Mobile network technologies require some degree of tracking of user location, specifically user equipment tracking, as part of their fundamental mechanism of working. Without this basic function, features such as hand-over between cells would not work. Since mobile devices are typically associated with a single person, this provides a potential mechanism for user location surveillance. Network operators are bound by strict privacy legislation. However, spying by certain agencies, hackers and even advertisers without the users’ or operators’ knowledge has become a serious issue. In this article, we introduce and explain all known recent attacks on mobile networks that compromised user privacy. We focus on attacks using the Signalling System 7 (SS7) protocol as the interconnection interface between operators mainly in GSM networks. In addition, we outline a novel evolution of location tracking for LTE networks. One reason these attacks are not widely published or known by the general public is due to the complex and arcane nature of the networks and their protocols. Mobile network interfaces are ‘hidden’ from users, and therefore the general public’s interest in such attacks is much lower compared to other phone vulnerabilities.
Siddhart Prakash Rao (Aalto University), Silke Holtmanns (Bell Labs, Nokia), Ian Oliver (Bell Labs, Nokia), Tuomas Aura (Aalto University): We Know Where You Are!
Presented at the 8th International Conference on Cyber Conflict, 2016
Cyber Power: N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 © NATO CCD COE Publications, Tallinn