After eight months of work, University of Minnesota researchers released a report that points out weak spots in cell phone service towers that allows hackers to access a user’s physical location.
A group of students and professors from the Department of Computer Science and Engineering exposed the method in their paper “Location Leaks on the GSM Air Interface.”
Cell phone networks have to “loosely track” devices in order to handle calls within large regions. To test the entry barriers of cell phone companies, AT&T and Nokia, researchers used readily available equipment as they tracked the location of a subject 10 blocks away.
Denis Foo Kune, one of the research assistants on the project, explained how it works.
“You have to have the victim’s phone number. So then what happens is, you call the person, so the towers are going to be broadcasting some messages to find that phone. We listen to those messages that are going out over the air,” Kune said.
The messages contain I.D. codes. In order to match the codes to the cell phone number, researchers called the phone three times. The code that appeared three times in the same time period in which researchers were listening in is most likely the code of the cell phone.
“From there we can use that I.D. to determine if you’re around a certain area or if you’re on a particular cell tower,” he said.
Their findings cause concern for victims of domestic violence.
Shellene Johnson, program manager at the Minnesota Coalition for Battered Women, told MPR News this is a concern.
“ If victims are unaware this is happening — they may be going into a safe location or into a shelter — it gives very easy access to information of her whereabouts,” Johnson said.
The team also suspects burglars and oppressive governments as possible hackers.
Kune contacted AT&T and Nokia to provide inexpensive techniques to improve the security of cell phone location.
