Tracking devices over 3G networks need to be controlled

Posted on October 11, 2012 12:13 pm

Few days ago, I came across a story where a telecom employee expert was trying to explain how his employer, a mobile network operator, is not involved in tracking devices unless there is a court warrant to do so. The article, was in response to an incident where a network subscriber was tracked down by thugs and gunned down following a quarrel with his wife who hired thugs to eliminate him after what she claimed in court following her arrest as marriage gone sour.That sad event left with plenty of questions about privacy threats that could allow every device operating on 3G networks to be tracked by rogue law enforcers and law breakers. From my knowledge, I know vulnerabilities can be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices which is an invasion of privacy. If am having my time off over the weekend with friends, is it your business to know where exactly I am?Going back to the main topic,I would like to say that the most affected devices are latest 3G networks.This is because they were hardened by discarding GSM interoperable networks that were long known to be vulnerable to interception techniques.Rogue security agents or sophisticated criminals do not need to perform cryptographic operations nor possess security keys to instigate the attacks on your devices whether it’s a phone or tablet.

These kind of vulnerabilities may look trivial to many people but once uncovered like it happened with the “murdered” man, they often remain unnoticed for a very long time because they do not involve fancy cryptography and are caused by errors in the protocol logic. Until now, lengthy revision processes for global mobile phone protocols have failed to explain why fixes have not been circulated and implemented.When I was preparing this article, I sought an opinion of v telecom experts who are personal friends and all of them told me that there are other disruptive attacks on 3G networks that did not attack 3G protocol logic and relies heavily on other weaknesses such as interoperability between GSM and 3G or in some other cases the poor security design of devices.If the network operator had used public-key cryptography which can be deployed by cellular operators within their networks then those hired killers would not have succeeded in smoking out the man from his hideout where he was having fun with a female partner for over a week.

Contador Harrison