Researchers in the US have shown that owing to the way GSM mobile networks work, it's possible to track down the number of almost anyone, and find out where they are.
In what sounds like a stalkers dream, researchers built on information released in 2008 by Tobias Engel, showing how to gain access to mobile network databases in order to track mobile phones. This time, however, researchers from mobile security firm iSec Partners demonstrated that it was possible to track a single mobile phone user, even without knowing his or her number. They were also able to gain access to other information which most mobile users assume is secure.
Commenting on the revelation, Nick DePetrillo of iSec said: "The scary thing is that you can give me a random cellphone number and I can tell you, usually, who owns it. So if I want to find Brad Pitt's number I can dump all the cellular phone caller ID information out of California and hunt for his number."
The hack works by utilising the GSM caller-ID system, tricking it into creating a full directory of almost every mobile number. Further crunching of that data then allowed the researchers to figure out which individuals are associated with what numbers; and furthermore access to the 'home location register' which allows mobile providers to find any handset in order to communicate with it. And because the hack uses base functionality of the network - i.e the ability to route calls and data to a handset regardless of its location, by knowing where it is, there is no way to restrict the information without preventing the network from doing its job.
Chris Paget, of reverse-engineering consultancy company H4RDW4RE commented: "They've discovered some pretty scary stuff. They looked behind the towers and found a whole other wrongness. You're literally down to the situation where you can't be secure unless you pull the battery out of your phone."
0 Visitor Reactions & Comments: