Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

All GSM Phones Open To Attack, Tracking

Soulskill posted more than 4 years ago | from the now-where'd-that-tinfoil-hat-go dept.

Cellphones 119

Trailrunner7 writes "A pair of security researchers has discovered a number of new attack vectors that give them the ability not only to locate any GSM mobile handset anywhere in the world, but also to find the name of the subscriber associated with virtually any cellular phone number, raising serious privacy and security concerns for customers of all of the major mobile providers. The research builds upon earlier work on geolocation of GSM handsets and exposes a number of fundamental weaknesses in the architecture of mobile providers' networks. However, these are not software or hardware vulnerabilities that can be patched or mitigated with workarounds. Rather, they are features and functionality built into the networks and back-end systems that Bailey and DePetrillo have found ways to abuse in order to discover information that most cell users assume is private and known only to the cell provider."

cancel ×

119 comments

Sorry! There are no comments related to the filter you selected.

Cue the standard industry response in 321.... (5, Insightful)

ravenspear (756059) | more than 4 years ago | (#31987402)

Our attorneys will be contacting you shortly for exposing these methods and invalidating our security through obscurity SOP.

Because you just couldn't allow these methods to remain hidden, you are now responsible for any attacks that take place as a result.

We take our customers security very seriously. As an example, we've ensured these holes have stayed well hidden. Now, you've ruined that. You idiot.

TROLL (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31987534)

LOL!

LOL (-1)

Anonymous Coward | more than 4 years ago | (#31987804)

TROLL!

Re:Cue the standard industry response in 321.... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#31987606)

Please stand over there up against and facing the wall with your hands on the back of your head. Our Lawyers will make every effort to make this as timely and efficient as possible.

Re:Cue the standard industry response in 321.... (1)

davester666 (731373) | more than 4 years ago | (#31987648)

> Because you just couldn't allow these methods to remain hidden, you are now responsible for any attacks that take place as a result.

You are also financially responsible for any lawsuits we may lose because we failed to protect our customers information in a secure fashion.

Re:Cue the standard industry response in 321.... (3, Interesting)

poetmatt (793785) | more than 4 years ago | (#31987850)

Sadly, I could absolutely agree that such a message is very likely.

I love how all of it hides the fact that if this is public information, obviously the government and other groups which people are concerned even more about, know this information as well.

Re:Cue the standard industry response in 321.... (3, Informative)

sznupi (719324) | more than 4 years ago | (#31988172)

Or it was one of the compromises, hidden...remember, some countries participating in the creation of GSM wanted it be more safe, some wanted less safety.

Anyway, at least one part of what TFS says is obviously bullshit - my network doesn't even know my name (prepaid in a place where registration is not required...so nobody does it; not because of some paranoia but because it's the most straightforward thing to (not) do)

Re:Cue the standard industry response in 321.... (0)

postbigbang (761081) | more than 4 years ago | (#31988620)

Maybe you purchased it anonymously. When you turned it on and first used it, you initiated data for a profile. Unless you used the phone at random locations, not the residence where you live, then there's no geolocation data. Instead, maybe a camera perched up on a building saw you. That in turn, was cross-matched with other information about you, like when you used your debit card across the street a few minutes later.

What part of lack of privacy didn't you understand?

Re:Cue the standard industry response in 321.... (2, Informative)

sznupi (719324) | more than 4 years ago | (#31988888)

That would be paranoia for you right there... And not something simply under "name" position in mobile carrier profile.

BTW, as is typical you missed the most straightforward method...tracing web of contacts. A phone is usually used to communicate with people, you know.

From the CIA... (0)

Anonymous Coward | more than 4 years ago | (#31987450)

"No duh"

Is my Tivo on? (0)

Anonymous Coward | more than 4 years ago | (#31987454)

http://yro.slashdot.org/story/10/04/21/1547234/Legal-Spying-Via-the-Cell-Phone-System

DUPE!!!! (0)

Anonymous Coward | more than 4 years ago | (#31987456)

Slashdot reported on this last week...

Prompt Global (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31987466)

HACK.

Enjoy.

Yours In Astrakhan,
K. T.

FBI backdoors etc (1, Funny)

Anonymous Coward | more than 4 years ago | (#31987486)

About time someone found one of the many government backdoors they build in years ago. Do you expect government worker #84772 to be able to use a complicated secure backdoor? I know I don't, so I expect all the newest routers that the US made firmware updates with backdoors, cell phones everything has stupid obscure easy to use backdoors built into them now. Its a danger and we need to stem and turn this shit around NOW!

Re:FBI backdoors etc (1)

zill (1690130) | more than 4 years ago | (#31988502)

I give this thread 2 more minutes before it gets deleted through the Slashdot backdo{#`%${%&`+'${`%&NO CARRIER

Re:FBI backdoors etc (1)

DadLeopard (1290796) | more than 4 years ago | (#31989226)

You realize that GSM is not the dominant Cell phone system in the US, like it is in the rest of the world?

I told you they've been tracking me (1)

$RANDOMLUSER (804576) | more than 4 years ago | (#31987488)

They're following me and reading my thoughts. They're in it with the Scientologists and Starbucks and Major League Baseball. And the Freemasons. And Goo

^%$&^#$&^%$&^% NO CARRIER

Re:I told you they've been tracking me (1)

ushering05401 (1086795) | more than 4 years ago | (#31987574)

You laugh, but little brother is tossing and turning in his sleep.

Re:I told you they've been tracking me (2, Funny)

$RANDOMLUSER (804576) | more than 4 years ago | (#31988650)

I'm not trying to be funny, I'm trying to warn everyone about the real danger that Goo

^%$&^#$&^%$&^% NO CARRIER

Re:I told you they've been tracking me (5, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#31987898)

Let this be a lesson to all you would-be "in-the-know"ers out there. Tin foil hats do not cut it anymore. As soon as that became public knowledge, they started putting carbon-nano-fiber-tube-microphones inside any and all newly manufactured tin foil. Here is what you have to do:

Step 1: Throw away your cell phone. That thing is useless.

Step 2: Steal a friend's cell phone. Put tape over any cameras, and take out the battery, and for good measure, disassemble the audio input.

Step 3: Grab a Pickaxe if you have one, but if not, don't sweat it. Don't go out and buy one, that will only leave a trail for them to find you.

Step 4: Start driving to the mountains. Your newly acquired cell phone will let you know once you are out of the 3G network, secretly known as the Government Geological Guidance network. They will think it is your friend visitting the mountains. Only then will you know that they cannot track you.

Step 5: If you don't have a pickaxe, fashion one out of stone and wood. Start mining. Keep going until you get a rather large amount of Nickel. You can go into town to eat and make shipments of nickel. You'll need about 1.6 KG if you're about 6 feet tall.

Step 6: Go and take your nickel to the local blacksmith. He can be trusted, he didn't upgrade like the rest of the world. Have him help you smelt the Nickel. Submerge yourself in liquid Nickel in order to create a faraday cage around yourself.

And there you go, they won't be able to track you anymore.

Re:I told you they've been tracking me (1)

kg8484 (1755554) | more than 4 years ago | (#31988340)

I laughed, then I noticed that it was modded insightful. Then I laughed some more.

Re:I told you they've been tracking me (0)

Anonymous Coward | more than 4 years ago | (#31988708)

Step 6: Go and take your nickel to the local blacksmith. He can be trusted, he didn't upgrade like the rest of the world.

Not if you can find his name on this list [anviledge.com] .

feature, not a bug (1)

mrybczyn (515205) | more than 4 years ago | (#31987494)

...

Wasn't it a GSM provider in the US requiring SSN? (1, Offtopic)

damn_registrars (1103043) | more than 4 years ago | (#31987518)

I seem to recall a discussion some time ago involving a carrier - I think it was T-Mobile - who did not want to do business with anyone who wouldn't give them their SSN. Now we find that information is carried openly on the network?

Nope (1, Informative)

Anonymous Coward | more than 4 years ago | (#31987956)

I've got a T-Mobile prepay card.

Even T-Mobile doesn't know my name, so perhaps these uber-hackers are a bit exaggerating?

Re:Wasn't it a GSM provider in the US requiring SS (2, Informative)

tgd (2822) | more than 4 years ago | (#31988004)

How in the world did you get from "here's how caller ID maps numbers to name" to "they're transmitting SSNs over the network"?

"Insightful"? Did the moderators not read the story either?

Re:Wasn't it a GSM provider in the US requiring SS (4, Funny)

AndrewNeo (979708) | more than 4 years ago | (#31988236)

You must be ne..

tgd (2822)

Er. You must not come around very often.

Re:Wasn't it a GSM provider in the US requiring SS (0)

Anonymous Coward | more than 4 years ago | (#31988882)

Yes, because a company having your SIN means that it'll be accessible on your phone...

Scary shit (1, Troll)

wurp (51446) | more than 4 years ago | (#31987526)

This is some scary shit. How long until some celebrity or world leader is abducted, raped, or shot based on this vulnerability?

Re:Scary shit (5, Insightful)

bugi (8479) | more than 4 years ago | (#31987584)

Raise your hand if you think this wasn't already known to and in use by one or more government agencies.

Re:Scary shit (3, Funny)

PPH (736903) | more than 4 years ago | (#31988030)

Sorry. My hand is busy a the moment.

By government agencies, you mean both domestic and foreign. Right? If you think the Russians, Chinese, and North Koreans don't have a complete and up to date list of all cell phones that regularly contact certain towers in Langley, Virginia, please turn in your low Slashdot UIDs.

Re:Scary shit (1)

yerM)M (720808) | more than 4 years ago | (#31988842)

I'm not worried, given the speed at which my battery drains, this should reduce the attack vector considerably.

Re:Scary shit (1)

CrashandDie (1114135) | more than 4 years ago | (#31991668)

How could it not be known yet used by one or more government agencies?

Regardless, now I want to go and have a chat with the writers of CSI and Numb3rs, because apparently they have some schweet inside info.

Re:Scary shit (1, Troll)

wurp (51446) | more than 4 years ago | (#31987674)

Troll. Huh?

Re:Scary shit (1)

religious freak (1005821) | more than 4 years ago | (#31987734)

Yeah, you got fucked on that one

Re:Scary shit (0, Offtopic)

wurp (51446) | more than 4 years ago | (#31987756)

Wow, and I just thought more about it... straight to -1? Starting score 1, shoulda been karma modifier +1 (but no sign of that), and two troll mods? How'd that post pull that off?

(Karma bonus intentionally turned off on this post 'cause it's off topic.)

Re:Scary shit (0)

Anonymous Coward | more than 4 years ago | (#31987890)

It's because of your sig. The Almighty Jobs has declared sex acts unfit for the iPhone, thus your link goes against his teachings and you are risking an iFatwa.

The troll mods are just a warning.

Following me around (-1, Troll)

wurp (51446) | more than 4 years ago | (#31987894)

Seriously, you don't have anything better to do?

If this isn't a /. admin doing this to me, either someone has WAY too much time on their hands creating accounts & building up mod points, or there's a real-life (if astoundingly pathetic in scope) conspiracy against me.

It's nice to know you care, either way.

Re:Scary shit (0)

Anonymous Coward | more than 4 years ago | (#31987922)

Dive, dive, the score submarine!

Re:Scary shit (-1, Troll)

wurp (51446) | more than 4 years ago | (#31988070)

Eh, my karma is super-duper excellent. If someone with the power to throw that many bad mods at me is after me, I'm screwed regardless.

Re:Scary shit (1)

dunng808 (448849) | more than 4 years ago | (#31990164)

Let's hope the meta-mods straighten this out. Watching this unfold is as creepy as thinking about the original GSM issue.

I have nothing against the iPhone ... I still use my Newton Message Pad 2100, so my 3G phone is an Android. Sort of spreading the goodness around.

(Silently invoking an ancient oriental troll repellent spell.)

Re:Scary shit (0, Offtopic)

wurp (51446) | more than 4 years ago | (#31991972)

Thanks for the good vibes, and risking your karma by posting with your True Name in response to one of the damned.

BTW, someone is definite removing my karma bonus in addition to slapping troll mods on me. Either that or there's some automatic removal of karma bonuses when two troll mods are given.

One wonders about the shitty ways people use power, then you find someone abusing petty powers like this in your own back yard.

Disappointing.

Re:Scary shit (0)

Anonymous Coward | more than 4 years ago | (#31990654)

Yeah you are. I got hit with a bunch of troll and offtopic mods, even on some old posts, all at once. I guess we haven't been kissing enough ass and welcoming our new meta-moderating overlords. I never thought I would have to post this type of criticism AC. Maybe slashdot 3.0 is the new improved "sensitive don't offend me" slashdot.

Re:Scary shit (0)

Anonymous Coward | more than 4 years ago | (#31987962)

Yeah, there is no -1 Lame or Stupid mod. For such an old timer, you should know that. Be a man. Deal with it.

Sounds like a lot of BS (3, Informative)

kju (327) | more than 4 years ago | (#31987572)

The article does not sound credible but like a lot of Bullshit. For example they claim that they are able to lookup the customer name for a given mobile number ("also find the name of the subscriber associated with virtually any cellular phone number"). But they don't explain how they do this. The article just states: "At the heart of the work the pair did is their ability to access the caller ID database mobile providers use to match the names of subscribers to mobile numbers. Then they claim: "This is the same database that contains the subscriber information for landlines", which is simply untrue for many mobile operators who do not even operate landlines. They somewhat suggest that the database in question is the Home Location Register HLR ("Once they accessed the database, known as the Home Location Register (HLR),"), but as you can easily lookup, the HLR does NOT contain the name of a subscriber: http://en.wikipedia.org/wiki/Network_switching_subsystem#Home_Location_Register_.28HLR.29 [wikipedia.org] Now there might be networks where you can lookup the name of a customer given the number, but this is not standard, so claiming they can find the subscribe for "virtually any cellular phone number" is just BS on a great scale. The whole article is loads of gibberish making no much sense. I don't believe any of their sensational claims.

Re:Sounds like a lot of BS (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31987632)

Clearly, you weren't at Source Boston or Quahogcon over the last week to see it in action. Thanks for the FUD.

Re:Sounds like a lot of BS (4, Informative)

kju (327) | more than 4 years ago | (#31987722)

So what? The claims are still untrue for at least most GSM networks in the world. This is not FUD but a fact.

The HLR can not be used to lookup the name of a subscriber. Also while the HLR can be queried by operators around the world (as this is needed for roaming), they query it by using the IMSI of the SIM-Card. Wikipedia claims that the MSISDN is another lookup key, but there is no need to make a lookup by MSISDN possible to other operators. When they handle a roaming customer, all they have is their IMSI and they use this to contact the HLR of the operator in charge.

So STFU.

Re:Sounds like a lot of BS (0)

Anonymous Coward | more than 4 years ago | (#31987856)

Right, the HLR database can't be used to look up the name of the subscriber, this article apparently gets that wrong. The researchers never claimed this and other articles (google for them) state this fact more clearly. The researchers also were focusing on these attack vectors that applied to the United States, the CallerID system being a key component in their attacks and obviously only affecting the US. I don't see why you have such a big problem with this. This isn't the first time the press has got some things wrong. There are like 10 other articles that did get this fact straight. No big deal.

Re:Sounds like a lot of BS (4, Informative)

kju (327) | more than 4 years ago | (#31987936)

Why i have such a big problem with this? Because the article makes the reader believe that this is a problem for any GSM user around the world, while it is apparently restricted to countries/networks where such a accessible database exists. The title of the slashdot article also claims "All GSM Phone" which is untrue given this additional information.

Re:Sounds like a lot of BS (1)

stupid_is (716292) | more than 4 years ago | (#31988306)

Because everyone knows that the USofA is the entire world :-)

MSISDN is mandatory for 2G (not sure about roaming) but it becomes an optional field in the HLR in LTE/4G

I read the linked article and scratched my head, too - it seems that their attack vector requires access to the HLR for a start, and I can't see that being trivial. Maybe I should go look for the other, more informed articles.

Re:Sounds like a lot of BS (1)

igy (908081) | more than 4 years ago | (#31989854)

That's not strictly true; for SMS delivery the message sent to the HLR is routed via the MSISDN, because the other network will only have the MSISDN at this point (i.e they only know what they typed into your phone when sending the message, it's up to the HLR to provide the recipient's MSC address and IMSI so the message can be delivered)

Re:Sounds like a lot of BS (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31987670)

Actually it's pretty clear in other articles (and this one) that it's just the CallerID database that they're using to get the Cell numbers and the person associated with the cell number. Makes perfect sense to me. I imagine these articles sometimes get things wrong too. The conference they spoke at (Source Boston I believe mentioned in the article) should probably post the slides sooner or later and then you'll know for sure.

Re:Sounds like a lot of BS (2, Insightful)

kju (327) | more than 4 years ago | (#31987820)

Actually it's pretty clear in other articles (and this one) that it's just the CallerID database that they're using to get the Cell numbers and the person associated with the cell number.

Their sensational claim is that they are able to "also find the name of the subscriber associated with virtually any cellular phone number". This is a strong claim and it is a false one. They can find the name of the subscriber if such a CallerID database exists for the network in question and is available for access. This is simply not the case for many many networks around the world, so they are far from beeing able to do this for "virtually any cellular phone number". Also it is not very surprising that you can make a lookup if such a lookup service is available.

Re:Sounds like a lot of BS (2, Informative)

religious freak (1005821) | more than 4 years ago | (#31987816)

Well, I didn't read this article, but I did read the article LAST week when /. posted this same story. My understanding was these folks spoof the number in question and use that to access 'xyz' database with the name info. Once you've got the name and phone number info, you can use the small European telcos to use the location service and determine roughly where someone is.

It all makes total sense to me, and as a tech person is actually one of those things I figured was probably the case (the routing protocol HAS to know where to send the phone call, and your phone must poll every once in a while to let the service know where it is), but like much in this modern age, I gave a big, huge meh to it. I feel fortunate enough to just understand how this crap can screw you, unlike my non-tech friends who are either completely ignorant or completely paranoid.

Re:Sounds like a lot of BS (0)

Anonymous Coward | more than 4 years ago | (#31987836)

I do not think you read the article thoroughly. The original article states:

Once they accessed the database, known as the Home Location Register (HLR), the researchers are able to determine which mobile provider a given subscriber uses, and then combine that with the caller ID data, giving them a profile of the subscriber. This is a correlation that most mobile subscribers think isn't possible....

It says nothing of having the name of the customer come from the HLR. It clearly states it's a correlation of data in the HLR and the Caller ID data that the derive the subscriber profile from.

Re:Sounds like a lot of BS (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#31988108)

They tried to pull a Star Trek, thats all.

Re:Sounds like a lot of BS (1)

GrenDel Fuego (2558) | more than 4 years ago | (#31988158)

The article is BS and overblown. The talk itself was interesting.

The "find the name of the subscriber" bit has to do with the fact that a lot of carriers register the mobile phone subscribers name with the caller ID database. Since most cellphones don't use caller ID and only pair the number with their local address book, you wouldn't notice this unless the cellphone is calling your landline.

They demonstrated a technique to use a VOIP line to call another VOIP line spoofing the calling number (say 555-555-0001). They then harvested the caller ID info and moved onto the next number (555-555-0002), creating a massive database of number/name combinations.

Kind of like wardialing in reverse (cycling through source numbers not destinations).

Re:Sounds like a lot of BS (1)

GrenDel Fuego (2558) | more than 4 years ago | (#31988186)

I should say that I think a lot of the confusion comes in because it was a long talk covering a lot of different related topics, some related some not. There were bits covering calling IMSI info by acting as a tower, determining a phone's carrier by the block of numbers, the caller ID piece and more.

Implementation weaknesses? (0)

Anonymous Coward | more than 4 years ago | (#31987576)

I don't know.. TFA is a little short on details, but sounds like the attacks are based on known implementation weaknesses in the (American) networks. HLR is certainly something that no unauthorized party is supposed to access. CallerId I don't know, but probably should also not be publicly accessible. In any case doesn't sound like something you can execute in any network (or would be impossible to fix).

I Have AT&T - Joke's On Them (5, Funny)

sexconker (1179573) | more than 4 years ago | (#31987578)

My network isn't vulnerable because it's never fucking working.

Re:I Have AT&T - Joke's On Them (1)

youn (1516637) | more than 4 years ago | (#31988302)

I believe that's Denial of Service attack (on your patience :) )

Re:I Have AT&T - Joke's On Them (0)

Anonymous Coward | more than 4 years ago | (#31989588)

I'm curious about the hatred towards AT&T. I work for a company that provides an extremely important service to them. Our software is resulting in some of, if not THE biggest Oracle databases in the world (PETABYTES - at AT&T locations of course). I constantly look at call data of theirs for services which is kept to an as abstract level as is possible. I see millions of MSISDNS however we, intimate partners with AT&T and other Telcos, are never savvy to personal information of any kind. Perhaps it takes an inside perspective to understand just how complicated the mobile telecoms industry is, and I assure you it is. I can tell you that on our software alone AT&T is processing millions of transactions per second, and, basing it on the data I see daily, is reliable (call durations, types of calls (GSM, WAP, GPRS,)) - enough so with other telecoms in the world. Is it that scale isn't accounted for? I have heard the claims of dropped calls all the time etc etc but the data I receive does not reflect it.

Again, not apologising, just genuinely curious.

Not really that big of an issue (1)

SlayerofGods (682938) | more than 4 years ago | (#31987624)

Looks like this can be broken into three parts. First

Once they accessed the database, known as the Home Location Register (HLR), the researchers are able to determine which mobile provider a given subscriber uses, and then combine that with the caller ID data, giving them a profile of the subscriber.

But no details are given about how they got in. But really, this isn't that much more scary then a phonebook.
Second

They can spoof someone's mobile number, dial that same number using this dialing technique, and in many cases a call to a handset from that handset's number that goes to voice mail will bypass the voice-mail authentication mechanism.

I know my company, verizon, still requires your password even if you call from your number.
Third

builds upon earlier work on geolocation of GSM handsets and exposes a number of fundamental weaknesses in the architecture of mobile providers' networks.

But no further info is given...

Looks like there really isn't much news here except that maybe t-mobile doesn't require a password for voicemail if you call from your home phone number.

Obviously *someone* has to know this stuff (4, Interesting)

DutchUncle (826473) | more than 4 years ago | (#31987664)

>>>This is a correlation that most mobile subscribers think isn't possible because there isn't a public white pages directory of mobile numbers.

I think even the average user understands that the providers have and share such information to manage calls themselves, whether or not it's easily available. And security through obscurity that worked just fine in a landline-only era is wide open when you can listen to the challenge-response over the air. The only question is why anyone other than a telco can get to the databases; OTOH since anyone can be a telco nowadays, that wouldn't help much.

This does demonstrate how a difference of degree becomes a difference of kind, as is so often the case with data mining. When there was noticeable cost to get each piece of information and/or to correlate one set of information against another, it was only worthwhile for a targeted attack. Now when one can get millions of pieces of information and correlate them with minimal effort, scattershot attacks are economically productive. It was never worthwhile to just dial numbers sequentially, because you had to pay living people to do it, until robodialers were created (and permitted to be attached to the phone lines); then suddenly it became an industry.

CDMA (1, Interesting)

teknopurge (199509) | more than 4 years ago | (#31987668)

well well, how the tables have turned!

Re:CDMA (0)

BlueScreenOfTOM (939766) | more than 4 years ago | (#31988054)

While CDMA has it's own set of problems for sure, I've always preferred CDMA call quality over GSM. I also like that CDMA handsets don't make any speaker within a 5ft radius go crazy. It is kind of a shame that it is losing out and we will be seeing less of it in the future. From a security standpoint, I wonder if it is more or less secure...

Re:CDMA (1)

teknopurge (199509) | more than 4 years ago | (#31988218)

supposedly there is a new revision coming down the pipe that allows multiple channels(simultaneous) and a host of other things.

Re:CDMA (0)

Anonymous Coward | more than 4 years ago | (#31988524)

It is kind of a shame that it is losing out and we will be seeing less of it in the future.

Now that it's FINALLY gotten something like a SIM card (in SOME handsets) maybe people will stop treating CDMA like it was featured on The Flintstones.

Re:CDMA (2, Informative)

matty619 (630957) | more than 4 years ago | (#31988968)

In my experience, 3G GSM phones don't do the crazy speaker thing you speak of.

This is God calling... (1)

gmuslera (3436) | more than 4 years ago | (#31987672)

If this get wide actively exploited we will see how will be built Babel Tower 2.0, using only social engineering.

In fact, don't think on God...think in terrorists, or in the children. Always will be a worse application of this than what you tought.

My cellphone is immune to all attack vectors (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#31987708)

I don't have a fucking cellphone. I don't need to make calls at all hours of the day everywhere I go.

Re:My cellphone is immune to all attack vectors (1, Informative)

Anonymous Coward | more than 4 years ago | (#31987782)

Good for you!

A warning, though. Those burgers are someday going to be flipped by a machine.

This is bogus (0, Troll)

dnaumov (453672) | more than 4 years ago | (#31987768)

This is so bogus it's not even funny. Well it might work in some retarded 3rd world country, but certainly not where I live.

"For example, during their research, Bailey and DePetrillo scanned a number block in Washington, D.C., and identified a large block of numbers allocated to a defense contractor."

I am sorry, what? How exactly does this scan work? If a defence contractor has it's numbers available in a publically accessible number database, this is probably a lapse in security at said contractor, not some kind of a GSM technology exploit. If you don't want to tell the world that YOU own number 123 4567, don't share this information. DUH. Every operator out there has an option where the subscriber can chose to "keep my number secret and do not share my information with public registries". Your failure to use this option is well, your failure.

"Once they accessed the database, known as the Home Location Register (HLR), the researchers are able to determine which mobile provider a given subscriber uses, and then combine that with the caller ID data, giving them a profile of the subscriber."

I am an operator. What the fuck gives you the idea that YOU can access my HLR? Are you retarded?

Re:This is bogus (1)

Securityemo (1407943) | more than 4 years ago | (#31988230)

From the Cnet interview at http://news.cnet.com/8301-27080_3-20002986-245.html [cnet.com] :

The first part of the operation involves getting a target's cell phone number from a public database that links names to numbers for caller ID purposes. DePetrillo used open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup.

"We log that information and associate it with a phone number in a (caller ID) database," DePetrillo said. "We created software that iterates through these numbers and can crawl the entire phone database in the U.S. within a couple of weeks... We have done whole cities and pulled thousands of records."

"It's not illegal, nor is it a breach of terms of service," Bailey said.

Next up is matching the phone number with a geographic location. The SS7 (Signaling System) public switched network routes calls around the world and uses what's called the Home Location Register to log the whereabouts of numbers so networks can hand calls off to one another, DePetrillo said. Individual phones are registered to mobile switching centers within specific geographic regions and they are logged in to that main register, he said.

Only telecom providers are supposed to have access to the location register, but small telcos in the EU are offering online access to it for a fee, mostly to companies using it for marketing data and cost projections, according to DePetrillo.

Re:This is bogus (1)

dnaumov (453672) | more than 4 years ago | (#31988442)

The problem with the article is that it can be essentially dissected into this:

"If your phone number is stored in a publically accessible database, along with your real name, people can look it up!"

No shit. And then they threw in a bunch of semi-relevant and a lot of completely bogus technical mumbo-jumbo to make it sound like some breakthrough.

Re:This is bogus (1)

Securityemo (1407943) | more than 4 years ago | (#31988604)

I think it could be relevant as a security issue, if it's not common knowledge for Joe Sixpack that the database(s) are publically accessible, or as it would seem in the SS7 case, semi-private. Here in Sweden we have a comonly used cell/landline whitepages service, www.eniro.se, but if there isn't such a service where Joe lives it's counterintuitive that the data wouldn't be private. Joe Sixpack might be threatened by stalkers or a violent ex, and might not realize that the little fucker can get at you in this manner.

GSM != CDMA (1)

Hummdis (1337219) | more than 4 years ago | (#31987866)

I like how they list GSM and imply all carriers in the US when the largest GSM providers are AT&T, T-Mobile, Sprint and Cricket. The CDMA networks are Verizon and Alltel. Of course, the're now one in the same since Verizon bought Alltel a year or so ago.

Re:GSM != CDMA (1)

hoxford (94613) | more than 4 years ago | (#31987906)

Sprint and Cricket are CDMA carriers.

Re:GSM != CDMA (1)

jeffmeden (135043) | more than 4 years ago | (#31988116)

Don't forget BOOST! and Revol, two pay-as-you-go carriers.

Re:GSM != CDMA (1)

amRadioHed (463061) | more than 4 years ago | (#31987960)

Sprint and Cricket are both CDMA.

Re:GSM != CDMA (1)

PRMan (959735) | more than 4 years ago | (#31987974)

I like how you imply that Sprint is GSM when they are CDMA...

Re:GSM != CDMA (0)

athakur999 (44340) | more than 4 years ago | (#31988330)

The Nextel portion of Sprint is actually GSM.

Re:GSM != iDEN (3, Informative)

Christophotron (812632) | more than 4 years ago | (#31988562)

The Nextel portion of Sprint is actually GSM.

Wrong again.. Nextel is actually iDEN [wikipedia.org] , which is yet another different technology that happens to use a SIM card. Having a SIM card does not make it GSM.

Re:GSM != iDEN (1)

he-sk (103163) | more than 4 years ago | (#31989466)

That's news to me.

Wait a minute? You guys actually have THREE competing mobile carrier technologies in the US?

Re:GSM != iDEN (1)

anss123 (985305) | more than 4 years ago | (#31990218)

Wait a minute? You guys actually have THREE competing mobile carrier technologies in the US?

"Mr. President. The hackers may have cracked GSM and CDMA!"

Smug smile: "Don't worry, there's is another."

Re:GSM != CDMA (1)

RobertLTux (260313) | more than 4 years ago | (#31988646)

no the nextel part of sprint is its own separate standard (called Iden) it just uses a "sim card" similar to a GSM phone.

so yes a Nextel World Phone would have 3 different networks builtin (CDMA GSM and Iden)

Re:GSM != CDMA (1)

Hummdis (1337219) | more than 4 years ago | (#31988484)

Correct...and Sprint has a true 4G network [cnn.com] .

"The No. 3 wireless carrier, Sprint Nextel (S, Fortune 500), claims to have a 4G network in place based on a different technology called WiMAX, though WiMAX is actually just an enhanced 3G technology. With more than 50 global carriers pledging to unveil LTE networks, some analysts have speculated that Sprint will likely commit to building its own LTE network in the near future."

Re:GSM != CDMA (2, Informative)

Montezumaa (1674080) | more than 4 years ago | (#31989122)

Sprint does not operate a GSM network any longer; well, not to the general public. They use CDMA, where as GSM is based off of TDMA. I am not sure if Sprint still uses PCS, but PCS can operate on GSM(TDMA), CDMA, and D-AMPS and I believe that Sprint had their PCS network operating on GSM in some areas.

Some people might think that Verizon is included because they are switching to UMTS for their "4G" network. The fact is that the version of UMTS AT&T uses is based off of CDMA(W-CDMA is most common). It will allow Verizon to offer data on their "world" phones, which also have GSM radios for international roaming.

Most? (1)

blair1q (305137) | more than 4 years ago | (#31987964)

If anyone using a cellphone doesn't understand Caller-ID, or that the entire system is based on knowing where your phone is (to wtihin the range of a given tower), then they're probably not worthy of having privacy.

Being able to find someone's name and location is not exactly a privacy issue.

Next thing you know, the nuffers will be posting stories about the privacy implications of the Marauder's Map.

This Astroturfing Article broght to you by... (1)

Low Ranked Craig (1327799) | more than 4 years ago | (#31987976)

Verizon and Sprint!

fQuck3r (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#31987994)

am protesting Shouts To the moronic, Dilettante VISIONS GOING driven out by the to get involved in [theos.com] on his (7000+1400+700)*4 at my freelance

Discussing this isn't really constructive. (1)

Securityemo (1407943) | more than 4 years ago | (#31988084)

Because the article basically says that they will, and now presumably have, presented the details at SOURCE Boston, and the papers/slides from there haven't been released yet.
Found an interview with some more details here, though: http://news.cnet.com/8301-27080_3-20002986-245.html [cnet.com]

Re:No details on the attack (1)

neutrino38 (1037806) | more than 4 years ago | (#31989286)

All this article is pretty unclear about the attack method described.

All it says is that they supposedly find ways to tap in APIs that associate GSM phone numbers with names. I am not sure that such API are standardized.

Then they say that IF you have direct access to SS7 network and you are able to query the HLR, you are able to track down people (because you are able to get the attachement MSC and possibily the Cell ID using the MAP protocol).

This IF is a big IF. They did not demonstre haw you may break in to the SS7 network from outside of it.

Guys, you have to understand that SS7 network are not exactly working like a IP network. Most of the time, routing is statick and a peer to peer trust relationship must be established between your host and the network before you can eventhing of querying an HLR like this. So this "attack" supposes that the attacked network would basically allow you in.

Unless, they come up with something very new, this is pretty weak. The attack on GSM encryption for conversation was much more significant.

All your phones... (1)

simonbas (1319225) | more than 4 years ago | (#31988636)

...are belong to us.

Haha, I'm untrackable!!!! (0)

Anonymous Coward | more than 4 years ago | (#31988694)

That's why I stick with my trusted landline, they'll NEVER know where I'm at! SUCKERS!!!!

TRAC Phones (0)

Anonymous Coward | more than 4 years ago | (#31989132)

Yup, get a TRAC Phone, and no more worries about being tracked, since nobody knows who owns the TRAC phone.

Oh wait, they aren't in are they, no camera, no mp3 player, no bells and whistle crap, guess all you cell phone fashion victims are toast.

Sometimes I've got to wonder (1)

Whuffo (1043790) | more than 4 years ago | (#31989538)

If you carry a cell phone - you're carrying a radio transmitter that broadcasts its serial number to any interested receiver. That serial number is directly tied to your account at the cell service provider; name, address, bank info, you name it. This is just the way things are.

So what's with the dog and pony show from some writer that doesn't know what he's talking about? And finding the name that goes with a phone number isn't what you should be worried about - consider instead that your friendly government can tell where your cell phone is at any time they desire. Since that's usually in your pocket / purse, that means your location, your movements, and who you meet with. This is more real than the linked article and a lot more troubling.

Re:Sometimes I've got to wonder (1)

religious freak (1005821) | more than 4 years ago | (#31992564)

Again, I've got to make the point, but... duh. How did you think these things worked? (I'm assuming you're a technical person)

I'm not trolling, I'm just saying this is the way things are designed and in fact, I've heard at least a couple stories where 911 operators have had and exercised the option to triangulate a cell signal to determine someone's whereabouts (could be urban legend, I dunno). Doing all that in the time needed for emergency service? Location info sounds pretty freely accessible to governmental authorities to me.

But this is our brave new world. Damn near everyone on this site knows it. We just don't want to sit down, think about it and admit it to ourselves. We think we've got the option for total privacy, but we really don't if we want to be members of society.

it's trivial to have an untraceable GSM phone (1)

george14215 (929657) | more than 4 years ago | (#31991516)

Just buy a prepaid cell phone with cash and top up the minutes with cash. No ID required.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>