Researchers discover cell phone hackers can track your location without your knowledge

Feb 16, 2012

Cellular networks leak the locations of cell phone users, allowing a third party to easily track the location of the cell phone user without the user's knowledge, according to new research by computer scientists in the University of Minnesota's College of Science and Engineering.

University of Minnesota computer science Ph.D. student Denis Foo Kune, working with associate professors Nick Hopper and Yongdae Kim, and undergraduate student John Koelndorfer, described their work in a recently released paper "Location Leaks on the GSM Air Interface" which was presented at the 19th Annual Network & Distributed System Security Symposium in San Diego, California.

"Cell phone towers have to track cell phone subscribers to provide service efficiently," Foo Kune explained. "For example, an incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call. Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it."

The result is that the tower will broadcast a page to your phone, waiting for your phone to respond when you get a call, Foo Kune said. This communication is not unlike a CB radio. Further, it is possible for a hacker to force those messages to go out and hang up before the victim is able to hear their phone ring.

Cellular service providers need to access to provide service. In addition, law enforcement agencies have the ability to subpoena location information from service providers. The University of Minnesota group has demonstrated that access to a cell phone user's location information is easily accessible to another group—possible hackers.

"It has a low entry barrier," Foo Kune said. "Being attainable through open source projects running on commodity software."

Using an inexpensive phone and open source software, the researchers were able to track the location of without their knowledge on the Global System for Mobile Communications (GSM) network, the predominant worldwide network.

In a field test, the research group was able to track the location of a test subject within a 10-block area as the subject traveled across an area of Minneapolis at a walking pace. The researchers used readily available equipment and no direct help from the service provider.

The implications of this research highlight possible personal safety issues.

"Agents from an oppressive regime may no longer require cooperation from reluctant service providers to determine if dissidents are at a protest ," the researchers wrote in the paper. "Another example could be thieves testing if a user's is absent from a specific area and therefore deduce the risk level associated with a physical break-in of the victim's residence."

Foo Kune and his group have contacted AT&T and Nokia with low-cost techniques that could be implemented without changing the hardware, and are in the process of drafting responsible disclosure statements for cellular .

Explore further: Australia follows EU, US in allowing mobile devices in-flight

More information: Visit z.umn.edu/fookuneresearch to read the full research paper.

Related Stories

Researchers show how to use mobiles to spy on people

Apr 22, 2010

(PhysOrg.com) -- Researchers have demonstrated how it is possible to use GSM (Global System for Mobile communications) data along with a few tools to track down a person’s mobile phone number and their location, ...

Cell Phone of the Future Saves Lives

Oct 20, 2006

Researchers at the University of South Florida’s Center for Urban Transportation Research and Department of Computer Science and Engineering are working on cell phone applications that can help keep you safer, tell you ...

Suit charges Windows 7 smartphones track users

Sep 01, 2011

Microsoft is in the crosshairs of a lawsuit charging that smartphones powered by Windows 7 software noted the whereabouts of users even if they didn't want to be tracked.

Recommended for you

Bringing emergency communications together

Aug 21, 2014

A new University of Adelaide research project aims to improve emergency operations through integrated communications systems for police and the emergency services.

For top broadband policy, look no further than Canada

Aug 20, 2014

You might have seen communications minister Malcolm Turnbull raising the issue about Australian press not discussing policy problems and solutions from overseas, in a speech delivered at the Lowy Institute Media Awards last week: ...

User comments : 11

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
1 / 5 (1) Feb 16, 2012
There was a Jewish movie producer I met in LA who showed me a website that does exactly this, automatically. Since then the website has disappeared. Not sure about the movie either.
kaasinees
1 / 5 (1) Feb 16, 2012
really? you needed a researcher for this?

Using an inexpensive phone and open source software, the researchers were able to track the location of cell phone users without their knowledge on the Global System for Mobile Communications (GSM) network, the predominant worldwide network.


That is all the info the "article" needed.
Eikka
1 / 5 (1) Feb 17, 2012
Any radio source can be tracked with a sufficiently directional antenna. You just have to make the phone transmit something and then see where the signal comes from by turning the antenna. One antenna gives you a bearing, two antennas in two locations gives you a bearing and distance that are accurate depending on how far away the antennas are of each other and the target.

It seems like their major discovery was how to make a prank call.

This is btw. the same method that the TV-van uses to detect if you're watching television. Especially the older sets drop the recieved signal down to an intermediate frequency for easier amplification, and this signal leaks out of the TV.
ryggesogn2
1 / 5 (2) Feb 17, 2012
Remove the power supply.
antialias_physorg
not rated yet Feb 17, 2012
There's a neat inversion trick to this method. Cell phone towers will increase power if transmission energy received drops.

Stealth aircraft (fighters, bombers, drones) absorb signals which causes signal strength to drop. You can track these craft pretty accurately by how towers suddenly up their wattage to compensate.

It's even better than radar because there are so many towers that you can't even take this sort of tracking system out.
Eikka
1 / 5 (1) Feb 18, 2012
You can track these craft pretty accurately by how towers suddenly up their wattage to compensate.


That's assuming that the stealth craft would block a significant area from the transmitter's point of view. In reality it's just another speck of dust in the air. Suppose the plane is flying 1 mile away from the tower. Assuming the signal spreads out like a dome, it covers six square miles by that point. The aircraft is so tiny in comparison that it won't absorb much any of the energy. It's not like stealth craft hoover up radio waves from the air.

But, the British used a similiar idea to detect aircraft fleets over the horizon in the 2nd world war. Powerful but distant radio stations that were otherwise weak would get better reception as fleets of bombers gathered for a run, because they would reflect the radio signal like a mirror around a corner. That would give the air defence a hint of what was coming even before the planes showed up on radar.
antialias_physorg
not rated yet Feb 18, 2012
http://en.wikiped...formance

It is suspected the Serbs used a crude form of this to shoot down the F117A during the serbo-croatian war.
Vendicar_Decarian
1 / 5 (2) Feb 18, 2012
"Any radio source can be tracked with a sufficiently directional antenna." - Eikka

You need much more than an antenna if you wish to track a phone. First modern cellular phones are spread spectrum so they regularly switch frequencies. Second, they share this spectrum with other phones so you need to intercept all individual transmitting frequencies within the cell phone band and then either locate all the phones or wait for the phone of interest to announce itself and then determine it's location.

This presumes of course that it hasn't gone out of range of the local cell tower or your receivers. Cell phones broadcast with very low power to make spectrum sharing and individual transmit /receive "cells" possible.
Eikka
1 / 5 (1) Feb 20, 2012
"Any radio source can be tracked with a sufficiently directional antenna." - Eikka

You need much more than an antenna if you wish to track a phone. First modern cellular phones are spread spectrum so they regularly switch frequencies.


GSM encryption is already broken, so the task isn't exactly difficult. There are a limited number of frequencies they use, and the sharing method is based on timeslots that the cell tower arranges and broadcasts. You can basically just record what the tower is sending and figure out whose cellphones there are in the area, what frequencies and timeslots they're assigned to, and then by tracking their keepalive transmissions you can get a blip for where they are.

Or to get the location down faster and more precisely, you simply make a prank call and listen for the handshake process between the cell tower and the phone. The first thing a phone does when it recieves a signal for an incoming call is to broadcast at full power "I'm here!"
Eikka
1 / 5 (1) Feb 20, 2012
http://en.wikiped...formance

It is suspected the Serbs used a crude form of this to shoot down the F117A during the serbo-croatian war.


Passive radar works the same way in principle than active radar. Only the source of the signal is different. Stealth airplanes are just as invisible to passive as active radar, because it relies on the target that is being tracked to reflect the radio signal into a reciever. Stealth airplanes try to absorb the signal.

For tracking the radio shadow of a stealth airplane instead, you'd have to have your reciever on the other side of the plane, or above it so that the plane passes between you and the transmitting radio source, and the radio shadow of the plane is still too small to be plausibly detected. You need perfect alignment to catch it.

A theoretical possibility is tracking the radio shadow as it is reflected back down from the ionosphere, but you need a tight ground reciever network, and perfect radio weather
ChristianKl
not rated yet Feb 20, 2012
""It has a low entry barrier," Foo Kune said. "Being attainable through open source projects running on commodity software.""
That sentence doesn't make sense. It should probably read "commodity hardware". The software runs on the "inexpensive phone" which is hardware and not software.