We may not address security concerns as quickly as operating system or browser vulnerabilities, but there is no doubt that we should be paying more attention to our phones. Researchers at the University of Minnesota have discovered that it is fairly easy to track a user's location based on the data exchange between a phone and a GSM cell tower.
The tracking of a user happens via data packets that are typically sent to a phone to help a cell tower to locate a phone and allocate the appropriate resources to support a call. Such packets are also sent to tell the phone that someone is calling it. The researchers found that they could force cell towers to send the data and hang up, before the recipient's phone rings. However, by then, the location data is already available. Apparently, there is no need for support from a cellular provider and open source software running on "commodity" platforms will give hackers or anyone else who wants to track cell phone user location access to exploit the vulnerability.
"Cell phone towers have to track cell phone subscribers to provide service efficiently," Denis Foo Kune, Ph.D. student at the University of Minnesota, explained. "For example, an incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call. Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it."
According to the findings, the location data is rough, and an individual's location could only be determined within a 10-block radius. However, for some purposes, 10-blocks may be good enough.
