"By using one of the many mobile phone location tracking services aimed at businesses or concerned parents, and some trickery it is possibly to get almost anyone's mobile phone position without their agreement. All that is required is their mobile phone number, and carrier. Over the past year a number sites have popped up offering web based mobile phone tracking services. To use their services you purchase a monthly subscription or set number of credits, and enter in the targets phone number. The target then receives an SMS message asking them to confirm they consent to the tracking. After the target replies, the tracker can then request their position online and receive a street address, post code, and map of their location with an accuracy of around 250 meters. As recently publicised by The Guardian, and The Register a simple / reasonably covert attack (assuming you have physical access to the target phone) would be to just reply to the confirmation message, and delete all evidence afterwards. For the attack described as follows physical access to the device is not required significantly lowering the bar for successfully activating the tracking service. At first sight the system may seem secure due to the challenge (target receives SMS) - response (target replies to SMS) authentication method, however the required response is always the same and the SMS message from field is used to identify the target that agreed to the tracking. The problem arises since the SMS from field (similar to caller ID on a phone) is spoofable as previously reported. This obviously raises a number of privacy concerns." Comment: the predictability of those SMS authorization messages is of key concern for the security of mobile location-based services. As this attack demonstrates, one need only know the mobile number of the person to track in order to subscribe them to a tracking service without their permission. Another thing to consider is the ease with which Bluetooth-enabled mobile handsets can be hacked, which would also give an attacker the ability to tap into a mobile handset and send/receive SMS enrollment messages for location-based services tracking. A recent article from Popular Science shows how a Bluetooth adapter can be modified to access devices more than a mile away, so the supposed 30-meter limitations of Bluetooth isn't accurate depending on the antenna used by the attacker. LiveAmmo
