Two months ago Check Point warned WhatsApp users after they discovered a bug that allows hackers to distribute a malware which demands victims to pay a fee to regain access to their files. Recently, a research was done and found hackers can monitor 4G mobile network to detect users’ location anonymously. The researchers revealed how it’s easy to track someone by simply contacting somebody via WhatsApp or Facebook messenger by exploiting a security flaw in 4G mobile networks.
The Finland and Germany researchers claim a hacker may use the technique to discover anonymous users assigned to devices when they connect to a network, and use them to locate their owner. Ideally, when a smartphone connects to a mobile network, it is assigned a temporary number called a TMSI (Temporary Mobile Subscriber Identity). The network then uses the number to identify a device in order to make communication more private.
A hacker monitoring radio communications can connect the assigned TMSI number to any person by sending them a Facebook message or WhatsApp chat, both of which trigger a special “paging request” from a network that contains specific location information about a particular TMSI number. So, someone using WhatsApp’s typing notification which is a feature on the chat app that displays when a contact is composing a message – also triggers the connection. If a hacker has a victim’s phone number, they could send them a message on WhatsApp, and if the victim begins to type a response, the network issues a paging request.
On the other hand, a person with a Facebook account can send a message to another Facebook user. Unless the two users are friends, this message will end up in Facebook’s Other inbox. Apparently, many people don’t know about this folder because it’s only accessible on Facebook’s desktop version. So, sending a message to another Facebook user will still trigger a paging request.
The researchers claim there are location data within the paging requests that can be used to track users’ locations on newer 4G mobile network to an area of 2km2. Older 2G and 3G networks would place a particular smartphone within a given tracking area of around 100km2, representing less of a security issue, but modern 4G networks place them in smaller cells of around 2km2, making it much easier to pinpoint a smartphone.
“We discovered that paging requests can be triggered in a new and surprising manner — via social network messaging apps. For example, if someone who is not your Facebook friend sends you an instant message, Facebook will silently put it in the “Other” folder as a spam protection mechanism (unless the spammer pays Facebook 1€!). If you have Facebook Messenger installed on your LTE smartphone, incoming messages, including those destined to the Other folder, will trigger a paging request, allowing a passive attacker to link your TMSI to your Facebook identity and track your movements. To make matters worse, we noticed that TMSIs are not changed sufficiently frequently — in one urban area TMSIs assigned by multiple mobile carriers persisted up to three days! In other words, once the attacker knows your TMSI, he can passively track your movements for up to three days.” The researchers wrote.