3G Security Flaw Could Enable Anyone To Track Your Phone.
Research conducted by the University of Birmingham in conjunction with the Technical University of Berlin has identified security flaws in the code that connects your phone to the 3G networks which could enable anyone with sufficient knowledge to track it using a rooted femtocel device which is a small, modified cellular base station and performs “man-in-the-middle” attacks to identify a particular device.
Although, as we have said, the attacker would need to have a fairly high degree of technical knowledge and be in the vicinity of the device the equipment needed for one of these attacks is reasonably easy to acquire however it would be fairly easy for such an expert to create hacking tools to simplify the process making it easy for almost anyone to use.
Such attacks could force your device to reveal its Temporary Mobile Subscriber Identity (TMSI), assuming the attacker knows the International Mobile Subscriber Identity (IMSI) or “sniff” a valid Authentication and Key Agreement (AKA) request from a targeted device, then send the same request to all phones in range causing all the other devices to respond with synchronization failures enabling the attacker to identify the target device.
Once the attacker has identified the required device they could track your movements, for example within a building.
The researchers forwarded their findings to the 3G global industry watchdog around six months ago but the necessary bug fixes are still to be implemented. The team plans to detail these flaws at the ACM Conference on Computer and Communications Security event, held Oct. 16-18 in Raleigh, North Carolina, US.