Researchers have shown how easy is to find the number of most US-based mobile phone structural cracks in GSM mobile networks and to track practically any GSM-enabled handset through the world.
In the end of 2008 Tobias Engel demonstrated how to find the whereabouts of mobile phones by tapping into mobile network databases. An independent researcher Nick DePetrillo from the Source Conference in Boston Wednesday, and Don Bailey of iSec Partners proved how with related techniques it is possible to find a person’s spot even when his number is unknown and to gather other details which most users assume are undetectable.
The information disclosure hack works by tricking the GSM caller ID system into assembling what amounts to a white pages directory of nearly every mobile phone number. In order to do that, the researchers DePetrillo and Bailey established a voice over IP account that included caller ID. Moreover, they called the account over and over by using enormous blocks of spoofed numbers and logged the caller ID production of each one by using an Asterisk server.
The cataloged lookup information let them to find individuals related to the numbers and vice versa. Furthermore, it disclosed huge pools of numbers that were part of private corporations and government agencies.
Nevertheless, DePetrillo and Bailey blocked the numbers they wanted to trace into the so-called HLR, or home location register. The database, and the larger SS7 protocol to which it belongs, in many respects is to mobile networks what TCP/IP is to the internet, allowing cellular carriers to place the position of a receiver so it can accept voice or text traffic.
The techniques develop functionality built into GSM networks to ensure the fact that calls can be routed dependably to an earpiece wherever in the world it’s situated. As such, it will be difficult to fix the revelation threat without breaking the networks.
For more information read the following article:
http://www.theregister.co.uk/2010/04/22/gsm_info_disclosure_hack/
Tags: attack, hack, mobile phones
