While it sounds like something from the movie Enemy of the State, new research from the University of Minnesota College of Science and Engineering indicates that attackers can capture the same information used by cellphone companies to track cellular handsets to pinpoint a target’s location. This attack leverages features of the GSM communication stack to perform location tests without the alerting the target.
These location tests are used by cellular providers to find the best path on their networks to route calls and can be accurate to a 10-block area in metropolitan areas. 3rd party access to this data usually requires a warrant. However using commodity hardware and open source technology, the researchers were able to directly capture this information. They did not have to contact the local cellular company for access.
The authors conclude that this formation could be used by oppressive regimes to track down dissidents or for thieves could target a person and identify when they were no longer at their home.
The authors have contacted carriers and phone handset manufactures, such as AT&T and Nokia to discuss mitigation techniques and are working on responsible disclosure statements for cellular service providers.