Threatpost reports that cell users just got that more vulnerable to attackers:
[T]here is enough information leaked from the lower layers of the GSM [Global System for Mobile Communications] communication stack to permit attackers to perform what they call “location tests” on targeted devices. “Cell phone towers have to track cell phone subscribers to provide service efficiently,” University of Minnesota Phd student Denis Foo Kune, one of the authors of the paper, explained in a prepared statement. ”For example, an incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call. Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it.” The cell tower will broadcast a page to a person’s phone and wait for the device to respond when a person gets a call, he continued. According to the researchers’ findings, it is possible for a hacker to force those messages to go out and hang up before the victim is able to hear their phone ring, ultimately enabling them to find a person’s general location within about a dozen city blocks.
The GSM angle, while understandable to mobile device experts, may come as a bit of a shock to those who believe that GPS tracking is the primary way that location data for cell phones will be exploited to surveil their users. Those who remember the analog era epidemic of phone phreaking might, however, may understand the continuing ways for clever hackers to target phone users.
At CTOVision, most of the mobile device threats we write about focus on attackers stealing data. As the US-CERT noted in a recent paper, mobile device security threats ranging from malicious apps to phishing voice calls are an unavoidable feature of the new computer security landscape. With global mobile data use exploding, mobile device security understandably focuses on threats to data. However, there are significant personal safety dangers that can come as an result of mobile usage. And as more and more devices become networked, exploitation vectors will also multiply.