The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices.
The flaws affected the latest 3G networks that were hardened by discarding GSM interoperable networks that were long known to be vulnerable to interception techniques.
Attackers did not need to perform cryptographic operations nor possess security keys to instigate the attacks.
“[These] kind of vulnerabilities usually look trivial once uncovered but often remain unnoticed for [a] long time, since they do not involve fancy cryptography but are caused by errors in the protocol logic," the researchers wrote in a paper.
Vulnerability enables 3G devices to be tracked with off-the-shelf technology
Posted on Tuesday, Oct 09 2012 @ 17:24 CEST by Thomas De Maesschalck
SC Magazine writes security researchers discovered a law that could allow every device operating on 3G networks to be tracked with cheap commercial off-the-shelf technology: