The location of cellphone users on AT&T and T-Mobile networks can be tracked by anyone with a little technical expertise and $60 worth of equipment, University of Minnesota researchers have discovered.
News of the security flaw, which the researchers traced to cellphone towers, comes at a time when online privacy has emerged as a major national concern. U researchers found they were able to pinpoint the location of cellphone users whose numbers they knew to within an area of about 10 city blocks, said Denis Foo Kune, 35, who is studying for a doctorate in computer science at the U of M.
The loophole within the cellphone networks isn't solely a matter of privacy. Anytime someone can learn your whereabouts without your permission can be dangerous, Foo Kune said.
"A burglar who knew you were downtown would know you aren't at home," Foo Kune said. "If you know where a person is within 10 blocks, and it's dinnertime, you might be able to find him or her in a restaurant. Of, if you're a government agent, you could tell if somebody attended a public protest march."
The revelation came during eight months of research last year that assessed the security of cellphone systems. Foo Kune, computer science and engineering associate professors Nick Hopper and Yongdae Kim, and undergraduate student John Koelndorfer stumbled on the fact that data sent from a cell tower to a phone would allow a hacker to match the phone's location with its telephone number.
As far as the researchers know, their method hasn't been used before. They presented their findings at a national security symposium in San Diego last week.
AT&T said it has been notified by the U of M researchers, but said it has no comment on their report.
"There's no security threat that we take lightly," AT&T spokesman Alex Carey in Minneapolis said Friday. "We make a priority of ensuring customers' safety and security."
The U of M group doesn't know if the same problem affects Verizon Wireless and Sprint cellphone customers because those companies use a different type of cell network. But Foo Kune's educated guess is that those phones are probably vulnerable, too.
The researchers studied the GSM (Global System for Mobile Communications) technology used by AT&T and T-Mobile because it is the most widely used type of cellphone network, Foo Kune said. They notified AT&T last November, outlining both the security issue and ways to fix it, and are writing a letter to T-Mobile.
While pinpointing a person's location requires knowing his or her cellphone number, many people today put their phone numbers on social networking sites such as Facebook, where they are easy to find, Foo Kune said.
The U of M technique is fairly easy to use, Foo Kune said. With an inexpensive cellphone modified with readily available software, the researchers were able to monitor transmission signals from cell towers.
The researchers then called the person's cellphone from a land line and listened to transmissions from a nearby tower that served the Longfellow neighborhood of Minneapolis, southeast of downtown.
If the tower were going to connect with the cellphone, it would send two messages, one to page the victim's phone and a second message to begin establishing the connection to the victim's phone.
If the researchers heard that second message, they knew the victim's phone had connected to the same tower that they were monitoring. And that meant the cellphone user was within a 10-block area of the Longfellow neighborhood. In the suburbs, where cell towers are farther apart, a cellphone user could not be located quite as precisely, Foo Kune said.
Steve Alexander • 612-673-4553