Legal Exploit Enables Tracking and Spying via Cellular Networks

Activate the cone of silence.
Don your tinfoil hat.
Pull the bedsheets up.

Now that you’ve taken the necessary precautions, I have to tell you some bad news: two researchers have found a way to exploit the mobile phone system in order to locate pretty much anyone they want. That means you, Carmen. All those years of hiding have been for naught. They’ll be here any moment now. This is the end: they’ve found you.

The exploit enables anybody with the right equipment and know-how to find out a person’s private mobile phone number, and track their location (via celltowers, not GPS). Using another exploit, it is possible to listen to their voicemail messages.

Interestingly, these exploits are within the bounds of the law. Thankfully (I suppose), they can’t monitor phone calls or read text messages, but this is clearly still a cause for concern.

The hacks are done through exploiting a series of weak-points across various telephony systems in the world. The details of the techniques are outlined over at CNET, and are worth a read.

A talk on the exploit (entitled “We Found Carmen San Diego”) was given at the Source Boston security conference on Wednesday.

The worst part of all this is that it seems that nothing is being done to fix it, and, in fact, it may not even be universally fixable.

I think now is the time time to pull those bedsheets up a little higher.