Slashdot Mirror
Leaky Cellphone Nets Can Give Attackers Your Location
alphadogg writes "GSM cellular networks leak enough location data to give third-parties secret access to cellphone users' whereabouts, according to new University of Minnesota research. 'We have shown that there is enough information leaking from the lower layers of the GSM communication stack to enable an attacker to perform location tests on a victim's device. We have shown that those tests can be performed silently without a user being aware by aborting PSTN calls before they complete,' write the authors, from the College of Science and Engineering, in a paper titled 'Location Leaks on the GSM Air Interface' (Pdf). The researchers are working with carriers and equipment makers, including AT&T and Nokia, to address the security issues."
If you happen to travel to the USA then getting tracked by GSM is the least of your problems
"And with all our coverage black spots, you won't ever be tracked whilst on our network" /AT&T Marketing Campaign
If you happen to travel to the USA then getting tracked by GSM is the least of your problems with all the surveillance they have there now
Oh please... Having been to many places in England, Scotland, Wales and Ireland (North and Republic); I can say that they are the ones with this problem and not the USA. They have police CCTV even out in the sticks. Here in the USA we're still doing good to have a telephone line out in the boonies.
I'm trying to think of one thing someone could do to me armed with knowldege of my current location.
1. Determine that you're far away from home while they burglarize your house.
2. Determine that you were in the vicinity of a burglarized house and throw you behind bars without a warrant for 48 hours while they try to find evidence.
3. Determine you were someplace "unsavory" and use it as blackmail, or to deny you future employment, etc.
That's only a search area of 195 acres. Also depending on the area and direction/speed of movement (if any) it would be easy for someone to start eliminating some of the places you could be hiding in. Also depending on the environment, it would not be that hard to cover that large an area with enough people.
Just because it doesn't pinpoint you, doesn't mean you need to be giving anyone a general direction to be looking in.
1. Determine that you're far away from home while they burglarize your house.
a. I have an alarm system
b. I have a dog
c. I have insurance
d. The same thing could be achieved by simply watching me go to work in the morning without the complexity of tracking my position
e. Just because I am away from home, doesn't mean no-one is there.
2. Determine that you were in the vicinity of a burglarized house and throw you behind bars without a warrant for 48 hours while they try to find evidence.
a. You watch too much TV.
b. I have no prior convictions of any such nature
c. Police don't lock people up because they were *near* a crime unless there is another reason to suspect them.
3. Determine you were someplace "unsavory" and use it as blackmail, or to deny you future employment, etc.
a. My life is already a pretty open book to those who know me. I have nothing to hide from those I don't know which could not be obtained much more simply.
b. I am not important enough to blackmail.
Like I said in my original post, it probably does matter to some people, but I'm not personally that bothered.
I am not important enough to blackmail.
Security by social irrelevance. Brilliant!
lucm, indeed.
Hello pot! Meet kettle. :)
If you're HIDING you wouldn't be using [your own, non-prepaid] cellphone AT ALL. Mitnick was once chased by a helicopter [pre-GSM] because of this mistake.
I have no criminal record, but I have been pulled over and followed by cops. I have been pulled over to secondary at DHS checkpoints and had my car torn apart while they looked for contraband, only for them to find nothing and try to "bargain" with me and get me to incriminate myself on baseless charges to inflate their numbers.
You, sir, are totally full of shit and out of touch with reality. Or you live in a state that doesn't matter, like Montana or one of the Dakotas.
Come down to California and try to drive across an interstate highway. You may not be "arrested" per se, but you will be detained and your personal effects be searched...all because a low-rent goon fed the right hand-signal to a well-trained dog at a blatantly unnecessary highway checkpoint.
I have to ask, did anyone who commented even read this? I spent 20 minutes reading this technical paper, i by no means claim to have understood any of it, and i looked forward to reading the comments because I figured the comments would make some sense out of all this. Yah, that didnt happen.
In the physical world, there's no such thing as perfect security. Period. If you think you have it, you are lying to yourself. So with that in mind you have to design your security to deal with the greatest threat you are reasonably likely to face.
What that means is your relevance plays a great deal in to your security. A normal person doesn't need a ton of security, they aren't relevant enough in any sense to be targeted with a serious attack. A government isn't going to send an elite group of commandos to capture them, a crime lord isn't going to send a massive group of gangsters to kill them, they just aren't relevant.
On the other end of the scale, you have someone like the President of the US. He is an extremely visible and relevant person and it is conceivable that a group would spend a great deal of resources to attack him. Thus his security must be extremely high.
Like the GP, I also don't worry about someone using GSM to track my position. The fact that I don't have a GSM phone aside, I'm just not a worthwhile target. If a thief targeted my house they aren't going to get all high tech about it, they'd just case it like they have since time immemorial and would quickly learn I work a 9-5 job like most people. Also nobody is going to try and use it to track me to attack or abduct me, there'd be nothing to gain from doing so.
Real security has a lot of different considerations than digital security, a big one being "How much is the target worth?" You as a normal individual aren't worth much, and so having tons of security is silly.
The concepts here are not necessarily specific to the GSM Um link. The same concepts used by the authors equally apply for UMTS and LTE, and most other cellular systems.
ALL of those systems page out phones based on some temporary (but plaintext) identifier when an incoming call needs to be routed and there is no active RRC (radio) connection. All of those systems try to mitigate this exact problem by using a temporary ID (the TMSI), rather than the permanent ID (the IMSI). The TMSI is re-allocated over a ciphered connection.
The TMSI rotation policy is up to the operator. It can in theory be rotated each connection, but few operators do this - too much signalling load on the core network. Most operators will hold the TMSI until the next periodic (i.e. after a certain number of hours - operator defined), or aperiodic (when the phone moves into a different paging domain [location area]), or when the phone is power cycled (which implicitly does a type of location update anyway).
One solution for future versions of the standard might be to encrypt the paging message (along with a random nonce to give uniqueness to each paging message) with the last known ciphering key, but this may not be known by the network entities in the new location areas.
Further to this, here is an example of some paging traffic I captured over a live UMTS network (Telstra NextG, in Australia), using nothing more than a USRP with 900MHz daughterboard, and some custom Matlab code. The message has been unpacked from ASN.1 format to XML, but it clearly shows IMSI and TMSI in plaintext.
File is here.
This shows the flaw is definitely not GSM only.
Yeeeep. I used to think law enforcement was a good thing, then one day, a cop decided to become my worst enemy and now I hate them all equally. I am not a "bad guy", but they have made it clear they are not the "good guys".
When I was 18, I totaled my parents' car. I wasn't drinking, nor high, nor doing anything wrong besides driving at night on an unfamiliar and poorly maintained, where I was blinded by oncoming high-beams and veered into the ditch... where a giant stone was waiting to send my vehicle flying. Freak accident.
30 minutes later, someone stops to help and calls 9-1-1. Minutes later, the ambulance takes my passenger, who had a pretty bad gash in his arm. I wasn't hurt at all. A full hour later, the police officer shows up. She (*grumble*) asked me if I'd been drinking, I'd say about 4-5 times, hoping I'd change my story. So she had me do a roadside breathalyzer test. Zero. Took me down to the station, did the same test on a bigger machine. Zero. When she realized I was clean as a whistle, she slapped me with $5000 worth of bogus fines and suspended my licence. Two months later, the judge overturned all my fines and reinstated my licence.
Fast-forward two years, I was working a shit job at a video store. One night, I got robbed by armed thugs. Sure enough, that same asshole cop showed up to take my report. Instead of actually taking my report, she said I had to be lying, that a big guy like me could not possibly be scared of two (knife-wielding) crackheads and I must have been in on it. I caught her comments on the CCTV and took her to court, won, and had her suspended without pay for a year. Only problem was, her husband was also a cop, so for the next two years, they stalked me. They'd park at the end of my street in the morning, and wait for me to leave for work, and hubby would follow me in his squad car, sometimes tailgating very aggresively, trying to psych me into doing something stupid, or pulling me over every morning for a week. I endured two years of this harassment, until he actually bumped me and caused an accident. He tried very hard to blame it on me, that I had been driving "suspiciously" and somehow caused him to rear-end me, but that didn't hold up in court. Both of them were again suspended (goddamned unions), and a restraining order was issued.
Needless to say, after all that bullshit, I have a less than stellar view of law enforcement officials. I'll go as far as saying that, if a cop were to be injured and in need of help, I would sit and watch them suffer. It boggles my mind that we entrust such heinous, immature people with a badge and a gun. In the few times when I needed help, they just kicked me down. That to me makes them less than human and instead of giving them new ways to harass, we should be stripping them of their powers because they clearly lack the intelligence and respect to use them properly.
-Billco, Fnarg.com
I'm trying to think of one thing someone could do to me armed with knowldege of my current location. Fly a drone missile into me? Fortunately I'm not that important. I'm sure it matters to some people, but I'm not going to lose any sleep.
Your wife and I use it to tell us when you're on the way back home.