Mobile | Electronic Tracking | Cloning | Server-Resident Data
Electronic Tracking
Several companies offer location tracking services for registered cell phones to allow the whereabouts of the user to be known by friends and family. It is also touted as a means to track employees’ whereabouts.To locate a phone it is not required an active call, but it must emit a roaming signal to contact the next nearby antenna tower.
Registration can take place quickly, making temporary misplaced devices or unattended devices a possible target. Some tracking services periodically send the phone a notification for the user that monitoring is taking place, and may give the user the option to terminate the service. Other services provide no notification or indication of monitoring to the user, once registration is complete.
Radio isolation bags exist, which contain metallic fibers that essentially create a Faraday cage to block radio frequencies and prevent tracking. However, they completely prevent normal use of the phone (e.g., incoming calls) and cause the battery to drain rapidly, since the phone boosts its signal in an attempt to register with a tower.
At least one early tracking service was shown to be vulnerable to the possibility of surreptitiously registering someone else’s phone for tracking without having possession of the device .
For example, if the scheme to complete the registration of a phone requires a positive acknowledgment from the device as confirmation, such as an SMS message reply with an authenticator code, but uses a code value that is predictable or not unique, another means such as an online SMS gateway could be used to forge the response needed to complete registration.
Cloning
If certain unique device identifiers built into a cell phone are reprogrammed into a second cell phone, a clone is created that can masquerade as the original. For example, monitoring the radio wave transmissions of analog cell phones allowed the factory-set Electronic Serial Number (ESN) and Mobile Identification Number (MIN) from those devices to be obtained easily and used to create clones .
Though not as prevalent today with the rise of digital networks, analog networks may still exist in some rural areas. Technology used in digital cell phone networks improved security during device authentication by using cryptography to thwart device identifiers from being recovered. However, with physical access to a device, cloning of some early generation equipment is possible .
Server-Resident Data
Applications or content hosted on servers maintained by a network carrier pose the risk of exposing sensitive information. Email and other communications solutions that keep messages on a mail server operated by the service provider is a common example .
The most obvious threats are from rogue employees of the network carrier or vulnerabilities in the server’s defenses exploited by an attacker. A well-publicized incident involving the T-Mobile (a cellular telecommunications provider) account of a celebrity’s Sidekick device illustrates the problem.
The address book, photos, email messages, and voice mail of the device were maintained on a T-Mobile server for access through a Web portal. The server was able to be accessed by unauthorized users who gained access to the information and posted it elsewhere for public viewing .
Third-party data resident on servers other than those of network carriers may also be a concern. For example, unauthorized access to the data maintained at Web servers operated by cell phone tracking companies would expose the current and past whereabouts of an individual.
3 Responses to “Mobile | Electronic Tracking | Cloning | Server-Resident Data”
Very interesting article.I wait to read more about this subject
interesting post
a very good article about Mobile | Electronic Tracking | Cloning | Server-Resident Data