Another vulnerability, the researchers said, lay in the Authentication and Key Agreement (AKA) protocol, which is used to provide authentication between a device and a network by providing secure shared session keys.
This "secret long-term key" (K IMSI) can be identified by sniffing the AKA request and then relaying that to all devices within a certain area. Every device except the target would return an authentication failure, thereby identifying the individual. Again, this could then be used to track location.
The research team took pains to emulate a real-world scenario under the environment, and they tested the attacks techniques against network providers including T-Mobile, Vodafone and O2 in Germany, and French outfit SFR.
Another interesting update from Lookout , New Lookout App Finds Your Phone Even When Battery Is Dead