Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaws Allow Every 3G Device To Be Tracked

Posted by Unknown on from the police-departments-line-up-to-purchase dept.

mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victim's outgoing traffic to different networks."

8 of 81 comments (clear)

  1. Makes me wonder by Chrisq · · Score: 5, Funny

    Did the 3G equipment come from Huwei or ztc?

    1. Re:Makes me wonder by Anonymous Coward · · Score: 5, Informative

      Did the 3G equipment come from Huwei or ztc?

      No, but that is a rather amusing post, I lol'd.

      On a more serious note, the summary and article make it sound worse than it is. Here's what they are doing:

      "The attacks were made by intercepting, altering and injecting 3G Layer-3 messages into communication between the base station and mobile phones in both directions."

      So to be clear, it won't allow you to just track any 3G device any time you want. It's a MITM attack which requires you to physically intercept and spoof a cell signal using the 3G standard... assuming the network fully complies with 3G and doesn't have it's own signalling or other security added on.

  2. "Flaw" allows us to be tracked. by mosb1000 · · Score: 5, Insightful

    I'm pretty sure the word flaw should be in quotation marks in this context.

    1. Re:"Flaw" allows us to be tracked. by Anonymous Coward · · Score: 5, Informative

      Indeed - it requires malevolent base stations to be deployed and even then only determines the presence of particular 3G devices in the area.

      They were obviously straining for an example when discussing an employed deploying such stations to track employee movements in a building; door pass access is somewhat easier to track...

      In general though I'm resigned to the fact that the telco underlying my MVNO knows my location when I am connected and will happily relay this to the "authorities" with minimal encouragement, so this new attack doesn't seem particularly startling; now someone else other than the telco can know this. Whoppeee.

    2. Re:"Flaw" allows us to be tracked. by mabhatter654 · · Score: 4, Funny

      If the mob is tracking you, you have bigger problems than "privacy"

  3. You know... by GeekWithAKnife · · Score: 5, Interesting


    Richard Stallman, often considered a nutcase, once said that he won't use a cell phone because he does not want to be tracked.

    Whether by design, by accident or by the nature of the device, the fact is you can be tracked. Of course I don't care about that, because I have nothing to hide...then again what will this information be/is used for? big brother stuff, of course not!? Naturally, it's all just a big misunderstanding.

    --
    A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
  4. I'm safe! by Cruciform · · Score: 5, Funny

    Good luck tracking me! I'm served by Bell Aliant. I can lose service anywhere they offer coverage!
    And they charge me a reasonably high fee for this knd of security.
    Thanks Bell!

  5. Re:Not thatbad by MrZilla · · Score: 5, Insightful

    Sure. If they know the IMSI of the mobiles that the protesters are using in advanced. This attack gives the TMSI of the device, which is a temporary identifier, and will change when the mobile roams outside of the current location area.

    Then they need to set up compromised base stations all over the city if they want to track this protester, and I am sure that there are easier ways to go about that.

    --
    mov ax, 4c00h
    int 21h