back to article Mobile network hack reveals sensitive cellphone data

Researchers have demonstrated structural cracks in GSM mobile networks that make it easy to find the number of most US-based cellphone users and to track virtually any GSM-enabled handset across the globe. The hack builds off research by Tobias Engel who in late 2008 showed how to track the whereabouts of cellphones by tapping …


This topic is closed for new posts.
  1. Bertram Joseph


    Okay ... not really. That technology is quite old now and never really was all that secure to begin with.

  2. Yes, I are perfect

    A bit of hype

    A bit hyped there? What the researchers actually did was acted as a cellular network. Now what surprises me is "He was able to access the database using commercial services offered by companies in Europe." So there are commercial services which allowed an individual to directly talk to Telecom Core networks. That surprises me.

    That you can then gain data by effective war dialing " They then called the account over and over using huge blocks of spoofed numbers" is trivial.

    A final note: the location provided by the telecom network is a "location area" which is much larger than individual cell sites. But yes, it certainly does tell you if someone is internationally roaming.

    So, someone inside or acting as a cellular network, can tell the location of an individual subscriber, and by abusing the network (war dialing) they can likely workout similar information for people on other networks. This is like being surprised that people in the tax office can look up Brad Pitt's tax return.

    Having pontificated on all that, good article apart from the hype.

  3. JWS
    Black Helicopters

    Never mind

    The movies never lie, been saying pull the battery for years! I wonder how long these two to vanish...

  4. Robert Carnegie Silver badge

    Wow, they invented the "E419" :-)

    You could do lots of frauds with this...

    ...but does Brad Pitt have caller ID that says "Brad Pitt is calling"? Or does it give his agent or company name?

  5. Sordid Details

    Well I never

    So surely the key (as with all such systems) is to ensure that such service critical platforms are not exposed to the world at large. However I'm still not clear how the researchers are able to derive the name of the cellphone user. You'd need to get to the billing/CMS system before you get that level of detail.

  6. Daniel B.

    Nothing to worry?

    Well, given that Caller ID in Mexico doesn't send the owner's name (only the phone number), it seems this doesn't affect me.

    Cell tracking isn't very accurate, so they'll be able to pinpoint me ... within a 500 meter range. Meh.

    1. Jaquez
      Black Helicopters

      You sure?

      An accuracy of 500 meters should be sufficient to send in the black helicopters.

  7. Bod


    Firstly, the level of access to databases (especially the HLR) and network infrastructure here seems a bit beyond the average hacker. It would surely require an insider and not to mention it all sounds highly illegal so the "threat" of companies, private investigators and the like popping up that can harvest the information seems unlikely. Governments already have access to the information anyway, so there's nothing new. The rest of the threat is from a handful of hackers who have the resources and they're just going to go after big names. The average mobile user is hardly under threat here.

    Secondly, I don't see how the caller ID database or HLR reveals any names. Or at least it's easy to not reveal anything. Just pop into a shop and get a PAYG sim. You don't need to give full details, or you can just lie (but besides details are usually on a mail in card that won't be registered for weeks), pop in the sim and have it registered by the automated system (usually doesn't ask for details), and off you go. Best caller ID will do is reveal the number associated with the SIM.

    Maybe this only works in the US where reverse lookup of numbers is fairly easy from what I understand.

    The real threat they revealed, which is far easier to attack is the well known one to spoof a caller ID and use that to access voice mail without authentication and thus harvest voice mails. Simple to protect against if operators just enforce the authentication regardless of whether you call the mailbox from your own phone or not (or maybe this is an option already with some).

This topic is closed for new posts.