Security Researchers Find All GSM Phones Open To Hacking & Tracking
Yes, it's good news for stalkers and indentity thieves everywhere: Don Bailey from iSec Partners and security researcher Nick DePetrillo have found a vulnerability in all GSM cell phones that can give an attacker the unrestricted ability to locate any GSM handset anywhere in the world, as well as being able to find the name of the listed subscriber for nearly any cellular phone number.
This has the potential to essentially eliminate cellular privacy and security for almost all cell phone users for all of the top-tier mobile communication providers. Their work expands their earlier work on geolocation of GSM devices, and makes public several fundamental flaws in the provider's networks. The end result? The name of who owns any cell phone is no longer private.
The worst part of this whole mess is that this isn't something that can be patched through a software upgrade or even a hardware fix- the functionality that makes the exploits possible was actually designed into the core of the network's system at the lowest possible level. The technique makes use of a database used by all cell phone providers called "Home Location Register".
"They can do little if anything about this," Bailey said. "The providers can stop putting subscriber information into the database, but it's not likely", goin on to say, "They can't restrict it much. The HLR is just part of the GSM abd telephony protocols as a whole. The information is exported worldwide. If you have access to the network, you can see it anywhere."