cables next to it.

      c. You seem like an angry individual with a loud dog living nearby. You probably don't believe me, but my dog is well behaved and well liked by all my neighbours.

      Does it bark when strangers are around. If it is does, I doubt the neighbours like it and if it doesnt its not really defending your home, is it?

    11. Re:It probably matters, but I don't care. by billcopc · · Score: 4, Interesting

      Yeeeep. I used to think law enforcement was a good thing, then one day, a cop decided to become my worst enemy and now I hate them all equally. I am not a "bad guy", but they have made it clear they are not the "good guys".

      When I was 18, I totaled my parents' car. I wasn't drinking, nor high, nor doing anything wrong besides driving at night on an unfamiliar and poorly maintained, where I was blinded by oncoming high-beams and veered into the ditch... where a giant stone was waiting to send my vehicle flying. Freak accident.

      30 minutes later, someone stops to help and calls 9-1-1. Minutes later, the ambulance takes my passenger, who had a pretty bad gash in his arm. I wasn't hurt at all. A full hour later, the police officer shows up. She (*grumble*) asked me if I'd been drinking, I'd say about 4-5 times, hoping I'd change my story. So she had me do a roadside breathalyzer test. Zero. Took me down to the station, did the same test on a bigger machine. Zero. When she realized I was clean as a whistle, she slapped me with $5000 worth of bogus fines and suspended my licence. Two months later, the judge overturned all my fines and reinstated my licence.

      Fast-forward two years, I was working a shit job at a video store. One night, I got robbed by armed thugs. Sure enough, that same asshole cop showed up to take my report. Instead of actually taking my report, she said I had to be lying, that a big guy like me could not possibly be scared of two (knife-wielding) crackheads and I must have been in on it. I caught her comments on the CCTV and took her to court, won, and had her suspended without pay for a year. Only problem was, her husband was also a cop, so for the next two years, they stalked me. They'd park at the end of my street in the morning, and wait for me to leave for work, and hubby would follow me in his squad car, sometimes tailgating very aggresively, trying to psych me into doing something stupid, or pulling me over every morning for a week. I endured two years of this harassment, until he actually bumped me and caused an accident. He tried very hard to blame it on me, that I had been driving "suspiciously" and somehow caused him to rear-end me, but that didn't hold up in court. Both of them were again suspended (goddamned unions), and a restraining order was issued.

      Needless to say, after all that bullshit, I have a less than stellar view of law enforcement officials. I'll go as far as saying that, if a cop were to be injured and in need of help, I would sit and watch them suffer. It boggles my mind that we entrust such heinous, immature people with a badge and a gun. In the few times when I needed help, they just kicked me down. That to me makes them less than human and instead of giving them new ways to harass, we should be stripping them of their powers because they clearly lack the intelligence and respect to use them properly.

      --
      -Billco, Fnarg.com
    12. Re:It probably matters, but I don't care. by Anonymous Coward · · Score: 0

      Missing from your story is the part where you obtained the evidence that they had been stalking you for two years, and what happened then.

    13. Re:It probably matters, but I don't care. by Chrisq · · Score: 4, Funny

      I'm trying to think of one thing someone could do to me armed with knowldege of my current location. Fly a drone missile into me? Fortunately I'm not that important. I'm sure it matters to some people, but I'm not going to lose any sleep.

      Your wife and I use it to tell us when you're on the way back home.

    14. Re:It probably matters, but I don't care. by Johann+Lau · · Score: 1

      nah, that's just missing from your own personal reading comprehension. to wit: "a restraining order was issued."

    15. Re:It probably matters, but I don't care. by Turbofish · · Score: 1

      So, all cops are worthless and deserve to suffer and die because a couple of a--holes harassed you for a while... for which they were themselves punished. Gives me a warm feeling to know I live in a world populated by such rational and civilized people as you.

      /sarc

      Now, that said, it is true that police are frequently given too much arbitrary authority, and that the unions (who also have too much power) often prevent those who are truly undeserving of a badge from being forced to seek other employment. The crux of the problem is the good cops are often punished or harassed for doing their jobs, the few bad cops are protected instead of punished (which increases their numbers) and we all continue to ignore property and violent crimes because we don't want to "get involved", which makes criminals stronger and bolder... yet we all sit around and wonder why our freedoms are continuously eroded away.

    16. Re:It probably matters, but I don't care. by billcopc · · Score: 1

      No. That was 12 years ago. You'd think that, over time, I would have gotten over it; that my other experiences would have reframed that incident as an unfortunate mishap, but no. I've even done consulting for the police over many years, and it did nothing to redress my perception of the system. What's particularly chilling is when regional directors tell you how they know it's fucked up, but not worth going against the majority.

      Just last week, they let me down yet again, this time in a different city. I was at a concert that got WAY out of control, people were getting trampled and beaten, and the security staff could barely keep up with the injured, pulling them out of the massacre. Broken limbs, blood everywhere. The lobby was turned into a first aid area, and those same security goons were trying to downplay the chaos, refusing to call ambulances until one of the victims put their lawyer on the phone. At least a dozen of us called the police to try and do something about it. The cops never showed up, never even filed an incident. Luckily, I was able to track down some of the victims and we've requested copies of our 9-1-1 recordings. I think you know where this is going...

      To be harassed by one fucked up cop (or couple), yeah that's a freak event and probably (hopefully) does not happen often at all. To have an entire department ignore emergency calls outright, that's fucking vile! I don't want money, I don't even want them fired; I just want them to be thrown into that raging mosh pit and savagely trampled like the people whose pleas they ignored. We pay their goddamned salaries!

      --
      -Billco, Fnarg.com
    17. Re:It probably matters, but I don't care. by MobyDisk · · Score: 1

      If this story is true, you are truly a hero. To have endured this and used the system each time to prove they are wrong, without flying off the handle or doing something that really did get you in trouble - that is an amazing amount of discipline. You are tenacious. And good job on finding 2 bad guys and getting them off the street - maybe they will learn a lesson?

    18. Re:It probably matters, but I don't care. by billcopc · · Score: 1

      I'm not a hero. Anyone else would have done the same thing, especially if they had a few lawyer friends like I do. And really, there wasn't a day where I didn't fantasize about throwing a tire iron at their faces until the screaming stopped.

      A true hero would change the underlying system that creates these aberrations of society in the first place. I don't actually believe people set out to be bad cops, they are simply the product of an unhealthy environment. The pay sucks, stress is stigmatized, no good deed goes unpunished... yeah, it's no surprise they act out and slowly go batshit insane. But before that can be fixed, modern society itself is in dire need of a reboot. That's a bigger job than I can even envision.

      --
      -Billco, Fnarg.com
  12. cdma by Anonymous Coward · · Score: 0

    verizon to the rescue! woohoo!

    captcha: securing

  13. Re:2012 by Anonymous Coward · · Score: 0

    Ignorance is bliss

    Are you an angel?

  14. If you're worried about being tracked... by Anonymous Coward · · Score: 0

    1. Switch the damn thing off when you're not using it.
    2. If you can't switch it "off" because the phone doesn't switch off properly, then you've only yourself to blame for buying a crap phone.
    3. If you're a USAian and can't switch off because your employer is an Orwellian bastard then life sucks
    4. If you're tied to social networks then GET A LIFE. Don't think your existence needs to be validated by others.

    I think I've covered most usage cases there. Of course, if you are the sort of person who really does need to keep below the surveillance horizon, then you'll already be doing 1. The rest will be tracked/have their voicemails and emails hacked and their lives made a general misery. Most won't even know they're being watched!

  15. Did anyone even read this article? by SpaceManNH · · Score: 2

    I have to ask, did anyone who commented even read this? I spent 20 minutes reading this technical paper, i by no means claim to have understood any of it, and i looked forward to reading the comments because I figured the comments would make some sense out of all this. Yah, that didnt happen.

    1. Re:Did anyone even read this article? by Anonymous Coward · · Score: 0

      You must be new here.

  16. Overreaction? by s52d · · Score: 1

    Yes, GSM system needs to know the cell you are using during a call.
    This seems to be known issue: How come phone exchange knows with whom I am talking?
    It seems a bit silly to me, really. If cell is not known, connection can not be established.

    On top of it: GSM is TDMA system, so it measures distance to the terminal in cca 550m steps.
    It is called Timing Advance, it is needed in order to allign all incomming frames on cell receiver.

    Now... Somebody looks at Abis (protocol between cell and Base Station Controller).
    You can see measurement reports: with a cell, distance, measurement reports you can guess
    approximate terminal location during a call. If you have enough neighbour cells.

    They overlooked two minor details:
    - you do not know whom you locate
    - you have to monitor all possible cells
    In fact, you have to double complete operator infrastructure: not an easy task.

    On top of it: more and more GSM (BSS) is using IP as transport between cell and system,
    especially if collocated with HSPA+ or LTE. IPsec is used on this interfaces.

    Even operators, who need this data during system tuning and debugging, have problems to get it.
    Special test SIM cards, protocol probes after SGW etc are used. Normally, such tests are prepred
    and executed on selected cells: getting all data history for all users is beyond reach of most operators.

    It is much easier to get my location using different methods, like asking me politely ;-)

    BR
    s52d

    1. Re:Overreaction? by Anonymous Coward · · Score: 1

      It is much easier to get my location using different methods, like asking me politely ;-)

      BR
      s52d

      Can you, please, tell us where you currently are, preferably within 550m accuracy?

    2. Re:Overreaction? by s52d · · Score: 1

      It is much easier to get my location using different methods, like asking me politely ;-)

      BR
      s52d

      Can you, please, tell us where you currently are, preferably within 550m accuracy?

      At home, 1m from my PC.
      And you have my home address from elsewhere, of course.

      BR
      s52d

  17. Re:2012 by Anonymous Coward · · Score: 0

    the end of the world as I know it: 2009

    It's bindun already.

  18. It's quite real by Sycraft-fu · · Score: 2

    In the physical world, there's no such thing as perfect security. Period. If you think you have it, you are lying to yourself. So with that in mind you have to design your security to deal with the greatest threat you are reasonably likely to face.

    What that means is your relevance plays a great deal in to your security. A normal person doesn't need a ton of security, they aren't relevant enough in any sense to be targeted with a serious attack. A government isn't going to send an elite group of commandos to capture them, a crime lord isn't going to send a massive group of gangsters to kill them, they just aren't relevant.

    On the other end of the scale, you have someone like the President of the US. He is an extremely visible and relevant person and it is conceivable that a group would spend a great deal of resources to attack him. Thus his security must be extremely high.

    Like the GP, I also don't worry about someone using GSM to track my position. The fact that I don't have a GSM phone aside, I'm just not a worthwhile target. If a thief targeted my house they aren't going to get all high tech about it, they'd just case it like they have since time immemorial and would quickly learn I work a 9-5 job like most people. Also nobody is going to try and use it to track me to attack or abduct me, there'd be nothing to gain from doing so.

    Real security has a lot of different considerations than digital security, a big one being "How much is the target worth?" You as a normal individual aren't worth much, and so having tons of security is silly.

    1. Re:It's quite real by nine-times · · Score: 1

      In the physical world, there's no such thing as perfect security... Real security has a lot of different considerations than digital security, a big one being "How much is the target worth?"

      Your post is very insightful, but I just want to comment to point out that this is true of digital security as well. There is no such thing as perfect digital security, and one of the considerations of any kind of security is "how much is the target worth?"

      For example, even the most guarded computers, whether they're CIA or NSA or whatever, are not perfectly secure. By the nature of providing even a single person with access, you've opened up avenues of attack, even if the attack is a manipulation of that single person. However, their security is much more strict than the security on my home PC, and with good reason. I only have to protect my home PC from a very casual scatter-shot attack; I may need to install an antivirus or firewall or be careful about which sites I browse, but nobody is targeting my computer. No one is going to break into my apartment to steal my computer. No one is going to spend months probing my computer for vulnerabilities. Even if I have something extremely important on my home computer, nobody would have any way of knowing that ahead of time.

      So the reason the NSA demands stricter security for their computers than I do for mine is not merely an issue of resources, it's because my computer is not a valuable target. Ask a security expert to define "security", and if they're thinking about it, they won't tell you it's "the task of making unauthorized access impossible." Their definition will be (or at least should be) something more like, "the task of making unauthorized access difficult in proportion to the value of the thing being protected, such that most people won't bother trying, and those who try are likely to give up or get caught before they succeed."

    2. Re:It's quite real by Qzukk · · Score: 1

      I'm just not a worthwhile target

      How worth it are you? As the cost of tracking goes towards zero, there are more and more profitable targets.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    3. Re:It's quite real by Sycraft-fu · · Score: 1

      Not very. I lack the ability to pay out much ransom myself, don't have rich family to pay out a ransom, and kidnapping for money is a stupid crime in the US. The FBI has basically a 100% closure rate on it. They don't always recover the person kidnapped, but they always get the people who did it.

      Also you confuse the cost of tracking with the cost of doing something. Tracking me is pretty easy. Doing something to me is harder. Even if a baddie could know my precise location 24/7 for zero cost that doesn't mean they'd care. The cost of trying to do something could be very high. Not just monetary cost but other costs. Knowing I'm out and about doesn't tell them if I am armed or not, or if anyone near me is. Attack an armed guy and it could well cost you your life.

      As for my house, well the insurance company doesn't think it is a big deal. My insurance is low, and most of it is for disaster losses like fire and so on. They calculate the likelihood of a breakin to be low and thus the cost to insure against it is low.

      There again, just because the cost of tracking me might be zero doesn't mean the cost of breaking in would be. Maybe I have an alarm (I do), maybe my lock is high security and hard to get past (it is), maybe while trying to get in, a neighbour notices and calls the cops, who are about 2 miles away.

      The hard and expensive part has never been locating a person or their property for crime. It has been committing the crime.

    4. Re:It's quite real by Sycraft-fu · · Score: 1

      I agree, however I will concede the fact that at least in theory it is possible to have perfect virtual security. It is theoretically possible to have a system with no bugs, no vulnerabilities. Plenty of people on Slashdot seem to think they have such a system on account of running Linux and I'm not inclined to argue.

      However in the physical world it isn't possible, even in theory. Even the best security has known flaws, it is just a matter of making the flaws something that is impractical to exploit.

      As with the example of the US President. His security is the best in the history of the world, and yet it is not perfect. It gives the USSS fits and they work to improve it all the time but they know it isn't perfect and can't be. However it is so good that there is no practical way to penetrate it.

    5. Re:It's quite real by nine-times · · Score: 1

      I agree, however I will concede the fact that at least in theory it is possible to have perfect virtual security. It is theoretically possible to have a system with no bugs, no vulnerabilities. Plenty of people on Slashdot seem to think they have such a system on account of running Linux and I'm not inclined to argue.

      I am inclined to argue. Linux has bugs. There are security vulnerabilities. They're not terribly easy to exploit, but they exist.

      Aside from that, it's just a basic rule of any kind of security (digital or physical): enabling access to authorized users also creates the risk of allowing access by unauthorized users. If you can log into your desktop computer through SSH, then it means it's also theoretically possible for me to log in through SSH. It's just a question of whether I can get ahold of (or guess) your credentials, and that's assuming that there are absolutely no security vulnerabilities in the SSH scheme.

  19. Now I understand much better by aglider · · Score: 1

    How they can track me during my mall wherwabouts!
    And you can bet this is not happening by mistake!!!

    --
    Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
  20. Re:Leaky Bum Gasses Can Give Attackers Your Locati by WrongSizeGlass · · Score: 1

    In your scenario GSM would stand for Gastrointestinal Sourced Methane.

  21. OsmocomBB by Anonymous Coward · · Score: 0

    Woow, another OsmocomBB project ....

  22. Hummm... by bangers · · Score: 1

    I thought there were Foursquare for that...

  23. Blackberry/Verizon Wireless Spying by Anonymous Coward · · Score: 0

    I know a person who received an email sent to their gmail.com email address. This email arrived at the Blackberry phone, but did not arrive in their gmail account accessed via a computer web browser. So, the big question is, how can an email addressed to a gmail.com address coming from Blackberry Corporate Headquarters get received on the phone but not on the actual gmail.com website?

    On top of this, the email said that the phone could not connect to the gmail servers because the password was changed. So, how could this email be received from the gmail.com servers if the problem supposedly was that the phone could not connect to the gmail.com servers. I think this person changes their password all the time for gmail and the phone just keeps connecting to gmail anyways.

    The bottom line is Blackberry is US Government bullshit and is also highly British-Bastardized. FUCK YOU, YOU SPYING STUPID PIECES OF SHIT!!!!!!~

    1. Re:Blackberry/Verizon Wireless Spying by Anonymous Coward · · Score: 0

      First: Blackberry runs their own servers -- their server will fetch email from gmail, then your Bb gets it from their server. Yes, this definitely has privacy implications, but it's also a selling point (because their servers are presumably more secure than an exchange server adminned by your boss's nephew, and the phone uses encryption to access it). So, for Blackberry to send you an email "from" your gmail account, they just drop it in their server.

      Now, does this mean Blackberry can spy on your email? Well, in theory, it needn't be so; everything we've just said is entirely compatible with a system where nobody can read your mail. Of course, in reality, that system is not implemented.

      It's possible to set a system like this up so that your mail is always encrypted on the server, is only decryptable by your phone, and any employee at Bb can only ADD or DELETE messages, but cannot READ them. However, since Blackberry still has to get your email from gmail, they have access to the plaintext at that point -- you'd need the initial encryption to be performed by gmail for it to totally lock Blackberry out from snooping on your messages. And then what protection do you have against Google snooping?

      Until everyone switches to end-to-end encryption, ALL email providers will be "[HQ nation] Government Bullshit" -- you've shown exactly nothing to indicate Bb is any worse than any other email provider.