A group of researchers have demonstrated how locations of Facebook and WhatsApp users can be exposed by a security flaw in 4G networks.
When a user connects to a 4G network what happens is that they are assigned a special TMSI (Temporary Mobile Subscriber Identity), which is an 8 digit number.
TMSI only stores the data in relation to the device it’s connecting from. This is done to keep the user’s location hidden.
But, a hacker who is monitoring radio communications can easily access the TMSI and get to the original users.
Though, at this moment the attacker can only get to the original user profile but once he sends a message to a user from either of Facebook or WhatsApp, it will generate a “Paging request” which contain the data regarding TMSI.
Here, one clarification is necessary paging request is generated even if the user doesn’t reply to their message. Though, on WhatsApp paging request is generated when the user begins to reply back to the hackers as soon as they type the first letter, a paging request is generated.
What’s even worse is that these paging requests don’t only have the data of the user but all the users on the network within 2 square kilometers.
For researchers, this vulnerability can cause a lot of damage to user’s privacy as tracking radio communication is just one way of tracking down users. Easily available network hardware can make the process much easier for the hackers.
For professional hackers, they can even setup fake network base stations to request report from TMSI numbers. But, for requesting the TMSI number they need a network failure request.
Researchers successfully tested this phenomena and one of the smartphone’s location was successfully tracked.