All GSM Phones Open To Attack, Tracking 119
Trailrunner7 writes "A pair of security researchers has discovered a number of new attack vectors that give them the ability not only to locate any GSM mobile handset anywhere in the world, but also to find the name of the subscriber associated with virtually any cellular phone number, raising serious privacy and security concerns for customers of all of the major mobile providers. The research builds upon earlier work on geolocation of GSM handsets and exposes a number of fundamental weaknesses in the architecture of mobile providers' networks. However, these are not software or hardware vulnerabilities that can be patched or mitigated with workarounds. Rather, they are features and functionality built into the networks and back-end systems that Bailey and DePetrillo have found ways to abuse in order to discover information that most cell users assume is private and known only to the cell provider."
Sounds like a lot of BS (Score:3, Informative)
The article does not sound credible but like a lot of Bullshit. For example they claim that they are able to lookup the customer name for a given mobile number ("also find the name of the subscriber associated with virtually any cellular phone number"). But they don't explain how they do this. The article just states: "At the heart of the work the pair did is their ability to access the caller ID database mobile providers use to match the names of subscribers to mobile numbers. Then they claim: "This is the same database that contains the subscriber information for landlines", which is simply untrue for many mobile operators who do not even operate landlines. They somewhat suggest that the database in question is the Home Location Register HLR ("Once they accessed the database, known as the Home Location Register (HLR),"), but as you can easily lookup, the HLR does NOT contain the name of a subscriber: http://en.wikipedia.org/wiki/Network_switching_subsystem#Home_Location_Register_.28HLR.29 [wikipedia.org] Now there might be networks where you can lookup the name of a customer given the number, but this is not standard, so claiming they can find the subscribe for "virtually any cellular phone number" is just BS on a great scale. The whole article is loads of gibberish making no much sense. I don't believe any of their sensational claims.
Re:Sounds like a lot of BS (Score:5, Informative)
So what? The claims are still untrue for at least most GSM networks in the world. This is not FUD but a fact.
The HLR can not be used to lookup the name of a subscriber. Also while the HLR can be queried by operators around the world (as this is needed for roaming), they query it by using the IMSI of the SIM-Card. Wikipedia claims that the MSISDN is another lookup key, but there is no need to make a lookup by MSISDN possible to other operators. When they handle a roaming customer, all they have is their IMSI and they use this to contact the HLR of the operator in charge.
So STFU.
Re:My cellphone is immune to all attack vectors (Score:1, Informative)
Good for you!
A warning, though. Those burgers are someday going to be flipped by a machine.
Re:Sounds like a lot of BS (Score:3, Informative)
It all makes total sense to me, and as a tech person is actually one of those things I figured was probably the case (the routing protocol HAS to know where to send the phone call, and your phone must poll every once in a while to let the service know where it is), but like much in this modern age, I gave a big, huge meh to it. I feel fortunate enough to just understand how this crap can screw you, unlike my non-tech friends who are either completely ignorant or completely paranoid.
Re:Sounds like a lot of BS (Score:5, Informative)
Why i have such a big problem with this? Because the article makes the reader believe that this is a problem for any GSM user around the world, while it is apparently restricted to countries/networks where such a accessible database exists. The title of the slashdot article also claims "All GSM Phone" which is untrue given this additional information.
Nope (Score:1, Informative)
I've got a T-Mobile prepay card.
Even T-Mobile doesn't know my name, so perhaps these uber-hackers are a bit exaggerating?
Re:Wasn't it a GSM provider in the US requiring SS (Score:3, Informative)
How in the world did you get from "here's how caller ID maps numbers to name" to "they're transmitting SSNs over the network"?
"Insightful"? Did the moderators not read the story either?
Re:Cue the standard industry response in 321.... (Score:4, Informative)
Or it was one of the compromises, hidden...remember, some countries participating in the creation of GSM wanted it be more safe, some wanted less safety.
Anyway, at least one part of what TFS says is obviously bullshit - my network doesn't even know my name (prepaid in a place where registration is not required...so nobody does it; not because of some paranoia but because it's the most straightforward thing to (not) do)
Re:GSM != iDEN (Score:4, Informative)
The Nextel portion of Sprint is actually GSM.
Wrong again.. Nextel is actually iDEN [wikipedia.org], which is yet another different technology that happens to use a SIM card. Having a SIM card does not make it GSM.
Re:Cue the standard industry response in 321.... (Score:3, Informative)
That would be paranoia for you right there... And not something simply under "name" position in mobile carrier profile.
BTW, as is typical you missed the most straightforward method...tracing web of contacts. A phone is usually used to communicate with people, you know.
Re:CDMA (Score:2, Informative)
In my experience, 3G GSM phones don't do the crazy speaker thing you speak of.
Re:GSM != CDMA (Score:1, Informative)
Sprint does not operate a GSM network any longer; well, not to the general public. They use CDMA, where as GSM is based off of TDMA. I am not sure if Sprint still uses PCS, but PCS can operate on GSM(TDMA), CDMA, and D-AMPS and I believe that Sprint had their PCS network operating on GSM in some areas.
Some people might think that Verizon is included because they are switching to UMTS for their "4G" network. The fact is that the version of UMTS AT&T uses is based off of CDMA(W-CDMA is most common). It will allow Verizon to offer data on their "world" phones, which also have GSM radios for international roaming.