Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Weaknesses in the technology that allows smartphone users to pinpoint themselves on a map, or check into restaurants and bars using apps such as Foursquare, could allow those users to be tracked remotely.

Ralf-Philipp Weimann, a researcher at the University of Luxembourg, reported this finding at the Black Hat computer security conference in Las Vegas yesterday. He believes that the complex mechanism by which phones get location fixes likely also hides vulnerabilities that could allow the mechanism to be used to install and run malicious code on the device.

Smartphones do not use GPS satellites alone to determine their location, because doing so accurately requires complex calculations based on signals collected from four orbiting satellites, a process that takes as long as 12 minutes. Instead, they use assisted GPS (A-GPS), in which a cellular network supplies an approximate location to simplify and speed up the necessary GPS calculations. A-GPS also allows a device to ask the mobile network to do the work and send back the exact location fix once it’s finished.

Weimann discovered that the messages that pass between a phone and its network during this process aren’t exchanged over a secure connection, but rather over a non-secure Internet link. That makes it possible to trick a phone into swapping A-GPS messages with an attacker instead, Weimann realized, and to have that attacker know the result of every location fix wherever the phone goes.

Using this method, a malicious Wi-Fi network could instruct phones to relay back all future requests for A-GPS help and to report all location fixes, even after the phone goes out of range. “If you just turn it on once and connect to that one network, you can be tracked any time you try to do a GPS lock,” said Weimann. “This is rather nasty.”

Weimann demonstrated the vulnerability on a variety of Android handsets and said that handset manufacturers haven’t bothered to implement technologies that could prevent such attacks. The problem is solvable, though, and Weimann said it will likely be addressed in future versions of software from mobile-device manufacturers. “I wouldn’t count on it until you buy the next-gen device.”

Weimann also presented work showing how A-GPS messages could be used for seriously compromising attacks. He showed that many smartphones process these messages on their main processor, not the GPS chip or the radio chip dedicated to communicating with the cellular network. This means the messages could potentially be used to trigger crashes that would allow the device to be taken over remotely, said Weimann, who added that he has identified some candidate bugs already.

Other experts at the conference said that the kind of attack Weimann demonstrated could convince professional malware developers to take mobile devices more seriously as lucrative targets. Today, it is not easy to infect many users with a malicious app, explained Vincenzo Iozzo, of the information-security company Trail of Bits, who is a member of Black Hat’s advisory board. “What’s interesting is to find the venues where an attacker can gain additional scale and profit,” he said. “This attack actually allows them to reach a huge number of targets without being close to them.”

It is still early days, Iozzo said, but there’s cause for concern. “Exploitation for the time being is not going to be a big problem in mobile, but mobiles are more complex compared to desktops and so offer more places to explore.”

0 comments about this story. Start the discussion »

Tagged: Web, smartphones, GPS, Black Hat

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me