At Source Conference in Boston new vulnerabilities on GSM mobile network has been demonstrated by Carmen San Diego, Don Bailey, iSec Partners & Nick DePetrillo that allow a person to track any mobile phone across the world.
The demo has showed how it is possible to determine user specific location and get more details and information without even knowing the phone number which is considered impossible.
The idea of this attack is by exploiting vulnerability in the mobile network database. And get users name and phone number. What attacker will need is just the caller ID to create kind of phone directory which contains any mobile phone number. At the Demo Researchers have created an account at VoIP-function Caller ID, and started to call him frequently. By using huge range of fake numbers over Asterisk server.
As a result information that are gathered in response allowed experts to have the name of subscribers and phone number and they were able to get number ranges belonging to private companies and government agencies.
It is very important to note that the vulnerabilities concern many popular computing platforms including Mac
OSX, Linux, FreeBSD, and OpenBSD. And the presentation Locating Mobile Phones using SS7 can be found here.
make sure you subscribe to my RSS feed!