Researchers have made a low-cost gadget to track the precise location of smartphones using 4G/LTE by hacking Facebook and WhatsApp signals. It was earlier thought that though such attacks could be targeted against the 2G and 3G enabled smartphones and 4G/LTE enabled smartphones are immune. to such attacks Security researchers have revealed how simply contacting somebody via WhatsApp or Facebook messenger can reveal a smartphone owner’s location by exploiting a security flaw in 4G mobile networks.
According to researchers, a hacker could use the apps to discover the supposedly anonymised identifiers that are assigned to devices when they connect to a network. This can than be used to track their precise location.
4G/LTE enabled smartphones are expected to have a user base of about 1.37 billion people by the end of the year. The researchers assembled a $1,400 gadget which runs on freely available open-source software. The contraption can target 4G/LTE smartphones to leak their location to within a 32- to 64-foot (about 10 to 20 meter) radius and in some cases their GPS coordinates. The researchers said only tech savvy smartphone users can detect any intrusion made by their gadget. They also said that there exists a separate method that can track the smartphone user to a area of one square mile and is virtually impossible detect.
When a smartphone connects to a mobile network, it is assigned a temporary number called a TMSI (Temporary Mobile Subscriber Identity). The network then uses this eight-digit number to identify a device, rather than a phone number, to make communication more private.
However, a hacker monitoring radio communications could tie this TMSI to an individual by sending them a Facebook message or WhatsApp chat, both of which trigger a special “paging request” from a network that contains specific location information about a particular TMSI number.