Forgot your password?
typodupeerror
Cellphones Privacy Security

All GSM Phones Open To Attack, Tracking 119

Posted by Soulskill
from the now-where'd-that-tinfoil-hat-go dept.
Trailrunner7 writes "A pair of security researchers has discovered a number of new attack vectors that give them the ability not only to locate any GSM mobile handset anywhere in the world, but also to find the name of the subscriber associated with virtually any cellular phone number, raising serious privacy and security concerns for customers of all of the major mobile providers. The research builds upon earlier work on geolocation of GSM handsets and exposes a number of fundamental weaknesses in the architecture of mobile providers' networks. However, these are not software or hardware vulnerabilities that can be patched or mitigated with workarounds. Rather, they are features and functionality built into the networks and back-end systems that Bailey and DePetrillo have found ways to abuse in order to discover information that most cell users assume is private and known only to the cell provider."
This discussion has been archived. No new comments can be posted.

All GSM Phones Open To Attack, Tracking

Comments Filter:
  • by DutchUncle (826473) on Monday April 26, 2010 @03:09PM (#31987664)
    >>>This is a correlation that most mobile subscribers think isn't possible because there isn't a public white pages directory of mobile numbers.

    I think even the average user understands that the providers have and share such information to manage calls themselves, whether or not it's easily available. And security through obscurity that worked just fine in a landline-only era is wide open when you can listen to the challenge-response over the air. The only question is why anyone other than a telco can get to the databases; OTOH since anyone can be a telco nowadays, that wouldn't help much.

    This does demonstrate how a difference of degree becomes a difference of kind, as is so often the case with data mining. When there was noticeable cost to get each piece of information and/or to correlate one set of information against another, it was only worthwhile for a targeted attack. Now when one can get millions of pieces of information and correlate them with minimal effort, scattershot attacks are economically productive. It was never worthwhile to just dial numbers sequentially, because you had to pay living people to do it, until robodialers were created (and permitted to be attached to the phone lines); then suddenly it became an industry.
  • CDMA (Score:2, Interesting)

    by teknopurge (199509) on Monday April 26, 2010 @03:09PM (#31987668) Homepage
    well well, how the tables have turned!
  • by Anonymous Coward on Monday April 26, 2010 @03:09PM (#31987670)

    Actually it's pretty clear in other articles (and this one) that it's just the CallerID database that they're using to get the Cell numbers and the person associated with the cell number. Makes perfect sense to me. I imagine these articles sometimes get things wrong too. The conference they spoke at (Source Boston I believe mentioned in the article) should probably post the slides sooner or later and then you'll know for sure.

  • by poetmatt (793785) on Monday April 26, 2010 @03:21PM (#31987850) Journal

    Sadly, I could absolutely agree that such a message is very likely.

    I love how all of it hides the fact that if this is public information, obviously the government and other groups which people are concerned even more about, know this information as well.

It is better to give than to lend, and it costs about the same.

Working...