Finding out people’s approximate whereabouts by tracing their cellphone signal is something that service providers can easily do, as cellular networks track its subscribers all the time in order to ensure adequate service delivery.
We also take for granted that law enforcement and intelligence agencies have easy access to that information by getting court orders that force service providers to share that information with them. But is it possible for other people – most of all, is it possible for criminals – to do the same?
A team of students and associate professors from the University of Minnesota have proven not only that it can be done, but also that it can be done cheaply by using readily available hardware and open source software.
“The motivation for attackers to obtain pieces of location information of victims include anyone who would get an advantage from such data,” say the researchers. “For example, agents from an oppressive regime may no longer require cooperation from reluctant service providers to determine if dissidents are at a protest location. A second example could be the location test of a prominent figure by a group of insurgents with the intent to cause physical harm for political gain. Yet another example could be thieves testing if a user’s cell phone is absent from a specific area and therefore deduce the risk level associated with a physical break-in of the victim’s residence.”
They used two mobile phones and a laptop, and a land line phone capable of making outgoing calls, and for now they have managed to track down a device’s position within a dozen city blocks.
By initiating PCCH paging requests for the targeted device by sending out a text message or initiating a call, they were able to listen in on the broadcast GSM PCCH paging channel and extract information needed to track down the device. It is also possible to do so without the user being alerted of the received SMS or incoming phone call.
According to Physorg.com, the researchers have presented their results during the 19th Annual Network & Distributed System Security Symposium recently held in San Diego, California, and are currently working with AT&T and Nokia on low-cost solutions for the problem.
For more details about their research and project, go here.