New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked, according to research from the University of Birmingham with collaboration from the Technical University of Berlin.
Researchers said that standard off-the-shelf equipment, such as femtocells, could be used to exploit the flaw, allowing the physical location of devices to be revealed.
The 3G standard was designed to protect a user’s identity when on a given network. A device’s permanent identity, known as International Mobile Subscriber Identity (IMSI) is protected on a network by being assigned a temporary identity called a Temporary Mobile Subscriber Identity TMSI.
The TMSI is updated regularly while the 3G networks are supposed to make it impossible for someone to track a device even if they are eavesdropping on the radio link.
Researchers have discovered that these methods can easily be sidestepped by spoofing an IMSI paging request. Such a request is used by networks to locate a device so it can provide service.
Another vulnerability, the researchers said, lay in the Authentication and Key Agreement (AKA) protocol, which is used to provide authentication between a device and a network by providing secure shared session keys.
This "secret long-term key" (K IMSI) can be identified by sniffing the AKA request and then relaying that to all devices within a certain area. Every device except the target would return an authentication failure, thereby identifying the individual. Again, this could then be used to track location.
The research team took pains to emulate a real-world scenario under the environment, and they tested the attacks techniques against network providers including T-Mobile, Vodafone and O2 in Germany, and French outfit SFR.
Another interesting update from Lookout , New Lookout App Finds Your Phone Even When Battery Is Dead