Telecommunications

Researchers track mobile phone locations with cheap hardware and open-source software

Researchers have shown it is easy for a third party to track a mobile phone user's location using a cheap phone and some open source software (Image: Shutterstock)
Researchers have shown it is easy for a third party to track a mobile phone user's location using a cheap phone and some open source software (Image: Shutterstock)

While cop shows have shown us that it's easy for service providers to track a person's location via their mobile phone, researchers at the University of Minnesota have revealed it's also an easy task for hackers. Using a cheap phone and open source software, the researchers were able to track the location of mobile phone users without their knowledge on the GSM network, which is estimated to serve 80 percent of the global mobile market.

According to the new research by computer scientists in the University of Minnesota's College of Science and Engineering, a third party could easily track the location of a mobile phone user without their knowledge because cellular mobile phone networks "leak" the locations of mobile phone users.

"Cell phone towers have to track cell phone subscribers to provide service efficiently," Foo Kune explained. "For example, an incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call. Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it."

To do this, mobile phone towers will broadcast a page to a user's phone and wait for the phone to respond when they get a call. Hackers would be able to ascertain the general location of the user by forcing those pages to go out and hanging up before the phone rings.

Although the GSM standard assigns a phone a temporary ID to disguise its identity, it is possible to map the phone number to its temporary ID. Just by looking at the broadcast messages sent by the network, the researchers say it is possible to locate the device within an area of 100 square km (38 square miles). But by testing for a user on a single tower allows a user to be tracked to within a geographic area of 1 square km (0.38 square miles) or less.

"It has a low entry barrier," Foo Kune said. "Being attainable through open source projects running on commodity software."

In a field test using an inexpensive mobile phone and open source software and with no direct help from the service provider, the researchers were able to track the location of a test subject within a 10-block area as they traveled across an area of Minneapolis at walking pace.

In their Paper, which was presented at the 19th Annual Network & Distributed System Security Symposium in San Diego, California, the researchers highlight some possible personal safety issues arising from their discovery.

"For example, agents from an oppressive regime may no longer require cooperation from reluctant service providers to determine if dissidents are at a protest location. A second example could be the location test of a prominent figure by a group of insurgents with the intent to cause physical harm for political gain. Yet another example could be thieves testing if a user's cell phone is absent from a specific area and therefore deduce the risk level associated with a physical break-in of the victim's residence."

But it's not all bad news. Foo Kune and his group have identified low-cost techniques to plug the leaks that could be implemented without changing the hardware. They have contacted AT&T and Nokia to inform them of these techniques and are also in the process of drafting responsible disclosure statements for mobile service operators.

Source: University of Minnesota

  • Facebook
  • Twitter
  • Flipboard
  • LinkedIn
11 comments
Slowburn
Before you take your phone to incriminating locations stick it inside a metal box.
Electrothump
If you don\'t want to be tracked, just take the battery out.
rik.warren
This is a little over the top. What real benefit is it to know within 1000 yards where I am. Cell tower triangulation accuracy is highly dependent upon the tower density and placement geometry. Urban accuracy can be good
rdinning
Yes, but what if the person you want to track has a more secure phone like a Blackberry? What then?
ThePrivacyCase
Every phone is tracked, no matter who made it or who\'s operating system is on it. The problem is how the networks themselves function, they have to know where your phone is physically located in order to send it a call; that\'s how the system was designed.
Besides just locating you though GPS for as little as $50 anyone can have complete access to your entire cellular phone, email, text messages, live calls or the ability to turn the microphone or camera on remotely to monitor your conversation and activities in real time. Experts have shown that there is almost no way to tell your phone is comprimised, and turning your phone \"off\" provides no protection.
National news reports give examples of domestic violence cases where compromised cell phones have resulted in women and children loosing their lives. Meanwhile congressional investigations have shown that device manufacturers have been installing tracking software on products like the I-phone and android family of products before they leave the factory. New technologies like Google Wallet create an additional level of exposure as cell phones handle banking and financial transactions.
We set out years ago to solve this problem and the users of our \"Privacy Case\" feel safe and secure knowing that no one will be able to track, eavesdrop or monitor private and personal conversations through their cell phones and wireless devices.
See our products and the collection of news stories supporting everything I just said on our blog at www.thecaseforprivacy.com
MIAmobi
People need to take control of our own privacy when it comes to SmartPhone tracking. MIAmobi SilentPocket addresses this issue and many more problems associated with mobile devices. With over 500,000 mobile app developed for smartphones, many of which are stealth and are ease dropping on your every move. Some are capable of turning on functions on your phone like your mic,camera, GPS, address book and more, even when it has been turned off. There is only one sure way to stop this if you really want to know for sure that you have control of your mobile device you have to block all wifi coming in or going out. Website www.MIA-mobi.com/
christopher
Dear Mr Snake-Oil (err - \"ThePrivacyCase\"). Electronics don\'t work without power, so unless you\'ve written private info onto your phone\'s case with a marker pen, then yeah, turning it off is going to protect you.
As for your silly cases - get real. If the phone can recieve a call, then the case does nothing. If the case blocks calls, then the owner may as well turn their phone off and save battery at the same time. Sheesh...
GSM towers need to know the approximate distance of your phone from the tower, because they need to advance or retard the instant they they transmite GSM data packets out to you (as does your phone back to them), such that everything is neatly syncronized to the speed of light. In other words, if your phone sent a datapacket at the exact same intant that someone next to you did - those packets would collide. If you were 2km from the tower, and that other person was 1km from the tower, you have the exact same problem, except with the slightly different timing issue now, because the \"exact same instant\" is now 1km of the speed of light apart. You get the idea. That\'s why these things are call \"cell\" phones.
These guys track people because the cell tower talks to the phone when they instruct it (by placing a call), and they \"sniff\" the GSM call transmission negotiation stage in order to extract the speed-of-light syncronization data from the call. It\'s an 8bit number. If you\'ve got an old nokia, you can put it into service mode, and you can see these numbers on your screen. If you know where the tower is, you can thus figure out roughly where the call recipient is.
Here\'s some more things to sell in your store:-
http://tinyurl.com/ycod8u6
http://tinyurl.com/55qcgw
ThePrivacyCase
Chris, you apparently have some idea as to how cell phones work, but you are obviously not aware of the spyware and tracking software available to consumer, corporate, and government clients. I did include numerous news reports on our blog of how these things programs work, including explanations in multiple reports that these programs can be installed without ever touching your phone. It is also explained clearly that the only thing needed to do this is your phone number and once installed they can used to turn your phone \"on\" even though you have turned it \"off\". I also included numerous stories highlighting the loss of innocent life that has resulted from the exposures these devices create.
If you refuse to take the time to watch and learn the information we provided for you I encourage you to Google: Cellphone Spyware
ThePrivacyCase
Hey Chris, one more thing to point out from the "snake oil salesman", something I actually just noticed. Gizmag already covered EVERYTHING I said in 2007... Look at the bottom of the related articles list below. The article is titled "spying via mobile phone". The first line is and I quote "A new software technology available only to law enforcement officers allows officers to listen to room conversations even when a phone is switched off." and that was in 2007 before a whole mess of companies began to make spyware available to the consumer for your cellphone that can do the very same thing.
Not really trying to bash you because when we started out, we didn't realize just how bad the problem was either.
The difference was we were willing to admit we didn't know everything and set out to find out what was possible and what wasn't and now the users of our "Privacy Case" feel safe and secure knowing that no one will be able to track, eavesdrop or monitor private and personal conversations through their cell phones and wireless devices.
Sonya Jones
I am going back to carrying my old analog phone. It is still good for 911.